new laptop and constant high physical memory usage

[coconutnut]

Hi,

i recently bought a new laptop and when i was done installing the basic stuff i.e. MBAM, MSE, office and so on, i noticed that my physical memory is constantly high. i have 4gb RAM btw.

attached is the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:09:37 PM, on 7/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
D:\Program Files (x86)\Connection Manager\Bin\mcserver.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\cmd.exe
D:\Program Files (x86)\Connection Manager\Bin\dbus-daemon.exe
D:\Program Files (x86)\Connection Manager\Bin\db_daemon.exe
D:\Program Files (x86)\Connection Manager\Bin\MainApp.exe
D:\Program Files (x86)\Connection Manager\Bin\phoneserver.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Ivan Tan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Tan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Tan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Tan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Tan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3787890334-3491960478-171379978-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3787890334-3491960478-171379978-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: MCtlSvc.lnk = D:\Program Files (x86)\Connection Manager\Bin\mcserver.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{06B39DC2-5C7E-44C0-9269-F2C965DAE48A}: NameServer = 58.71.136.10 58.71.132.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B4E40B9-D617-46DB-A795-6F21F7191F34}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{06B39DC2-5C7E-44C0-9269-F2C965DAE48A}: NameServer = 58.71.136.10 58.71.132.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10832 bytes

did a quick scan using mbam and here is the log

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

:: MYPC [administrator]

Protection: Enabled

7/30/2012 10:10:50 PM

mbam-log-2012-07-30 (22-10-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209433

Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

pls help

[Mugi]

Let me ask you, may I have your full specs? As well as do you keep programs that you are not using running?

[coconutnut]

my specs are

i7 3610QM 2.30 GHz

RAM 4.0 GB DDR3

64 bit windows ultimate

nvidia 650M 2.0 GB DDR5 overclocked

[Maurice Naggar]

@coconut

MBAM detected nothing. The HJT log does not indicate malware.

I would suggest you tweak DAEMON Tools Lite so that it does NOT start with Windows.

Otherwise, why so anxious ?

btw, HJT is not an ideal tool (since it is now outdated vis-a-vis Windows 7, etc)

It is natural for CPU or RAM usage to flux. It's only when the cpu usage stays at a very high "BUSY" percentage for a LONG time that one begins to fret.

[Mugi]

You've got a fairly good CPU and amount of RAM, try keeping anything that's not being used closed E.G. Firefox, Steam, Skype, Yahoo, MSN, anything that you see eating up a lot of RAM you should go ahead and close to keep your PC running smoothly.

[coconutnut]

it shows 40% physical memory usage even after i just started up my com. it keeps showing the same thing after restarting also

[coconutnut]

@coconut

MBAM detected nothing. The HJT log does not indicate malware.

I would suggest you tweak DAEMON Tools Lite so that it does NOT start with Windows.

Otherwise, why so anxious ?

btw, HJT is not an ideal tool (since it is now outdated vis-a-vis Windows 7, etc)

It is natural for CPU or RAM usage to flux. It's only when the cpu usage stays at a very high "BUSY" percentage for a LONG time that one begins to fret.

ok....tweaked daemon tools lite using ccleaner but still showing 40% physical mem usage...so since HJT is out of date, what would you suggest as a good indicator/HJT-like?

[Mugi]

it shows 40% physical memory usage even after i just started up my com. it keeps showing the same thing after restarting also

How much "junk" do you have running? I know some laptops you get from places like best buy have junk plastered on them for ad purposes and other stupid things and it makes them quite clogged up. Considered a fresh reinstall yet?

[coconutnut]

How much "junk" do you have running? I know some laptops you get from places like best buy have junk plastered on them for ad purposes and other stupid things and it makes them quite clogged up. Considered a fresh reinstall yet?

this is a fresh install.

[Mugi]

this is a fresh install.

Okay, please open task manager and click on the Memory tab then have it list from the highest down, I'd just like to see what is eating up all your RAM.

[Mugi]

Oh dear, I should've made myself more clear, I do apologize.

[Maurice Naggar]

[off topic] @ mugi

Why is your image so Large ? why use the image at all? It's a bit freaky to have to see so large an image. It takes up a lot of screen-real-estate. Can you do without?

Be considerate of other members.

Thanks

[Mugi]

[off topic] @ mugi

Why is your image so Large ? why use the image at all? It's a bit freaky to have to see so large an image. It takes up a lot of screen-real-estate. Can you do without?

Be considerate of other members.

Thanks

Which image? My Signature? Sure, I could remove it.

[coconutnut]

this is what i see when i open up task manager after just booting up

[Mugi]

Your physical memory usage is far from high, it's quite low actually I have 8GB DDR3 @ 669mhz and my physical memory lingers anywhere between 38% to 40% usually.

[AdvancedSetup]

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[coconutnut]

Your physical memory usage is far from high, it's quite low actually I have 8GB DDR3 @ 669mhz and my physical memory lingers anywhere between 38% to 40% usually.

lol....later it will peak ard 45%

[coconutnut]

as requested...

DDS.txt

Attach.txt

[Maurice Naggar]

@coconut

o.t. & fyi

so what if physical memory shows 45%

Mine is showing 55% at this time. so what? I have a number of apps open.

I'd suggest if you look at Task Manager, it is a good start to just look at the Performance tab.

What is the cpu usage percent ?

[coconutnut]

@coconut

o.t. & fyi

so what if physical memory shows 45%

Mine is showing 55% at this time. so what? I have a number of apps open.

I'd suggest if you look at Task Manager, it is a good start to just look at the Performance tab.

What is the cpu usage percent ?

1%....LOL

[Maurice Naggar]

Why d'you have uTorrent ?

filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

[coconutnut]

well, smart downloading makes all the difference.....i know the risks. got hit once. anyway, so nothing i should be worried about? lol

[Maurice Naggar]

Play with fire and get burned.

IE 9 has a built-in download manager.

K-Lite Mega Codec Pack 9.1.0 ??

[AdvancedSetup]

Might want to also look at tracking down and fixing the errors in your Event Logs

==== Event Viewer Messages From Past Week ========

.

7/30/2012 8:14:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.

7/30/2012 8:14:18 PM, Error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/29/2012 5:51:50 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{06B39DC2-5C7E-44C0-9269-F2C965DAE48A} because another computer on the network has the same name. The server could not start.

7/29/2012 5:44:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

7/29/2012 4:03:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2703157).

7/29/2012 4:03:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

7/29/2012 4:03:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521).

7/29/2012 4:01:14 AM, Error: Service Control Manager [7023] -

7/29/2012 3:59:28 AM, Error: Service Control Manager [7034] - The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

7/29/2012 3:57:01 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

7/29/2012 3:27:46 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

7/29/2012 10:37:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd

7/29/2012 10:37:27 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

7/29/2012 10:02:17 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63AA156-D534-4BAC-9BF1-55359CF5EC30} and APPID {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} to the user MyPC\UpdatusUser SID (S-1-5-21-3787890334-3491960478-171379978-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================

[coconutnut]

some of these are the windows update. since i was updating the com, some updates were oudated. but i am not so sure bout the rest though