Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 - Out of Memory and Screen change


  • This topic is locked This topic is locked
29 replies to this topic

#1 gjbnc

gjbnc

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 08 November 2012 - 11:45 AM

My 3 year old Win 7 Dell XPS box recently (few months) started consuming all RAM resources and changing the screen resolution to less than VGA.

A typical scenario would be to shut down the computer, power back up, login and walk away. In the morning, the memory usage goes from the 2GB when I walked away to almost 7 of the 8 GB of physical memory. The screen resolution is also changed to about 640 x 480. There are also several messages such as "Your computer is low on memory"

I cannot use the OS to restart and must do a hard power down. Then, when powered up I must execute the ScanDisk utility because of the shutdown.

I run McAfee SecurityCenter and it does not identify any threats.

What diagnostics can I do to identify the reasons for these issues?

I ran DDS and have included its output here:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by gerald at 23:30:32 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.5774 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120621232736.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\gerald\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CONNEC~1.LNK - C:\Users\gerald\My Programs\AutoBack\Connect2All.bat
StartupFolder: C:\Users\gerald\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIRECT~1.LNK - C:\Program Files\GPSoftware\Directory Opus\dopus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRANSF~1.LNK - C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{3EB70329-2B70-4048-B27B-DEA86D6F6D7A} : DHCPNameServer = 192.168.33.50
TCP: Interfaces\{3EB70329-2B70-4048-B27B-DEA86D6F6D7A}\833333C62647D223D253 : DHCPNameServer = 192.168.33.50
TCP: Interfaces\{9A424C79-90D7-43DE-9508-06DCDB4E6E1D} : NameServer = 192.168.33.50,8.8.8.8
TCP: Interfaces\{B591536C-01F3-46AB-8C87-C99FE76B4306} : NameServer = 192.168.3.5,192.168.3.7
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120621232736.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.6.2.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/x64/ractrl.cab?lmi=928
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
Hosts: 192.168.2.11 DS411P_8TB
Hosts: 192.168.2.10 WDSSB4
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-13 335784]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-28 55952]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2012-3-8 27120]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2012-3-8 19952]
R0 SysCow;SysCow;C:\Windows\System32\drivers\syscowad64v.sys [2010-5-23 164848]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2012-3-8 27632]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2011-2-9 457200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-28 203776]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2011-7-15 21488]
R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-28 13336]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-7-1 72216]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-3-28 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-3-28 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-3-28 177144]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-3-28 116752]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-13 69672]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2011-3-28 1705600]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-28 317440]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-3-28 406056]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-13 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-13 513456]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-7-13 340976]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-8 35840]
S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-3 196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-28 158976]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-4-30 30232]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2011-4-5 67864]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-3-28 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-13 106112]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-3-18 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-7-13 1095664]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-29 59392]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736]
S4 BOTService;BOTService;C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-7-14 211440]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-5 201304]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-05 21:41:07 -------- d-----w- C:\Users\gerald\AppData\Roaming\Malwarebytes
2012-11-05 21:40:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-05 21:40:51 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-05 21:40:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-11 18:57:49 -------- d-----w- C:\Users\gerald\AppData\Roaming\Canon_Inc_IC
2012-10-11 18:57:43 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2012-10-11 18:56:51 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2012-10-11 18:48:44 -------- d-----w- C:\Program Files (x86)\PIXELA
2012-10-11 02:40:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-11 02:40:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-11 02:40:41 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-11 02:40:41 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-11 02:40:41 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-11 02:40:41 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 08:45:19 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 08:45:13 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 08:45:12 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 08:44:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 08:44:55 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 08:43:15 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 08:43:15 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
==================== Find3M ====================
.
2012-11-09 03:52:52 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-11-09 03:52:52 83880 ----a-w- C:\Windows\System32\LMIinit.dll
2012-10-09 11:49:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:49:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 23:31:15.51 ===============

Edited by hamluis, 09 November 2012 - 10:51 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 10 November 2012 - 07:54 AM

Hello gjbnc,

Welcome to the forum.

This looks a challenging issue. Not sure if it is malware related, but we check everything.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 10 November 2012 - 11:29 AM

Thanks for the assistance.


