Jump to content


Photo

mbamservice.exe taking 100mb ram when idle


  • Please log in to reply
6 replies to this topic

#1 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 159 posts
  • Gender:Male

Posted 03 March 2013 - 10:59 AM

I'm using Avast Internet Security with Malwarebytes and since my upgrade to Windows 8, Malwarebytes is taking up 100mb of ram all the time. I've set all the exclusions and it's made no difference. I've even done a clean install using mbam-clean.exe and it didn't make a difference too. Is this supposed to be normal?

Attached Images

  • mbam-using-alot-of-ram.gif

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,125 posts
  • Gender:Male
  • Location:USA

Posted 03 March 2013 - 11:37 AM

Hello and :welcome:

This is not uncommon and the memory usage varies depending on ones computer configuration, hardware, memory, number of files.... You probably have nothing to worry about. If you would like you could provide some logs for us and we can have a look...

Please post an mbam-check log:

Create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please attach the CheckResults.txt file which should now be located on your desktop to your next reply


Next, Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.
  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt

    You can ignore the note about zipping the Attach.txt file in most cases.

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 159 posts
  • Gender:Male

Posted 03 March 2013 - 11:53 AM

The only reason I'm concerned is that I'm using the same security combination upstairs with Windows 7 and that takes between 40-50mb ram when idle.

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.70.0.1100

Date Log Created: 03/03/13
Time Log Created: 16:49:46

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ Windows 8 Pro

Current Build Number: 9200

Current Version Number: 6.2

Current CSDVersion:

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
h:mm:ss tt
AM
PM
:

Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :

Language and Regional Settings:
===============================

ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: 850 Please refer to this link for details: Here

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Users\Ali Khan\Desktop\Auroradvdcopy.exeREG_SZ $ Win8RTM



Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================



MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:
==========================

MBAMProtector:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


MBAMService:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


MBAMScheduler:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
Type REG_DWORD 2
Start REG_DWORD 3
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys
Group REG_SZ FSFilter Anti-Virus
DependOnService REG_MULTI_SZ FltMgr

WOW64 REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude REG_SZ 328800
Flags REG_DWORD 0
MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
Type REG_DWORD 16
Start REG_DWORD 2
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
DependOnService REG_MULTI_SZ MBAMProtector

WOW64 REG_DWORD 1
ObjectName REG_SZ LocalSystem
Description REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart REG_DWORD 0
MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
Type REG_DWORD 16
Start REG_DWORD 2
ErrorControl REG_DWORD 1
ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
WOW64 REG_DWORD 1
ObjectName REG_SZ LocalSystem
Description REG_SZ Malwarebytes Anti-Malware scheduler

MBAM DLL's and Runtime Files:
=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default): REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}




HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default): REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default): REG_SZ 1.0


HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default): REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default): REG_SZ 2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default): REG_SZ CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default): REG_SZ __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version REG_SZ 1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default): REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default): REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version REG_SZ 1.1
MBAM Registry Settings and License Info:
========================================


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics REG_DWORD 1
downloadprogram REG_DWORD 1
hidereg REG_DWORD 0
detectp2p REG_DWORD 0
detectpum REG_DWORD 1
detectpup REG_DWORD 2
updatewarn REG_DWORD 1
updatewarndays REG_DWORD 7
useproxy REG_DWORD 0
useauthentication REG_DWORD 0
contextmenu REG_DWORD 1
reportthreats REG_DWORD 0
startwithwindows REG_DWORD 1
startfsdisabled REG_DWORD 0
startipdisabled REG_DWORD 0
silentipmode REG_DWORD 0
autoquarantine REG_DWORD 1
notifyinstallprogram REG_DWORD 1
trialpromptshown REG_DWORD 0
autoquarantinenotify REG_DWORD 1
InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate REG_SZ Sun, 03 Mar 2013 15:35:19 GMT
dbversion REG_SZ v2013.03.03.07
programversion REG_SZ 1.70.0.1100
programbuild REG_SZ consumer
ID XXXXX This is hidden data.
Key XXXX-XXXX-XXXX-XXXX This is hidden data.
SchedulerQueue REG_MULTI_SZ 2101250, 30283188, 3321380352, 1, 23 | 30283815, 2353519505
4160, 0, 0, 0, 0 | 0, 0



HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
defaultscan REG_DWORD 1
terminateie REG_DWORD 0
Language REG_SZ English.lng
selectedrives REG_SZ C:\|E:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
defaultscan REG_DWORD 0
terminateie REG_DWORD 0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
defaultscan REG_DWORD 0
terminateie REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)
Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
InstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User REG_SZ Ali Khan
Inno Setup: Selected Tasks REG_SZ desktopicon
Inno Setup: Deselected Tasks REG_SZ quicklaunchicon
Inno Setup: Language REG_SZ English
DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100
DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
UninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion REG_SZ 1.70.0.1100
Publisher REG_SZ Malwarebytes Corporation
URLInfoAbout REG_SZ http://www.malwarebytes.org
NoModify REG_DWORD 1
NoRepair REG_DWORD 1
InstallDate REG_SZ 20130228
MajorVersion REG_DWORD 1
MinorVersion REG_DWORD 70
EstimatedSize REG_DWORD 18968
Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:
================

Scheduled Item: Update Schedule Options: | Hourly | Wake From Sleep
Start Time: 2013-02-28 13:09 Repeating Every: 1 Recover if missed by: 23
Scheduled Item: Update Schedule Options: | OnReboot
Start Time: OnReboot



Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default): REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default): REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default): REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default): REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default): REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default): REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default): REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware


MBAM Drivers:
=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 24176 BYTES FileVersion: 1.60.2.0


Required Dependencies:
======================

BFE:
==============
Type : 32
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl REG_DWORD 1
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start REG_DWORD 2
Type REG_DWORD 32
Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService REG_MULTI_SZ RpcSs
WfpLwfs

ObjectName REG_SZ NT AUTHORITY\LocalService
ServiceSidType REG_DWORD 3
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop REG_DWORD 1
ServiceMain REG_SZ BfeServiceMain
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll

fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded REG_DWORD 1
DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl REG_DWORD 3
Group REG_SZ FSFilter Infrastructure
ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start REG_DWORD 0
Tag REG_DWORD 1
Type REG_DWORD 2
Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 374512 BYTES FileVersion: 6.2.9200.16384
C:\WINDOWS\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34
C:\WINDOWS\SysWOW64\olepro32.dll File Size: 79360 BYTES FileVersion: 6.2.9200.16384


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware
changes.txt File Size: 2128 BYTES
license.rtf File Size: 17916 BYTES
mbam.chm File Size: 469873 BYTES
mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0
mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9
mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0
mbamext.dll File Size: 93544 BYTES FileVersion: 1.70.0.0
mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0
mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0
mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0
mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0
mbamtoast.dll File Size: 74312 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3
unins000.dat File Size: 15893 BYTES
unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0
unins000.msg File Size: 11277 BYTES
vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm File Size: 186068 BYTES
firefox.com File Size: 216424 BYTES
firefox.exe File Size: 216424 BYTES
firefox.pif File Size: 216424 BYTES
firefox.scr File Size: 216424 BYTES
iexplore.exe File Size: 216424 BYTES
mbam-chameleon.com File Size: 216424 BYTES
mbam-chameleon.exe File Size: 216424 BYTES
mbam-chameleon.pif File Size: 216424 BYTES
mbam-chameleon.scr File Size: 216424 BYTES
mbam-killer.exe File Size: 894312 BYTES
rundll32.exe File Size: 216424 BYTES
svchost.exe File Size: 216424 BYTES
winlogon.exe File Size: 216424 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng File Size: 21728 BYTES
belarusian.lng File Size: 26766 BYTES
bosnian.lng File Size: 26988 BYTES
bulgarian.lng File Size: 27400 BYTES
catalan.lng File Size: 28114 BYTES
chineseSI.lng File Size: 10970 BYTES
chineseTR.lng File Size: 11894 BYTES
croatian.lng File Size: 26576 BYTES
czech.lng File Size: 24682 BYTES
danish.lng File Size: 26434 BYTES
dutch.lng File Size: 28142 BYTES
english.lng File Size: 24418 BYTES
estonian.lng File Size: 25014 BYTES
finnish.lng File Size: 25770 BYTES
french.lng File Size: 29674 BYTES
german.lng File Size: 29698 BYTES
greek.lng File Size: 29116 BYTES
hebrew.lng File Size: 19202 BYTES
hungarian.lng File Size: 28430 BYTES
italian.lng File Size: 28022 BYTES
japanese.lng File Size: 16140 BYTES
korean.lng File Size: 14096 BYTES
latvian.lng File Size: 26916 BYTES
lithuanian.lng File Size: 27664 BYTES
macedonian.lng File Size: 28864 BYTES
norwegian.lng File Size: 24978 BYTES
polish.lng File Size: 26484 BYTES
portugueseBR.lng File Size: 28544 BYTES
portuguesePT.lng File Size: 28904 BYTES
romanian.lng File Size: 28090 BYTES
russian.lng File Size: 27134 BYTES
serbian.lng File Size: 26662 BYTES
slovak.lng File Size: 25486 BYTES
slovenian.lng File Size: 24696 BYTES
spanish.lng File Size: 29902 BYTES
swedish.lng File Size: 25800 BYTES
thai.lng File Size: 25884 BYTES
turkish.lng File Size: 25800 BYTES
vietnamese.lng File Size: 29400 BYTES

