Jump to content


Photo

Lsass.exe is using 3.87 GB of ram.


  • Please log in to reply
8 replies to this topic

#1 pilgrim91

pilgrim91

    New Member

  • Members
  • Pip
  • 5 posts

Posted 25 August 2013 - 01:29 AM

45XQpno.jpg

 

I'm pretty sure this is not a virus, I've looked around on the net and this seems to happen to people with ESET NOD32/Smart Security I think what is happening is ESET is making a lot of authentication requests for some reason and causing this.

 

Not really sure though.



#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,284 posts
  • Gender:Male
  • Location:US

Posted 25 August 2013 - 01:39 AM

Hello and :welcome:
 
 
Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#3 pilgrim91

pilgrim91

    New Member

  • Members
  • Pip
  • 5 posts

Posted 25 August 2013 - 02:36 AM

DDS.txt: 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.25.2
Run by Admin at 3:34:08 on 2013-08-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8109.1937 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\imdsksvc.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\DebugDiag\DbgSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\Admin\AppData\Local\Temp\nsg5C9E.tmp\PEV.DAT
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [WheelMouse] C:\ADVANC~1\wh_exec.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.77.1
TCP: Interfaces\{38CCC5BA-338D-4ABF-A66F-522E4362ED34} : DHCPNameServer = 192.168.77.1
AppInit_DLLs= C:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - 
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1	www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-11-27 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-11-27 28216]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-24 70296]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2012-11-27 29672]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2012-11-27 32360]
R1 VirtDiskBus;3TB+ Unlock;C:\Windows\System32\drivers\VirtDiskBus64.sys [2012-11-27 66160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 DbgSvc;Debug Diagnostic Service;C:\Program Files\DebugDiag\DbgSvc.exe [2011-7-12 451848]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-11-26 57344]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-26 14904]
R2 ImDisk;ImDisk Virtual Disk Driver;C:\Windows\System32\drivers\imdisk.sys [2012-11-27 39464]
R2 ImDskSvc;ImDisk Virtual Disk Driver Helper;C:\Windows\System32\imdsksvc.exe [2012-11-27 11776]
R2 IOCBIOS;IOCBIOS;C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\iOCbios.sys [2010-9-15 34304]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-2 145256]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2012-11-26 27136]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-15 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-11-26 114688]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 XTUService;Intel(R) Extreme Tuning Utility;C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-11-24 21768]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-4-26 266240]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-18 26136]
R3 ICTDrv;ICTDrv;C:\Windows\System32\drivers\ICTDrv.sys [2010-9-15 21504]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-19 342528]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-26 535656]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2012-11-27 66336]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\System32\drivers\whfltr2k.sys [2012-11-26 10368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AWEAlloc;AWE Memory Allocation Driver;C:\Windows\System32\drivers\awealloc.sys [2012-11-27 18456]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-11-27 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-11-26 30528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-26 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-11-26 58472]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-11-26 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2012-11-26 58472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-26 30208]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2012-11-26 24064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-8-22 86768]
.
=============== Created Last 30 ================
.
2013-08-25 06:05:15	9515512	-c--a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06EE0556-14DE-48CD-9154-6C22DD8CD551}\mpengine.dll
2013-08-25 06:00:03	--------	dc----w-	C:\Program Files\DebugDiag
2013-08-24 16:15:07	--------	dc----w-	C:\Users\Admin\jagexcache
2013-08-24 16:14:50	--------	dc----w-	C:\Users\Admin\AppData\Roaming\RSBot
2013-08-24 15:24:19	238352	-c--a-w-	C:\Windows\System32\drivers\VBoxDrv.sys
2013-08-24 15:24:17	120080	-c--a-w-	C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-08-24 15:22:39	70296	-c--a-w-	C:\Windows\System32\drivers\vsock.sys
2013-08-24 15:22:39	67224	-c--a-w-	C:\Windows\System32\vsocklib.dll
2013-08-24 15:22:39	63128	-c--a-w-	C:\Windows\SysWow64\vsocklib.dll
2013-08-24 15:22:37	67664	-c--a-w-	C:\Windows\System32\drivers\vmx86.sys
2013-08-24 15:22:37	33360	-c--a-w-	C:\Windows\System32\drivers\VMkbd.sys
2013-08-24 15:21:58	357456	-c--a-w-	C:\Windows\SysWow64\vmnetdhcp.exe
2013-08-24 15:21:54	436304	-c--a-w-	C:\Windows\SysWow64\vmnat.exe
2013-08-24 15:21:54	30800	-c--a-w-	C:\Windows\System32\drivers\vmnetuserif.sys
2013-08-24 15:21:51	933968	-c--a-w-	C:\Windows\System32\vnetlib64.dll
2013-08-24 15:21:49	52376	-c--a-w-	C:\Windows\System32\drivers\hcmon.sys
2013-08-24 15:21:42	--------	dc----w-	C:\Program Files\Common Files\VMware
2013-08-24 15:21:26	--------	dc----w-	C:\Program Files (x86)\VMware
2013-08-24 15:21:26	--------	dc----w-	C:\Program Files (x86)\Common Files\VMware
2013-08-24 06:33:54	9515512	-c--a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 01:03:12	86768	-c--a-w-	C:\Windows\System32\drivers\RAMDiskVE.sys
2013-08-23 01:03:06	--------	dc----w-	C:\Users\Admin\AppData\Local\Dataram_Corporation
2013-08-23 01:03:04	--------	dc----w-	C:\Program Files (x86)\Radeon RAMDisk
2013-08-22 18:01:34	941720	-c----w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A21F740-4FEB-48C9-B5AC-92F95752E02E}\gapaengine.dll