Update on problem:
Power down. Wait 10 seconds. Power up. Walk away w/o logging on. Next day - 4GTB of memory used when first logged in (normally 2GB)


FRST.txt - 11/10/2012

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2012 02
Ran by SYSTEM at 10-11-2012 10:21:50
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-01-11] (LogMeIn, Inc.)
HKLM\...\Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" [2004584 2012-06-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-11-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [293360 2011-07-13] (Rovi Corporation)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [506352 2011-06-12] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273528 2011-10-26] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe" [84464 2011-07-08] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\gerald\...\Run: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [x]
HKU\gerald\...\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk [347832 2012-09-19] (GP Software)
HKU\gerald\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\jerry\...\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk [347832 2012-09-19] (GP Software)
HKLM-x32\...\Runonce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [x]
Tcpip\..\Interfaces\{9A424C79-90D7-43DE-9508-06DCDB4E6E1D}: [NameServer]192.168.33.50,8.8.8.8
Tcpip\..\Interfaces\{B591536C-01F3-46AB-8C87-C99FE76B4306}: [NameServer]192.168.3.5,192.168.3.7
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Transfer Utility Camera Monitor.lnk
ShortcutTarget: Transfer Utility Camera Monitor.lnk -> C:\Program Files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\Users\gerald\Start Menu\Programs\Startup\Connect2AllNetDrives.lnk
ShortcutTarget: Connect2AllNetDrives.lnk -> (No File)
Startup: C:\Users\gerald\Start Menu\Programs\Startup\Directory Opus (Startup).lnk
ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software)

==================== Services (Whitelisted) ===================

2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
2 BOT4Service; "C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe" [21488 2011-07-15] ()
4 BOTService; "C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe" [211440 2011-07-14] (Rovi Corporation)
2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
3 fussvc; "C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe" [139776 2012-07-25] (Microsoft Corporation)
2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375728 2012-11-08] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147888 2012-07-11] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-01-11] (LogMeIn, Inc.)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 RoxMediaDB13; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe" [1095664 2011-07-13] (Rovi Corporation)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe" [340976 2011-07-13] (Rovi Corporation)
3 Te.Service; "C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe" [126976 2012-07-25] (Microsoft Corporation)
4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
3 CXPLRCAP; C:\Windows\System32\Drivers\CXPLRCAP.sys [235904 2010-01-06] (Conexant Systems, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-01-11] (LogMeIn, Inc.)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-04-30] ()
3 lvsels64; C:\Windows\System32\Drivers\lvsels64.sys [67864 2009-04-30] (Logitech Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
4 LMIRfsClientNP; [x]
3 mfeavfk01; [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-10 10:12 - 2012-11-10 10:12 - 00000000 ____D C:\FRST
2012-11-08 22:31 - 2012-11-08 22:31 - 00028466 ____A C:\Users\gerald\Desktop\attach.txt
2012-11-08 22:31 - 2012-11-08 22:31 - 00027077 ____A C:\Users\gerald\Desktop\dds.txt
2012-11-08 22:29 - 2012-11-08 22:29 - 00688901 ____R (Swearware) C:\Users\Public\Downloads\dds.com
2012-11-07 15:36 - 2012-11-07 16:40 - 3490912256 ____A C:\Users\Public\Downloads\en_windows_8_enterprise_x64_dvd_917522.iso
2012-11-07 15:35 - 2012-11-07 16:29 - 2632460288 ____A C:\Users\Public\Downloads\en_windows_8_x86_dvd_915417.iso
2012-11-07 15:33 - 2012-11-07 16:38 - 3581853696 ____A C:\Users\Public\Downloads\en_windows_8_x64_dvd_915440.iso
2012-11-05 15:41 - 2012-11-05 15:41 - 00000000 ____D C:\Users\gerald\Application Data\Malwarebytes
2012-11-05 15:41 - 2012-11-05 15:41 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:40 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-05 15:30 - 2012-11-05 15:30 - 00033502 ____A C:\Windows\RPSETUP.EXE.LOG
2012-11-05 15:30 - 2012-11-05 15:30 - 00033502 ____A C:\RPSetup.exe.log
2012-10-11 13:01 - 2012-10-11 13:01 - 00000000 ____D C:\Users\Public\Documents\Canon MyCameraFiles
2012-10-11 13:01 - 2012-10-11 13:01 - 00000000 ____D C:\Users\All Users\Documents\Canon MyCameraFiles
2012-10-11 12:57 - 2012-10-11 12:57 - 00000000 ____D C:\Users\gerald\Application Data\Canon_Inc_IC
2012-10-11 12:57 - 2012-10-11 12:57 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Canon_Inc_IC
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\Public\Documents\Canon
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Documents\Canon
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Canon_Inc_IC
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Application Data\Canon_Inc_IC
2012-10-11 12:48 - 2012-10-11 12:48 - 00000000 ____D C:\Program Files (x86)\PIXELA
2012-10-11 10:43 - 2012-10-11 10:43 - 00002100 ____A C:\Users\Public\Documents\OfficeQuickBooks.RDP
2012-10-11 10:43 - 2012-10-11 10:43 - 00002100 ____A C:\Users\All Users\Documents\OfficeQuickBooks.RDP

