Lsass.exe is using 3.87 GB of ram.

[pilgrim91]

 

I'm pretty sure this is not a virus, I've looked around on the net and this seems to happen to people with ESET NOD32/Smart Security I think what is happening is ESET is making a lot of authentication requests for some reason and causing this.

 

Not really sure though.

[AdvancedSetup]

Hello and
 
 
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

• When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt

• Save both reports to your desktop
• Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
• You can ignore the note about zipping the Attach.txt file.

[pilgrim91]

DDS.txt: 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer:   BrowserJavaVersion: 10.25.2Run by Admin at 3:34:08 on 2013-08-25Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8109.1937 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\Sandboxie\SbieSvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\atieclxx.exeC:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Windows\system32\imdsksvc.exeC:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files\Logitech\G-series Software\LGDCore.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Sandboxie\SbieCtrl.exeC:\Program Files (x86)\Dolby Home Theater v4\pcee4.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exeC:\Advanced Wheel Mouse\wh_exec.exeC:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exeC:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exeC:\Program Files (x86)\Browny02\Brother\BrStMonW.exeC:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Browny02\BrYNSvc.exeC:\Program Files (x86)\ControlCenter4\BrCcUxSys.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exeC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exeC:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\SysWOW64\vmnat.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Windows\System32\msdtc.exeC:\Program Files\DebugDiag\DbgSvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Users\Admin\AppData\Local\Temp\nsg5C9E.tmp\PEV.DATC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dllBHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startupuRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostartmRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startmRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"mRun: [WheelMouse] C:\ADVANC~1\wh_exec.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exemRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exemRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorunmRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUNmRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllLSP: %windir%\system32\vsocklib.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains.   If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.77.1TCP: Interfaces\{38CCC5BA-338D-4ABF-A66F-522E4362ED34} : DHCPNameServer = 192.168.77.1AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEx64-Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe.INFO: x64-HKLM has more than 50 listed domains.   If you wish to scan all of them, select the 'Force scan all domains' option..x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1	www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-11-27 647736]R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-27 28216]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-24 70296]R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2012-11-27 29672]R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-11-27 32360]R1 VirtDiskBus;3TB+ Unlock;C:\Windows\System32\drivers\VirtDiskBus64.sys [2012-11-27 66160]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]R2 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2011-7-12 451848]R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-11-26 57344]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-26 14904]R2 ImDisk;ImDisk Virtual Disk Driver;C:\Windows\System32\drivers\imdisk.sys [2012-11-27 39464]R2 ImDskSvc;ImDisk Virtual Disk Driver Helper;C:\Windows\System32\imdsksvc.exe [2012-11-27 11776]R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2010-9-15 34304]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-11-26 27136]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-15 1153368]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-11-26 114688]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-26 266240]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2010-9-15 21504]R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-26 535656]R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-11-27 66336]R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\System32\drivers\whfltr2k.sys [2012-11-26 10368]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 AWEAlloc;AWE Memory Allocation Driver;C:\Windows\System32\drivers\awealloc.sys [2012-11-27 18456]S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-11-27 25640]S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-26 30528]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-26 19456]S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-11-26 58472]S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-11-26 24064]S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-11-26 58472]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-26 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-26 30208]S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-11-26 24064]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-26 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-8-22 86768].