2013-08-19 23:56:18	108968	-c--a-w-	C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-19 19:39:19	96168	-c--a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-19 19:37:26	--------	dc----w-	C:\Users\Admin\AppData\Roaming\.minecraft
.
==================== Find3M  ====================
.
2013-08-24 06:28:12	25640	-c--a-w-	C:\Windows\gdrv.sys
2013-08-19 23:56:13	972712	-c--a-w-	C:\Windows\System32\deployJava1.dll
2013-08-19 23:56:13	1093032	-c--a-w-	C:\Windows\System32\npDeployJava1.dll
2013-08-19 19:39:14	867240	-c--a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-08-19 19:39:14	789416	-c--a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-08-14 11:25:27	224256	----a-w-	C:\Windows\System32\wintrust.dll
2013-08-14 11:25:27	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-08-14 11:25:27	175104	----a-w-	C:\Windows\SysWow64\wintrust.dll
2013-08-14 11:25:27	1472512	----a-w-	C:\Windows\System32\crypt32.dll
2013-08-14 11:25:27	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 11:25:27	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-08-14 11:25:27	1166848	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-08-14 11:25:27	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-08-14 11:25:18	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2013-08-14 11:25:18	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-08-14 11:23:22	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-08-14 11:23:22	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 11:23:20	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 11:23:20	1217024	----a-w-	C:\Windows\System32\rpcrt4.dll
2013-07-10 15:34:59	624128	----a-w-	C:\Windows\System32\qedit.dll
2013-07-10 15:34:59	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
2013-07-10 15:32:39	3153920	----a-w-	C:\Windows\System32\win32k.sys
2013-07-10 15:32:15	1643520	----a-w-	C:\Windows\System32\DWrite.dll
2013-07-10 15:32:15	1247744	----a-w-	C:\Windows\SysWow64\DWrite.dll
2013-07-04 19:57:00	146704	-c--a-w-	C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-07-04 19:57:00	131856	-c--a-w-	C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-07-04 19:56:58	204048	-c--a-w-	C:\Windows\System32\SET1447.tmp
2013-06-19 01:50:08	247216	-c--a-w-	C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08	139616	-c--a-w-	C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-11 18:53:59	751104	----a-w-	C:\Windows\System32\win32spl.dll
2013-06-11 18:53:59	492544	----a-w-	C:\Windows\SysWow64\win32spl.dll
2013-06-11 18:53:57	30720	----a-w-	C:\Windows\System32\cryptdlg.dll
2013-06-11 18:53:57	24576	----a-w-	C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 18:53:53	1424384	----a-w-	C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:53:53	1230336	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-11 18:53:50	903168	----a-w-	C:\Windows\SysWow64\certutil.exe
2013-06-11 18:53:50	52224	----a-w-	C:\Windows\System32\certenc.dll
2013-06-11 18:53:50	43008	----a-w-	C:\Windows\SysWow64\certenc.dll
2013-06-11 18:53:50	1192448	----a-w-	C:\Windows\System32\certutil.exe
2013-06-11 18:53:45	1887232	----a-w-	C:\Windows\System32\d3d11.dll
2013-06-11 18:53:45	1505280	----a-w-	C:\Windows\SysWow64\d3d11.dll
.
============= FINISH:  3:34:21.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2012 8:28:54 PM
System Uptime: 8/24/2013 2:28:02 AM (25 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z68XP-UD3P
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 75.653 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000
Manufacturer: 
Name: 
PNP Device ID: ROOT\DATARAM_RAMDISK_DEVICES\0000
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
@BIOS
µTorrent
3TB+Unlock B11.0919.1
7-Zip 9.30 (x64 edition)
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.6
Advanced Wheel Mouse 6.0.0.010
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ASUS E-Green Uninstall
AutoGreen B10.1021.1
Blender
Brother MFL-Pro Suite MFC-J4410DW
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.2
CyberLink Media Suite 9
CyberLink MediaEspresso
CyberLink PowerDVD 9
DAEMON Tools Lite
Debug Diagnostics 1.2
DES 2.0
DMIView B8.0717.01
Dolby Home Theater v4
E-Hammer
Easy Tune 6 B11.0823.1
ESET Smart Security
Etron USB3.0 Host Controller
EZ Smart Response B11.0714.01
Face_Wizard B10.1230.01
Google Chrome
Google Update Helper
GTK Slash'EM 0.0.7E7F3
GTK2-Runtime
HWiNFO64 Version 4.08
ImDisk Virtual Disk Driver
ImgBurn
Intel Extreme Tuning Utility 2.1.408.41
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) SMBus
Intel® Watchdog Timer Driver (Intel® WDT)
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
K-Lite Codec Pack 9.5.0 (64-bit)
K-Lite Mega Codec Pack 9.5.0
LanOptimizer
Logitech G-series Keyboard Software
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mount&Blade Warband
Mount&Blade With Fire and Sword
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Notepad++
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA PhysX
Oracle VM VirtualBox 4.2.16
Paint.NET v3.5.10
PaperPort Image Printer 64-bit
Q-Share Ver.1.2
Radeon RAMDisk
Realtek Ethernet Controller Driver
Realtek Ethernet Diagnostic Utility
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Recuva
Sandboxie 4.04 (64-bit)
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Slash'EM 0.0.7E7F3
Smart 6 B11.0824.1
Spybot - Search & Destroy
Steam
swMSM
System Requirements Lab for Intel
TouchBIOS B11.1201.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Manager B10.0728.1
VIRTU 1.2.112
VMware Player
World of Tanks
XHD2 B12.0509.01
.
==== Event Viewer Messages From Past Week ========
.
8/25/2013 2:22:59 AM, Error: Schannel [36870]  - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
8/24/2013 8:12:52 PM, Error: Schannel [36887]  - The following fatal alert was received: 48.
8/24/2013 12:15:04 PM, Error: Schannel [36887]  - The following fatal alert was received: 46.
8/23/2013 12:31:25 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffffa810af061b0, 0x0000000000000000, 0xfffff80003253bc9, 0x0000000000000005). A dump was saved in: C:\Windows\Minidump\082313-12370-01.dmp. Report Id: 082313-12370-01.
8/22/2013 9:22:59 PM, Error: RAMDiskVE [10]  - Message: Failed to allocate requested disk memory.
.
==== End Of File ===========================