==================== One Month Modified Files and Folders =======

2012-11-10 10:16 - 2011-04-19 10:10 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-11-10 10:16 - 2011-04-19 10:10 - 00000000 ____D C:\Users\All Users\Application Data\LogMeIn
2012-11-10 10:16 - 2011-04-04 07:47 - 00327680 ____A C:\Windows\System32\Ikeext.etl
2012-11-10 10:16 - 2009-07-13 23:10 - 01486596 ____A C:\Windows\WindowsUpdate.log
2012-11-10 10:12 - 2012-11-10 10:12 - 00000000 ____D C:\FRST
2012-11-10 10:12 - 2009-07-13 23:13 - 00874364 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-10 10:10 - 2011-12-20 20:05 - 00000000 ____D C:\Users\gerald\My Documents\Outlook Files
2012-11-10 10:10 - 2011-12-20 20:05 - 00000000 ____D C:\Users\gerald\Documents\Outlook Files
2012-11-10 10:05 - 2012-01-03 09:37 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-10 10:03 - 2012-09-29 19:29 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_gerald.job
2012-11-10 10:03 - 2012-01-03 09:37 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-10 09:55 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2012-11-10 09:49 - 2012-08-07 06:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-09 20:46 - 2012-09-29 19:29 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_gerald.job
2012-11-09 18:30 - 2012-08-25 16:23 - 00000416 ____A C:\Windows\Tasks\vtscheduletask.job
2012-11-09 13:40 - 2012-09-29 19:29 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_gerald.job
2012-11-09 00:23 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-09 00:23 - 2009-07-13 22:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-09 00:16 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-09 00:16 - 2009-07-13 22:51 - 00047065 ____A C:\Windows\setupact.log
2012-11-09 00:15 - 2011-03-28 20:13 - 00422608 ____A C:\Windows\PFRO.log
2012-11-08 23:59 - 2011-03-28 18:35 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-11-08 22:31 - 2012-11-08 22:31 - 00028466 ____A C:\Users\gerald\Desktop\attach.txt
2012-11-08 22:31 - 2012-11-08 22:31 - 00027077 ____A C:\Users\gerald\Desktop\dds.txt
2012-11-08 22:29 - 2012-11-08 22:29 - 00688901 ____R (Swearware) C:\Users\Public\Downloads\dds.com
2012-11-08 22:17 - 2011-12-24 10:55 - 00000000 ____D C:\Program Files (x86)\Everything
2012-11-08 21:54 - 2011-07-01 09:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-11-08 21:52 - 2011-07-01 09:16 - 00088008 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-11-08 21:52 - 2011-07-01 09:16 - 00083880 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-11-08 10:15 - 2011-04-02 14:36 - 00000000 ____D C:\Users\All Users\Intuit
2012-11-08 10:15 - 2011-04-02 14:36 - 00000000 ____D C:\Users\All Users\Application Data\Intuit
2012-11-07 16:41 - 2011-04-07 14:59 - 00000000 ____D C:\Users\gerald\Application Data\Download Manager
2012-11-07 16:41 - 2011-04-07 14:59 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Download Manager
2012-11-07 16:40 - 2012-11-07 15:36 - 3490912256 ____A C:\Users\Public\Downloads\en_windows_8_enterprise_x64_dvd_917522.iso
2012-11-07 16:38 - 2012-11-07 15:33 - 3581853696 ____A C:\Users\Public\Downloads\en_windows_8_x64_dvd_915440.iso
2012-11-07 16:29 - 2012-11-07 15:35 - 2632460288 ____A C:\Users\Public\Downloads\en_windows_8_x86_dvd_915417.iso
2012-11-07 14:56 - 2011-04-02 10:57 - 00000000 ____D C:\Users\gerald\My Documents\My PSP8 Files
2012-11-07 14:56 - 2011-04-02 10:57 - 00000000 ____D C:\Users\gerald\Documents\My PSP8 Files
2012-11-07 14:30 - 2011-05-09 04:05 - 00000000 ____D C:\Windows\pss
2012-11-07 13:49 - 2011-08-14 11:11 - 00007610 ____A C:\Users\gerald\Local Settings\resmon.resmoncfg
2012-11-07 13:49 - 2011-08-14 11:11 - 00007610 ____A C:\Users\gerald\Local Settings\Application Data\resmon.resmoncfg
2012-11-07 13:49 - 2011-08-14 11:11 - 00007610 ____A C:\Users\gerald\AppData\Local\resmon.resmoncfg
2012-11-05 17:46 - 2011-04-02 19:44 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-05 17:46 - 2011-04-02 19:44 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-11-05 16:05 - 2012-05-30 16:06 - 00000000 ____D C:\Program Files\Blender Foundation
2012-11-05 16:04 - 2011-03-28 18:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-11-05 16:03 - 2011-07-19 07:16 - 00000000 ____D C:\Program Files (x86)\FreeRIP3
