Windows 7: Windows 7 constantly reports low memory

kuki · 31 Aug 2012

Hi,

I have HP 6150ew laptop with 4GB of RAM (+1024MB pagefile). I am working on Windows 7 64bit Ultimate version. Usually I have a lot of Chrome pages opened (like 20), MS Outlook, uTorrent + Excel/Word. The problem is that often I receive memory low message and from time to time Chrome crashes. If I will launch AutoCAD/Photosop, Chrome immeadately crashes from because of the low memory. That was not the case when I had a fresh system so I suspect some kind of infection.

I have also installed VMWare Workstation some time ago. From time to time I run only one test VM which has 1,9GB ram assigned, but at the time a got these memory monits, VM was not running (VMWare had a few kB of RAM assigned) so I guess VMWare is not taking 1,9GB at all times.

I ran ComboFix, maybe someone could look at the report file

Code:

ComboFix 12-08-30.05 - kuki 2012-08-31   0:18.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.4044.2707 [GMT 2:00]
Uruchomiony z: c:\users\kuki\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{31F2B986-948D-437F-992A-113C6E2FAE8E}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C5FD87B-B89D-4632-BEB1-4E5940F4BE03}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5338306D-C918-4A9D-BB3D-9902602FF8D7}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5885DFF0-96AF-411F-987C-8B6DC73BB195}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{812F25BE-29E0-4F08-AC41-EA37B45B457C}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81434460-F9A7-433F-B70E-3B8F60ACAB56}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A8934CB-644F-42DC-BC85-D1FF814A39F6}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D859971-7D40-40BB-9A7C-56B6AF7D1605}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1645EE8-A353-47E1-9F3D-AD784638232B}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCF7ADE5-43AA-4174-9972-97508B5B56E9}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DBAFA55D-E56F-49DE-9964-C40831E6414D}.xps
c:\users\kuki\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EE366A03-96C6-4114-9C66-27855FB74C8D}.xps
c:\users\kuki\AppData\Local\TempDIR
c:\users\kuki\AppData\Local\TempDIR\cacert.crt
c:\windows\SysWow64\FlashPlayerInstaller.exe
F:\install.exe
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-07-28 do 2012-08-30  )))))))))))))))))))))))))))))))
.
.
2012-08-30 22:21 . 2012-08-30 22:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-30 22:13 . 2012-08-30 22:13	388096	----a-r-	c:\users\kuki\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-30 22:13 . 2012-08-30 22:13	--------	d-----w-	c:\program files (x86)\hjt
2012-08-30 15:58 . 2012-08-30 15:58	--------	d-----w-	c:\program files (x86)\Google
2012-08-29 17:44 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94A1829F-17F5-46F1-B437-A7C038646562}\mpengine.dll
2012-08-29 12:54 . 2012-08-29 12:54	--------	d-----w-	c:\program files (x86)\Foxit Software
2012-08-28 14:07 . 2012-08-01 22:58	9309624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 09:07 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-15 08:47 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 08:47 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 08:47 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 08:47 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 08:47 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 08:47 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 08:47 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 08:47 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 08:47 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 08:47 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 08:47 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 08:47 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-06 13:36 . 2012-08-06 13:36	--------	d-----w-	c:\program files\SyncToy 2.1
2012-08-06 13:36 . 2012-08-06 13:36	--------	d-----w-	c:\program files\Microsoft Sync Framework
2012-08-02 13:07 . 2012-08-02 13:07	--------	d-----w-	c:\users\kuki\AppData\Local\Windows Live
2012-08-02 13:07 . 2012-08-02 13:07	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 09:04 . 2012-04-27 13:47	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-07-19 05:55 . 2012-04-27 16:02	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-19 05:55 . 2012-04-27 16:02	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 20:06 . 2012-07-31 09:03	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2012-07-31 09:03	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-09 05:43 . 2012-07-12 07:38	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:49 . 2012-06-06 06:49	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-12 07:38	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-12 07:38	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-12 07:37	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-12 07:38	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-12 07:38	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-12 07:37	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-19 05:50	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:50	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 05:50	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:50	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:50	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 05:50	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 05:50	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 05:50	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 05:50	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-12 07:38	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-12 07:38	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-12 07:38	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-12 07:38	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-12 07:38	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-12 07:38	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-12 07:38	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-12 07:38	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-12 07:38	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-17 959888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-30 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-01-18 103536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-09 65536]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AMPPALP;Protokół Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-31 1030600]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Inspekcja sieci firmy Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-05-25 125416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-01-18 11839488]
R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1255736]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-27 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-30 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-30 310272]
S3 AMPPAL;Karta wirtualna Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 IntcDAud;Intel(R) Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Sterownik karty Intel(R) Wireless WiFi Link 5000 Series dla systemu Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-10 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-10 208896]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1114997525-3749809339-1548453379-1000Core.job
- c:\users\kuki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 13:16]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1114997525-3749809339-1548453379-1000UA.job
- c:\users\kuki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-27 13:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\kuki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Wyślij &do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 195.140.152.1 10.10.100.1
DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} - hxxp://192.168.0.100/control/nvEPLMedia.cab
DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} - hxxp://kamery.delta.poznan.pl:8122/rel/webViewer.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-08-31  00:23:25
ComboFix-quarantined-files.txt  2012-08-30 22:23
.
Przed: 16*882*536*448 bajtów wolnych
Po: 18*148*696*064 bajtów wolnych
.
- - End Of File - - AF099261A9E5BCFCB2704B1B0FF3F7DC