#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,284 posts
  • Gender:Male
  • Location:US

Posted 25 August 2013 - 02:07 PM

Is this a VMware virtual machine?


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 pilgrim91

pilgrim91

    New Member

  • Members
  • Pip
  • 5 posts

Posted 26 August 2013 - 05:38 PM

No I wasn't running any virtual machines. This was my primary OS.

#6 pilgrim91

pilgrim91

    New Member

  • Members
  • Pip
  • 5 posts

Posted 26 August 2013 - 05:42 PM

This only happpens after a long time. Such as a full day or longer. At bootup the computer only uses a bit over 2GB total. And then it just gradually increases to that. [Sorry for double post. Don't know how to edit my post (there doesn't seem to be the option).]

#7 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,284 posts
  • Gender:Male
  • Location:US

Posted 26 August 2013 - 08:06 PM

Due to system abuse from others we've had to set a 100 post limit before you can edit your posts.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#8 pilgrim91

pilgrim91

    New Member

  • Members
  • Pip
  • 5 posts

Posted 30 August 2013 - 02:49 AM

I ran a disk check and after booting again a windows startup repair ran and now all is well. It seems to have been a error in one of the chunks somewhere maybe in the windows folder? Well thanks for the help!



#9 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,284 posts
  • Gender:Male
  • Location:US

Posted 30 August 2013 - 03:38 AM

Okay, great - glad you got things working well again and thank you for the follow-up post.

 

Take care.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users