2012-11-05 16:01 - 2012-10-01 08:37 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-05 16:01 - 2012-10-01 08:37 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-05 15:53 - 2011-04-02 17:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2012-11-05 15:41 - 2012-11-05 15:41 - 00000000 ____D C:\Users\gerald\Application Data\Malwarebytes
2012-11-05 15:41 - 2012-11-05 15:41 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-11-05 15:40 - 2012-11-05 15:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:35 - 2012-08-08 08:14 - 00000000 ____D C:\Users\All Users\Yahoo!
2012-11-05 15:35 - 2012-08-08 08:14 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!
2012-11-05 15:35 - 2012-08-08 08:14 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2012-11-05 15:34 - 2011-08-16 07:33 - 00000000 ____D C:\Program Files (x86)\thinkTDA
2012-11-05 15:32 - 2012-06-10 07:31 - 00000000 ____D C:\Users\gerald\Application Data\Dropbox
2012-11-05 15:32 - 2012-06-10 07:31 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Dropbox
2012-11-05 15:30 - 2012-11-05 15:30 - 00033502 ____A C:\Windows\RPSETUP.EXE.LOG
2012-11-05 15:30 - 2012-11-05 15:30 - 00033502 ____A C:\RPSetup.exe.log
2012-11-05 15:30 - 2011-03-28 18:29 - 00000000 ____D C:\Program Files (x86)\Dell
2012-11-05 15:29 - 2012-03-08 16:43 - 00000000 ____D C:\Users\All Users\DivX
2012-11-05 15:29 - 2012-03-08 16:43 - 00000000 ____D C:\Users\All Users\Application Data\DivX
2012-11-05 15:29 - 2012-03-08 16:43 - 00000000 ____D C:\Program Files\DivX
2012-11-05 15:29 - 2012-03-08 16:43 - 00000000 ____D C:\Program Files (x86)\DivX
2012-11-05 15:27 - 2011-04-01 19:01 - 00000000 ____D C:\Users\gerald\Local Settings\Dell
2012-11-05 15:27 - 2011-04-01 19:01 - 00000000 ____D C:\Users\gerald\Local Settings\Application Data\Dell
2012-11-05 15:27 - 2011-04-01 19:01 - 00000000 ____D C:\Users\gerald\AppData\Local\Dell
2012-11-05 15:24 - 2012-08-15 17:03 - 00000000 ____D C:\Program Files (x86)\Dyyno
2012-11-04 12:31 - 2012-09-08 22:20 - 00000000 ____D C:\Users\gerald\My Documents\Visual Studio 2012
2012-11-04 12:31 - 2012-09-08 22:20 - 00000000 ____D C:\Users\gerald\Documents\Visual Studio 2012
2012-10-12 04:05 - 2012-01-03 09:37 - 00000000 ____D C:\Program Files (x86)\Google
2012-10-11 16:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2012-10-11 14:52 - 2011-04-04 08:03 - 00002118 ___AH C:\Users\gerald\My Documents\Default.rdp
2012-10-11 14:52 - 2011-04-04 08:03 - 00002118 ___AH C:\Users\gerald\Documents\Default.rdp
2012-10-11 13:01 - 2012-10-11 13:01 - 00000000 ____D C:\Users\Public\Documents\Canon MyCameraFiles
2012-10-11 13:01 - 2012-10-11 13:01 - 00000000 ____D C:\Users\All Users\Documents\Canon MyCameraFiles
2012-10-11 13:01 - 2011-04-02 11:12 - 00000000 ____D C:\Program Files (x86)\Canon
2012-10-11 12:57 - 2012-10-11 12:57 - 00000000 ____D C:\Users\gerald\Application Data\Canon_Inc_IC
2012-10-11 12:57 - 2012-10-11 12:57 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Canon_Inc_IC
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\Public\Documents\Canon
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Documents\Canon
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Canon_Inc_IC
2012-10-11 12:56 - 2012-10-11 12:56 - 00000000 ____D C:\Users\All Users\Application Data\Canon_Inc_IC
2012-10-11 12:56 - 2011-04-30 08:25 - 00000000 ____D C:\Users\gerald\Application Data\Canon
2012-10-11 12:56 - 2011-04-30 08:25 - 00000000 ____D C:\Users\gerald\AppData\Roaming\Canon
2012-10-11 12:48 - 2012-10-11 12:48 - 00000000 ____D C:\Program Files (x86)\PIXELA
2012-10-11 11:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2012-10-11 10:43 - 2012-10-11 10:43 - 00002100 ____A C:\Users\Public\Documents\OfficeQuickBooks.RDP
2012-10-11 10:43 - 2012-10-11 10:43 - 00002100 ____A C:\Users\All Users\Documents\OfficeQuickBooks.RDP
2012-10-11 09:29 - 2009-07-13 23:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-03 19:50:20
Restore point made on: 2012-11-05 15:21:20
Restore point made on: 2012-11-05 15:25:50
Restore point made on: 2012-11-05 15:26:50
Restore point made on: 2012-11-05 15:28:00
Restore point made on: 2012-11-05 15:29:50
Restore point made on: 2012-11-05 15:30:54
Restore point made on: 2012-11-05 15:31:34
Restore point made on: 2012-11-05 15:36:06
Restore point made on: 2012-11-05 15:51:36
Restore point made on: 2012-11-05 15:58:28
Restore point made on: 2012-11-05 16:04:35