=============== Created Last 30 ================.2013-08-25 06:05:15	9515512	-c--a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06EE0556-14DE-48CD-9154-6C22DD8CD551}\mpengine.dll2013-08-25 06:00:03	--------	dc----w-	C:\Program Files\DebugDiag2013-08-24 16:15:07	--------	dc----w-	C:\Users\Admin\jagexcache2013-08-24 16:14:50	--------	dc----w-	C:\Users\Admin\AppData\Roaming\RSBot2013-08-24 15:24:19	238352	-c--a-w-	C:\Windows\System32\drivers\VBoxDrv.sys2013-08-24 15:24:17	120080	-c--a-w-	C:\Windows\System32\drivers\VBoxUSBMon.sys2013-08-24 15:22:39	70296	-c--a-w-	C:\Windows\System32\drivers\vsock.sys2013-08-24 15:22:39	67224	-c--a-w-	C:\Windows\System32\vsocklib.dll2013-08-24 15:22:39	63128	-c--a-w-	C:\Windows\SysWow64\vsocklib.dll2013-08-24 15:22:37	67664	-c--a-w-	C:\Windows\System32\drivers\vmx86.sys2013-08-24 15:22:37	33360	-c--a-w-	C:\Windows\System32\drivers\VMkbd.sys2013-08-24 15:21:58	357456	-c--a-w-	C:\Windows\SysWow64\vmnetdhcp.exe2013-08-24 15:21:54	436304	-c--a-w-	C:\Windows\SysWow64\vmnat.exe2013-08-24 15:21:54	30800	-c--a-w-	C:\Windows\System32\drivers\vmnetuserif.sys2013-08-24 15:21:51	933968	-c--a-w-	C:\Windows\System32\vnetlib64.dll2013-08-24 15:21:49	52376	-c--a-w-	C:\Windows\System32\drivers\hcmon.sys2013-08-24 15:21:42	--------	dc----w-	C:\Program Files\Common Files\VMware2013-08-24 15:21:26	--------	dc----w-	C:\Program Files (x86)\VMware2013-08-24 15:21:26	--------	dc----w-	C:\Program Files (x86)\Common Files\VMware2013-08-24 06:33:54	9515512	-c--a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-08-23 01:03:12	86768	-c--a-w-	C:\Windows\System32\drivers\RAMDiskVE.sys2013-08-23 01:03:06	--------	dc----w-	C:\Users\Admin\AppData\Local\Dataram_Corporation2013-08-23 01:03:04	--------	dc----w-	C:\Program Files (x86)\Radeon RAMDisk2013-08-22 18:01:34	941720	-c----w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A21F740-4FEB-48C9-B5AC-92F95752E02E}\gapaengine.dll2013-08-19 23:56:18	108968	-c--a-w-	C:\Windows\System32\WindowsAccessBridge-64.dll2013-08-19 19:39:19	96168	-c--a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-08-19 19:37:26	--------	dc----w-	C:\Users\Admin\AppData\Roaming\.minecraft.==================== Find3M  ====================.2013-08-24 06:28:12	25640	-c--a-w-	C:\Windows\gdrv.sys2013-08-19 23:56:13	972712	-c--a-w-	C:\Windows\System32\deployJava1.dll2013-08-19 23:56:13	1093032	-c--a-w-	C:\Windows\System32\npDeployJava1.dll2013-08-19 19:39:14	867240	-c--a-w-	C:\Windows\SysWow64\npDeployJava1.dll2013-08-19 19:39:14	789416	-c--a-w-	C:\Windows\SysWow64\deployJava1.dll2013-08-14 11:25:27	224256	----a-w-	C:\Windows\System32\wintrust.dll2013-08-14 11:25:27	184320	----a-w-	C:\Windows\System32\cryptsvc.dll2013-08-14 11:25:27	175104	----a-w-	C:\Windows\SysWow64\wintrust.dll2013-08-14 11:25:27	1472512	----a-w-	C:\Windows\System32\crypt32.dll2013-08-14 11:25:27	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll2013-08-14 11:25:27	139776	----a-w-	C:\Windows\System32\cryptnet.dll2013-08-14 11:25:27	1166848	----a-w-	C:\Windows\SysWow64\crypt32.dll2013-08-14 11:25:27	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll2013-08-14 11:25:18	2048	----a-w-	C:\Windows\SysWow64\tzres.dll2013-08-14 11:25:18	2048	----a-w-	C:\Windows\System32\tzres.dll2013-08-14 11:23:22	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL2013-08-14 11:23:22	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL2013-08-14 11:23:20	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll2013-08-14 11:23:20	1217024	----a-w-	C:\Windows\System32\rpcrt4.dll2013-07-10 15:34:59	624128	----a-w-	C:\Windows\System32\qedit.dll2013-07-10 15:34:59	509440	----a-w-	C:\Windows\SysWow64\qedit.dll2013-07-10 15:32:39	3153920	----a-w-	C:\Windows\System32\win32k.sys2013-07-10 15:32:15	1643520	----a-w-	C:\Windows\System32\DWrite.dll2013-07-10 15:32:15	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll2013-07-04 19:57:00	146704	-c--a-w-	C:\Windows\System32\drivers\VBoxNetFlt.sys2013-07-04 19:57:00	131856	-c--a-w-	C:\Windows\System32\drivers\VBoxNetAdp.sys2013-07-04 19:56:58	204048	-c--a-w-	C:\Windows\System32\SET1447.tmp2013-06-19 01:50:08	247216	-c--a-w-	C:\Windows\System32\drivers\MpFilter.sys2013-06-19 01:50:08	139616	-c--a-w-	C:\Windows\System32\drivers\NisDrvWFP.sys2013-06-11 18:53:59	751104	----a-w-	C:\Windows\System32\win32spl.dll2013-06-11 18:53:59	492544	----a-w-	C:\Windows\SysWow64\win32spl.dll2013-06-11 18:53:57	30720	----a-w-	C:\Windows\System32\cryptdlg.dll2013-06-11 18:53:57	24576	----a-w-	C:\Windows\SysWow64\cryptdlg.dll2013-06-11 18:53:53	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll2013-06-11 18:53:53	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll2013-06-11 18:53:50	903168	----a-w-	C:\Windows\SysWow64\certutil.exe2013-06-11 18:53:50	52224	----a-w-	C:\Windows\System32\certenc.dll2013-06-11 18:53:50	43008	----a-w-	C:\Windows\SysWow64\certenc.dll2013-06-11 18:53:50	1192448	----a-w-	C:\Windows\System32\certutil.exe2013-06-11 18:53:45	1887232	----a-w-	C:\Windows\System32\d3d11.dll2013-06-11 18:53:45	1505280	----a-w-	C:\Windows\SysWow64\d3d11.dll.============= FINISH:  3:34:21.55 ===============

