Mo6152

Hello, I am not sure if this is a sign of infection or if this is because of something else. The computer that this is happening to only has 2 GB of RAM total, so when svchost.exe RAM usage goes up to 1 GB, it really slows down the entire computer. The hard disk is used after the RAM fills up, which then causes a major slowdown. The owner of the computer has told me that he saw some infections on malwarebytes and he removed them, however after looking at the history in malwarebytes, it turns out that all which was detected were a few PUPs. I ran a HIJackThis and here are the results: Below is the list of PUPs that were detected by malwarebytes and quarantined: And finally, here is an image of the tasklist /svc command ran to show what services are running under the svchost.exe processes: http://i.imgur.com/vIKqGtz.png I couldn't find anything that stood out to me so I thought I would ask here to make sure that this issue isn't caused by some type of malware. If this is not a malware issue then I will tell the person that he needs more RAM. Any help is appreciated. Thanks

Anyone?

Bump. Anyone?

Anyone?

I haven't had MalwareBytes on forever, but I recently activated the free trial and have been getting constant pop-ups informing of certain IP addresses (mostly from China) being blocked. The connection is inbound and the process used is svchost.exe Here are a few of the logs from MalwareBytes: Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Starting, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Started, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malicious Website Protection, Starting, Protection, 6/26/2014 9:56:56 PM, SYSTEM, MO, Protection, Malicious Website Protection, Started, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, (end)I'm not sure how long I've had this going on for, but everything runs normal. Any idea on what might be causing this and how I can find out what is the source? Rootkit scans via MalwareBytes Anti-Rootkit and Kaspersky TDSS both came back clean. MalwareBytes Anti-Malware also came back clean. I just want to make sure that it is nothing serious. Please let me know what further information is necessary and what the next step is. Thanks