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8174.45 MB
Available physical RAM: 7306.31 MB
Total Pagefile: 8172.59 MB
Available Pagefile: 7296.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:500 GB) (Free:233.24 GB) NTFS
3 Drive e: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT
8 Drive j: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 419 GB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 63 MB 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 500 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 12 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 500 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 63 MB 16 KB

==================================================================================

Disk: 3
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E FAT Removable 63 MB Healthy

=========================================================

Last Boot: 2012-11-04 23:36

==================== End Of Log =============================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 10 November 2012 - 08:29 PM

Thanks for the update.

The log doesn't show anything unusual. The problem doesn't look to be malware related. We need to dig deeper and troubleshoot the issue from normal mode. But before any troubleshooting I need some logs.

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


#5 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 10 November 2012 - 10:51 PM

Result.txt

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by gerald (administrator) on 10-11-2012 at 22:47:50
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

192.168.2.11 DS411P_8TB
192.168.2.10 WDSSB4


========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Main GJB Network (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.2.101 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.1 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.3.207 metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.232.1 metric=1 publish=Yes
add route prefix=0.0.0.0/0 interface="Main GJB Network" nexthop=192.168.33.50 publish=Yes
set interface interface="Local Area Connection* 9" forwarding=disabled advertise=disabled mtu=1380 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection* 9" address=192.168.113.15 mask=255.255.255.0
add address name="Local Area Connection* 9" address=192.168.113.20 mask=255.255.255.0
add address name="Local Area Connection* 9" address=192.168.113.23 mask=255.255.255.0
add address name="Local Area Connection* 9" address=192.168.113.25 mask=255.255.255.0
add address name="Main GJB Network" address=192.168.33.30 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : gjb7
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Main GJB Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-93-62-C8
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d14:a2ba:f9e2:e8be%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.33.30(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.33.50
DHCPv6 IAID . . . . . . . . . . . : 242756555
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-22-F8-F3-78-2B-CB-93-62-C8
DNS Servers . . . . . . . . . . . : 192.168.33.50
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9A424C79-90D7-43DE-9508-06DCDB4E6E1D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:20d2:d3d:5192:f66d(Preferred)
Link-local IPv6 Address . . . . . : fe80::20d2:d3d:5192:f66d%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.33.50

Name: google.com
Addresses: 2607:f8b0:4002:c04::65
74.125.140.101
74.125.140.102
74.125.140.113
74.125.140.138
74.125.140.139
74.125.140.100


Pinging google.com [74.125.134.102] with 32 bytes of data:
Reply from 74.125.134.102: bytes=32 time=114ms TTL=48
Reply from 74.125.134.102: bytes=32 time=35ms TTL=48

Ping statistics for 74.125.134.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 114ms, Average = 74ms
Server: UnKnown
Address: 192.168.33.50