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 11/26/2012 8:28:54 PMSystem Uptime: 8/24/2013 2:28:02 AM (25 hours ago).Motherboard: Gigabyte Technology Co., Ltd. |  | Z68XP-UD3PProcessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 75.653 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is RemovableI: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000Manufacturer: Name: PNP Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000Service: .==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.@BIOSµTorrent3TB+Unlock B11.0919.17-Zip 9.30 (x64 edition)Adobe Reader XI (11.0.03)Adobe Shockwave Player 11.6Advanced Wheel Mouse 6.0.0.010AMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD Media Foundation DecodersASUS E-Green UninstallAutoGreen B10.1021.1BlenderBrother MFL-Pro Suite MFC-J4410DWCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCheat Engine 6.2CyberLink Media Suite 9CyberLink MediaEspressoCyberLink PowerDVD 9DAEMON Tools LiteDebug Diagnostics 1.2DES 2.0DMIView B8.0717.01Dolby Home Theater v4E-HammerEasy Tune 6 B11.0823.1ESET Smart SecurityEtron USB3.0 Host ControllerEZ Smart Response B11.0714.01Face_Wizard B10.1230.01Google ChromeGoogle Update HelperGTK Slash'EM 0.0.7E7F3GTK2-RuntimeHWiNFO64 Version 4.08ImDisk Virtual Disk DriverImgBurnIntel Extreme Tuning Utility 2.1.408.41Intel(R) Control CenterIntel(R) Management Engine ComponentsIntel(R) Processor GraphicsIntel(R) Rapid Storage TechnologyIntel(R) SDK for OpenCL - CPU Only Runtime PackageIntel(R) SMBusIntel® Watchdog Timer Driver (Intel® WDT)Java 7 Update 25Java 7 Update 25 (64-bit)Java Auto UpdaterK-Lite Codec Pack 9.5.0 (64-bit)K-Lite Mega Codec Pack 9.5.0LanOptimizerLogitech G-series Keyboard SoftwareMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219Mount&Blade WarbandMount&Blade With Fire and SwordMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2758694)Nero 10 Movie ThemePack BasicNero BurnRights 10Nero BurnRights 10 Help (CHM)Nero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero CoverDesigner 10Nero CoverDesigner 10 Help (CHM)Nero DiscSpeed 10Nero DiscSpeed 10 Help (CHM)Nero Express 10Nero Express 10 Help (CHM)Nero InfoTool 10Nero InfoTool 10 Help (CHM)Nero Kwik Media Help (CHM)Nero Multimedia Suite 10 EssentialsNero StartSmart 10Nero StartSmart 10 Help (CHM)Nero UpdateNotepad++Nuance PaperPort 12Nuance PDF Viewer PlusNVIDIA PhysXOracle VM VirtualBox 4.2.16Paint.NET v3.5.10PaperPort Image Printer 64-bitQ-Share Ver.1.2Radeon RAMDiskRealtek Ethernet Controller DriverRealtek Ethernet Diagnostic UtilityRealtek HDMI Audio Driver for ATIRealtek High Definition Audio DriverRecuvaSandboxie 4.04 (64-bit)Scansoft PDF ProfessionalSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Slash'EM 0.0.7E7F3Smart 6 B11.0824.1Spybot - Search & DestroySteamswMSMSystem Requirements Lab for IntelTouchBIOS B11.1201.1Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update Manager B10.0728.1VIRTU 1.2.112VMware PlayerWorld of TanksXHD2 B12.0509.01.==== Event Viewer Messages From Past Week ========.8/25/2013 2:22:59 AM, Error: Schannel [36870]  - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.8/24/2013 8:12:52 PM, Error: Schannel [36887]  - The following fatal alert was received: 48.8/24/2013 12:15:04 PM, Error: Schannel [36887]  - The following fatal alert was received: 46.8/23/2013 12:31:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffffa810af061b0, 0x0000000000000000, 0xfffff80003253bc9, 0x0000000000000005). A dump was saved in: C:\Windows\Minidump\082313-12370-01.dmp. Report Id: 082313-12370-01.8/22/2013 9:22:59 PM, Error: RAMDiskVE [10]  - Message: Failed to allocate requested disk memory..==== End Of File ===========================

[AdvancedSetup]

Is this a VMware virtual machine?

[pilgrim91]

No I wasn't running any virtual machines. This was my primary OS.

[pilgrim91]

This only happpens after a long time. Such as a full day or longer. At bootup the computer only uses a bit over 2GB total. And then it just gradually increases to that.

[sorry for double post. Don't know how to edit my post (there doesn't seem to be the option).]

[AdvancedSetup]

Due to system abuse from others we've had to set a 100 post limit before you can edit your posts.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

[pilgrim91]

I ran a disk check and after booting again a windows startup repair ran and now all is well. It seems to have been a error in one of the chunks somewhere maybe in the windows folder? Well thanks for the help!

[AdvancedSetup]

Okay, great - glad you got things working well again and thank you for the follow-up post.

 

Take care.