C:\Users\Ali Khan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware

C:\Users\Ali Khan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
mbam-log-2013-02-28 (16-55-12).txt File Size: 1896 BYTES
mbam-log-2013-02-28 (20-25-28).txt File Size: 1918 BYTES
mbam-log-2013-03-01 (14-20-44).txt File Size: 1892 BYTES
mbam-log-2013-03-02 (22-12-29).txt File Size: 1880 BYTES
mbam-log-2013-03-02 (22-12-45).txt File Size: 1920 BYTES

C:\Users\Ali Khan\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
exclusions.dat File Size: 320 BYTES
rules.ref File Size: 5972104 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf File Size: 140 BYTES
config.conf File Size: 3970 BYTES
custom.conf File Size: 20 BYTES
database.conf File Size: 432 BYTES
html.conf File Size: 2762 BYTES
local.conf File Size: 1176 BYTES
manifest.conf File Size: 1752 BYTES
messaging.conf File Size: 1430 BYTES
news.conf File Size: 405 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2013-02-28.txt File Size: 18968 BYTES
protection-log-2013-03-01.txt File Size: 24802 BYTES
protection-log-2013-03-02.txt File Size: 5022 BYTES
protection-log-2013-03-03.txt File Size: 2770 BYTES

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

===============================================================
END OF FILE

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#4 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 159 posts
  • Gender:Male