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=156ms TTL=52
Reply from 72.30.38.140: bytes=32 time=92ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 156ms, Average = 124ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...78 2b cb 93 62 c8 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.33.50 192.168.33.30 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.33.30 306
169.254.255.255 255.255.255.255 On-link 192.168.33.30 266
192.168.33.0 255.255.255.0 On-link 192.168.33.30 266
192.168.33.30 255.255.255.255 On-link 192.168.33.30 266
192.168.33.255 255.255.255.255 On-link 192.168.33.30 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.33.30 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.33.30 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.2.101 1
169.254.0.0 255.255.0.0 192.168.1.1 1
169.254.0.0 255.255.0.0 192.168.3.207 1
169.254.0.0 255.255.0.0 192.168.232.1 1
0.0.0.0 0.0.0.0 192.168.33.50 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:9d38:6ab8:20d2:d3d:5192:f66d/128
On-link
10 266 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::20d2:d3d:5192:f66d/128
On-link
10 266 fe80::7d14:a2ba:f9e2:e8be/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 T:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [File Not found] ()
x64-Catalog9 12 T:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [File Not found] ()
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon) (User: )
Description: The Windows logon process has unexpectedly terminated.


System errors:
=============
Error: (11/10/2012 10:23:38 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/09/2012 01:15:47 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/08/2012 10:51:19 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/08/2012 11:03:41 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (11/08/2012 10:54:25 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (11/08/2012 10:54:23 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (11/08/2012 10:54:23 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%13

Error: (11/08/2012 10:54:23 AM) (Source: BROWSER) (User: )
Description: The browser has failed to start because the dependent service LanmanWorkstation had invalid service status 4294967295.
Status Meaning
1 Service Stopped

2 Start Pending

3 Stop Pending

4 Running

5 Continue Pending

6 Pause Pending

7 Paused

Error: (11/08/2012 10:54:21 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%1747

Error: (11/08/2012 10:53:46 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:

Error: (11/08/2012 10:53:09 AM) (Source: Winlogon)(User: )
Description:


=========================== Installed Programs ============================

Tools for .Net 3.5 (Version: 3.11.50727)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX 64-bit (Version: 10.3.162.28)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.010.1110.1531)
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blend for Visual Studio 2012 (Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (Version: 5.0.30709.0)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.30.1395.0)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series MP Drivers
Canon MX860 series User Registration
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities ImageBrowser EX (Version: 1.1.0.18)
Canon Utilities Solution Menu
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1110.1532.27809)
Catalyst Control Center Graphics Previews Vista (Version: 2010.1110.1532.27809)
Catalyst Control Center InstallProxy (Version: 2010.1110.1532.27809)
Catalyst Control Center Localization All (Version: 2010.1110.1532.27809)
ccc-core-static (Version: 2010.1110.1532.27809)
ccc-utility64 (Version: 2010.1110.1532.27809)
CCC Help Chinese Standard (Version: 2010.1110.1531.27809)
CCC Help Chinese Traditional (Version: 2010.1110.1531.27809)
CCC Help Czech (Version: 2010.1110.1531.27809)
CCC Help Danish (Version: 2010.1110.1531.27809)
CCC Help Dutch (Version: 2010.1110.1531.27809)
CCC Help English (Version: 2010.1110.1531.27809)
CCC Help Finnish (Version: 2010.1110.1531.27809)
CCC Help French (Version: 2010.1110.1531.27809)
CCC Help German (Version: 2010.1110.1531.27809)
CCC Help Greek (Version: 2010.1110.1531.27809)
CCC Help Hungarian (Version: 2010.1110.1531.27809)
CCC Help Italian (Version: 2010.1110.1531.27809)
CCC Help Japanese (Version: 2010.1110.1531.27809)
CCC Help Korean (Version: 2010.1110.1531.27809)
CCC Help Norwegian (Version: 2010.1110.1531.27809)
CCC Help Polish (Version: 2010.1110.1531.27809)
CCC Help Portuguese (Version: 2010.1110.1531.27809)
CCC Help Russian (Version: 2010.1110.1531.27809)
CCC Help Spanish (Version: 2010.1110.1531.27809)
CCC Help Swedish (Version: 2010.1110.1531.27809)
CCC Help Thai (Version: 2010.1110.1531.27809)
CCC Help Turkish (Version: 2010.1110.1531.27809)
Consumer In-Home Service Agreement (Version: 2.0.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5830.10)
DicomObjects.NET 2.0 (Version: 5.06.0000)
DicomObjects.NET Integrated Help for VS 2010 (Version: 5.06.0000)
Digital Cable Advisor (Version: 1.0.0.0)
DirectX 9 Runtime (Version: 1.00.0000)
Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298)
DW WLAN Card (Version: 5.60.48.35)
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.20702.00)
erLT (Version: 1.20.138.34)
Everything 1.2.1.371
Face Filter (Version: 1.0.007)
FileZilla Client 3.5.3 (Version: 3.5.3)
Free PDF to Word Doc Converter v1.1 (Version: 1.1)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
GPSoftware Directory Opus (Version: 10.2.0.0)
iCloud (Version: 2.0.2.187)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
IP Camera
Jasc Paint Shop Pro 8 (Version: 8.00.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 33 (Version: 6.0.330)
Junk Mail filter update (Version: 15.4.3502.0922)
LocalESPC (Version: 8.59.25584)
LocalESPCui for en-us (Version: 8.59.25584)
Logitech High Quality Video (Version: 12.00.1280)
Logitech Webcam Software (Version: 2.0)
Logitech Webcam Software Driver Package (Version: 12.0.1278)
LogMeIn (Version: 4.1.1848)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee SecurityCenter (Version: 11.6.435)
McAfee Virtual Technician (Version: 6.5.0.2101)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime (Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime (Version: 2.0.20710.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft LightSwitch for Visual Studio 2012 Core (Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (Version: 11.0.50727)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft NuGet - Visual Studio 2012 (Version: 2.0.30625.9003)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (Version: 11.0.50709.17929)
Microsoft Report Viewer Add-On for Visual Studio 2012 (Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server 2012 Command Line Utilities (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers - ENU Resources (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31125)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31130)
Microsoft Visual Studio 2012 Devenv (Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Professional 2012 - ENU (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (Version: 11.0.50727.1)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
Microsoft Web Developer Tools - Visual Studio 2012 (Version: 1.0.30710.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.7.915.93)
Notepad++ (Version: 5.9.0.0)
NovaBench 3.0.4
PerfectDisk 11 Professional (Version: 11.00.185)
PerformanceTest v7.0 (64-bit) (Version: 7.0)
PhotoShowExpress (Version: 2.0.063)
PIXELA AAC LC CODEC (Version: 1.1.0.1)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1)
Prerequisites for SSDT (Version: 11.0.2100.60)
Putty
Quicken 2010 (Version: 19.1.1.27)
QuickTime (Version: 7.72.80.56)
RBVirtualFolder64Inst (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio BackOnTrack (Version: 4.1)
Roxio BackOnTrackPE (Version: 4.0)
Roxio Burn - Secure (Version: 1.6)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2012 Pro (Version: 1.3.675)
Roxio Creator 2012 Pro (Version: 13.5)
Roxio Creator 2012 Pro (Version: 6.5.0)
Roxio Creator Content 2012 (Version: 13.5.609)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Roxio System Rollback (Version: 3.9.0)
Roxio System Rollback Recovery Disk (Version: 3.9.0)
Roxio Video Capture USB (Version: 1.22.0000)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Shared C Run-time for x64 (Version: 10.0.0)
Shrew Soft VPN Client
Skins (Version: 2010.1110.1532.27809)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Synology Assistant (remove only)
THX TruStudio PC (Version: 1.0)
Transfer Utility (Version: 2.00.205)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VD64Inst (Version: 1.00.0000)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.9200.20498)
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20498 (Version: 1.0.9200.20498)
VLC media player 1.1.9 (Version: 1.1.9)
WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
Web Deployment Tool (Version: 1.1.0618)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x64 (Version: 8.59.25584)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Runtime Intellisense Content - en-us (Version: 8.59.25584)
Windows Software Development Kit (Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584)
WinMerge 2.12.4 (Version: 2.12.4)
WinZip 15.5 (Version: 15.5.9468)
X-CTU (Version: 5.2.75)
Xilisoft Audio Maker (Version: 3.0.49.0402)
Xilisoft DVD Copy Express (Version: 1.1.37.0402)
Xilisoft DVD Creator (Version: 3.0.43.0402)
Xilisoft DVD Ripper Ultimate (Version: 5.0.50.0403)
Xilisoft Video Converter Ultimate (Version: 5.1.23.0402)
Xilisoft Video Converter Ultimate 6 (Version: 6.8.0.1101)