Hijackthis report

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:14:16, on 2012-08-31
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\kuki\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\hjt\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\kuki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://192.168.0.10/ssi.cgi/cab/OCXChecker_8500.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} (nvEPLMedia Control) - http://192.168.0.100/control/nvEPLMedia.cab
O16 - DPF: {DD01C8CA-5DA0-4B01-9603-B7194E561D32} (TVSLiveControl Class) - http://kamery.delta.poznan.pl:8122/rel/webViewer.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10120 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13434 bytes

**centaur78** · 31 Aug 2012

Kuki

Got to resmon.. and then to memory... and sort the Working set column.. from highest to lowest.... post a snapshot here

kuki · 07 Sep 2012

Thanks for your reply.
if I sum up the memory used by the proccesses greater than 20MB, the result is 2,3 GB of RAM used. It is kind of wierd as the resmon shows almost 3,2 GBs used.

bobafetthotmail · 07 Sep 2012

the first two processes indicate that there is an Internet Explorer open. (iexplore.exe) these two eat up around 400 mb.

There is also an Acrobat Reader (acrord32.exe) which seems 32bit. its footprint isn't that big, but why is there?
There is a Skype thing, which can be turned off if you don't use it.

then of course chrome is gobbling up a completely ridicolous amount of memory but isn't apparent because it splits it in dozens of different processes. if you decided to keep a bit less open tabs it would be much better.

Quote:

if I sum up the memory used by the proccesses greater than 20MB, the result is 2,3 GB of RAM used. It is kind of wierd as the resmon shows almost 3,2 GBs used.

did you sum up the memory in the column you selected in the screenshot? because what matters for the lower "total usage" bar is the column to the left of that.

kuki · 07 Sep 2012

the sum of the calculated memory goes beyond what you see on the screenshot - as i have written - to the proccesses which have 20MB RAM usage.

the IE was open, usually I do not have it opened, I have a lot of Chrome tabs opened, its kind of the normal situation for me.

before I bought my laptop, I was using a desktop PC with 8GB DDR3 RAM and I have never experienced the problem I do have now. I understand that 4GBs is not 8GBs, but how it is possible that sometimes, only with 20 tabs of chrome opened, and nothing more (except skype, adobe reader), I open Photoshop WITH NO document open in it and I get this ridicolous message ?

Layback Bear · 07 Sep 2012

I'm just curious. You have 20 browser tabs open. I have seen some have 100 tabs open. What is one doing that that many tabs need to be open.

bobafetthotmail · 07 Sep 2012

Quote: Originally Posted by kuki

before I bought my laptop, I was using a desktop PC with 8GB DDR3 RAM and I have never experienced the problem I do have now.

This is the likely cause imho. Also the screenshot of the other thing where you nearly filled the available ram just with browser stuff is another good indicator.

You always used a machine with double the amount of ram, so your habits are a bit wasteful for a machine with half that.

Don't take it as an offense, I'm not thinking you're dumb, this is standard human behaviour. I had cadres of people come to me with their machine and complain that their new computer was "malfunctioning" when in fact they were just using it as if it was a much better one.

In your case, you have two choices, both with their own benefits:

Embrace the new golden rule: "don't ever go beyond the 10-15 tabs of browsers open and close all programs you are not using at the moment".

Upgrade the ram, as your 6150ew laptop ram can be upgraded to 8 GB.

**centaur78** · 07 Sep 2012

Duh !!! how could i ever miss this.... the solution to your problem is this very first sentence of your post

Quote:

I have HP 6150ew laptop with 4GB of RAM (+1024MB pagefile)

Increase the paging file to same as RAM...ie 4GB or 4096 MB... that will resolve the low memory problem...

Quote:

Your computer has two types of memory, random access memory (RAM) and virtual memory. All programs use RAM, but when there isn't enough RAM for the program you're trying to run, Windows temporarily moves information that would normally be stored in RAM to a file on your hard disk called a paging file. The amount of information temporarily stored in a paging file is also referred to as virtual memory. Using virtual memory—in other words, moving information to and from the paging file—frees up enough RAM for programs to run correctly.

Low memory problems occur when your computer runs out of RAM and becomes low on virtual memory. This can happen when you run more programs than the RAM installed on the computer is designed to support. Low memory problems can also occur when a program doesn't free up memory that it no longer needs. This problem is called memory overuse or a memory leak.

bobafetthotmail · 07 Sep 2012

virtual memory is slow as molasses unless he has is running from a SSD.

**centaur78** · 07 Sep 2012

Quote: Originally Posted by bobafetthotmail

virtual memory is slow as molasses unless he has is running from a SSD.

You never use virtual memory on a SSD.... its more writes to the SSD and eventually it will kill the SSD in the long run

Windows 7: Windows 7 constantly reports low memory

Windows 7 constantly reports low memory problems?