========================= Devices: ================================

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: DW1501 Wireless-N WLAN Half-Mini Card
Description: DW1501 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 8174.45 MB
Available physical RAM: 1659.23 MB
Total Pagefile: 8172.64 MB
Available Pagefile: 1302 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.87 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:500 GB) (Free:232.84 GB) NTFS
3 Drive e: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

========================= Users: ========================================

User accounts for \\GJB7

Administrator gerald Guest
jerry


**** End of log ****


FSS.txt

Farbar Service Scanner Version: 09-11-2012
Ran by gerald (administrator) on 10-11-2012 at 22:50:32
Running from "C:\Users\gerald\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I17FR29A"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 11 November 2012 - 07:29 AM

Is this a work computer or a home computer? The reason I ask is that the computer is configured to connect to internet via a private domain which is 192.168.33.50. Please tell me how do you get connected to internet? Is this computer part of a company or private network?

The next question is are you ready/allowed (in case this is a work computer) to uninstall some programs in the course of troubleshooting?

#7 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 11 November 2012 - 09:50 AM

This is and has always been my primary home computer. 33.50 is one of the 3 routers I use throughout the house - it connects directly to a Time Warner cable modem which uses dhcp to connect to the Internet. I do use a vpn path to connect to my business but I only start it up only once a week. I am fine with uninstalling any programs you would suggest. Once my confidence is solid on this box, I plan to upgrade it to 8.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 11 November 2012 - 10:20 AM

Thanks for the feedback. We are going to try a few things steps by step.

We are going to uninstall Java en McAfee. We will install the latest Java version and McAfee again after the issue is resolved. Since removing McAfee leaves your computer unprotected please don't use this computer for surfing on the net until we have installed an antivirus again.

  • Please go to Start => Control Panel => Program and Features and uninstall programs:

    McAfee SecurityCenter
    Java™ 6 Update 22
    Java™ 6 Update 23
    Java™ 6 Update 33


    To remove McAfee AntiVirus leftovers I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

    For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com
  • Now reboot the computer and see if the issue remains the same.


#9 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 11 November 2012 - 10:44 AM

I am uninstalling now - To know if the issue is gone I typically leave the computer alone - logged in - over night. In the morning almost all of the memory is used. I will leave it alone tonight and report back in the morning. I am on the east cost of the US.
I really appreciate your expertise on this matter.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 11 November 2012 - 10:48 AM

I wish we could test the system in a shorter time period. Anyway please make sure the system is not connected to internet.

Edited by Farbar, 11 November 2012 - 10:49 AM.


#11 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 11 November 2012 - 10:51 AM

I do not know how to test it quicker - When I use the system it works fine. When I walk away (logged in or not logged in) it starts to absorb memory over many hours. I have used several tools trying to identify the reason(s) but cannot pin one down.

All uninstalled - rebooting now - will stay off the Internet today. I will check after a few hours of non-use to see if there is any change in the memory available.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 11 November 2012 - 11:17 AM

Giving it a few hours is a good testing time.

To disconnect the system from internet you can disable the network as follows:

Go to Start => Control Panel => Network and Sharing Center => In the left pane select "Change adapter settings"
Right-click on "Main GJB Network" and select "Disable".


Enabling it later on you can follow the procedure, but select "Enable".

You can also open "Network and Sharing Center" from the network icon on the notification area.

#13 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 11 November 2012 - 12:47 PM

Understood. I am disconnected and using a laptop for Internet access.

All is looking good so far. Memory is staying just under 2GB - which is where it was after reboot and login. I have my fingers crossed.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:06 AM

Posted 11 November 2012 - 02:33 PM

We will give it a few more hours to make sure. :thumbup2:

#15 gjbnc

gjbnc
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:06 PM

Posted 11 November 2012 - 06:41 PM

It has been 8 hours and the amount of memory used was around 2.05GB which is up slightly from just under 2GB which is where I left it this morning. I would have expected it to be around 5-6GB used by now. So, this looks pretty positive. It is 6:30 pm now and I will let it continue until morning and post more info then.

If still reasonable at that time, would you recommend reinstalling the McAfee SecurityManager?

I think one of the Java installs was a concern as every time I would login - within 2 minutes - a SUN popup appeared asking if I wanted to run their software - which I believe was to check for new versions. I believe this popup started several months ago (Not sure when as I didn't have to reboot that often until this problem started) It may coincide with the time the memory issue started but I am not sure.

There is one other program that presents a popup every time I login. It is called Everything - a very fast file search utility. It is asking if I give permission for it to access the hard drive. This has been there ever since I installed it 10 months ago - well before the memory issue appeared.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users