Posted 03 March 2013 - 11:56 AM

I disabled my AV while running DDS.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by Ali Khan at 16:53:40 on 2013-03-03
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.3874.2213 [GMT 0:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\AdminService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Conime] C:\WINDOWS\System32\conime.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{88B4C9BC-E42F-4DD2-BCA7-4E6EA52B551C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CAA6E7FA-BA17-4714-A626-D1F15B7B0A83} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2013-2-28 65408]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\Drivers\aswVmm.sys [2013-2-28 177672]
R1 aswFW;avast! TDI Firewall driver;C:\WINDOWS\System32\Drivers\aswFW.sys [2013-2-28 127208]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2013-2-28 22664]
R1 aswNdisFlt;Avast! Firewall Driver;C:\WINDOWS\System32\Drivers\aswNdisFlt.sys [2013-2-28 269872]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2013-2-28 1025880]
R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2013-2-28 377992]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R2 AFBAgent;AFBAgent;C:\WINDOWS\System32\FBAgent.exe [2011-4-1 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2013-2-28 33472]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2013-2-28 80888]
R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-28 45248]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-2-28 136912]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]
R2 SrvUpdater;Software Updater;C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [2013-2-18 32256]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-1 2655768]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2011-4-1 138024]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-2-28 24176]
R3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\Drivers\revoflt.sys [2013-2-25 31800]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-2-24 23552]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-01 14:52:08 -------- d-----w- C:\WINDOWS\SysWow64\Adobe
2013-02-28 20:08:17 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
2013-02-28 19:55:56 -------- d-----w- C:\Program Files (x86)\AVAST Software
2013-02-28 13:28:19 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\Malwarebytes
2013-02-28 13:28:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-28 13:28:11 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-02-28 13:28:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-28 13:12:08 127208 ----a-w- C:\WINDOWS\System32\drivers\aswFW.sys
2013-02-28 13:12:07 71064 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2013-02-28 13:11:59 65408 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-02-28 13:11:59 22664 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2013-02-28 13:11:59 177672 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-02-28 13:11:59 1025880 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2013-02-28 13:11:58 80888 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-02-28 13:11:44 269872 ----a-w- C:\WINDOWS\System32\drivers\aswNdisFlt.sys
2013-02-28 13:11:33 41664 ----a-w- C:\WINDOWS\avastSS.scr
2013-02-28 13:11:16 -------- d-----w- C:\Program Files\AVAST Software
2013-02-28 13:08:51 -------- d-----w- C:\ProgramData\AVAST Software
2013-02-27 20:34:17 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\SUPERAntiSpyware.com
2013-02-27 20:34:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-02-26 18:03:44 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-02-26 18:03:44 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-02-26 18:03:44 1010688 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-02-25 20:50:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-02-25 14:17:47 -------- d-----w- C:\ProgramData\PRICache
2013-02-25 13:24:14 -------- d-----w- C:\WINDOWS\SysWow64\kodak
2013-02-25 13:14:21 31800 ----a-w- C:\WINDOWS\System32\drivers\revoflt.sys
2013-02-25 13:14:21 -------- d-----w- C:\ProgramData\VS Revo Group
2013-02-25 13:14:20 -------- d-----w- C:\Program Files\VS Revo Group
2013-02-25 12:36:50 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-02-24 23:52:07 -------- d-sh--w- C:\found.000
2013-02-24 18:44:16 2367528 ----a-w- C:\WINDOWS\System32\WSService.dll
2013-02-24 18:44:16 13640704 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-02-24 18:44:08 3265256 ----a-w- C:\WINDOWS\System32\drivers\evbda.sys
2013-02-24 18:44:03 10791936 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-02-24 18:42:25 3554304 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-02-24 18:41:41 301568 ----a-w- C:\WINDOWS\System32\newdev.dll
2013-02-24 18:40:59 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll
2013-02-24 18:39:57 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2013-02-24 18:22:13 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 18:22:13 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-02-24 18:19:02 -------- d-----r- C:\WINDOWS\BrowserChoice
2013-02-24 17:36:48 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-24 17:36:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-24 17:23:34 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-02-24 17:23:31 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2013-02-24 17:23:29 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2013-02-24 17:23:29 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2013-02-24 17:23:26 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2013-02-24 17:23:26 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2013-02-24 17:23:23 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2013-02-24 17:23:23 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll
2013-02-24 17:23:23 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe
2013-02-24 17:23:23 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll
2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2013-02-24 17:21:25 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-02-24 17:20:04 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-02-24 17:19:01 83968 ----a-w- C:\WINDOWS\SysWow64\wiaacmgr.exe
2013-02-24 17:19:00 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2013-02-24 17:17:21 1437696 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2013-02-24 17:17:20 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2013-02-24 17:11:14 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-24 17:09:09 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-02-24 17:09:08 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-02-24 17:09:08 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-02-24 17:09:08 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-02-24 17:07:51 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 17:07:50 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 16:21:37 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VirtualStore
2013-02-24 16:21:30 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Packages
2013-02-24 15:59:03 -------- d-----w- C:\ProgramData\SonicFocus
2013-02-24 15:58:58 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2013-02-24 15:58:58 -------- d-----w- C:\Program Files\Realtek
2013-02-24 15:53:17 -------- d-----w- C:\WINDOWS\Panther
2013-02-24 15:41:13 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-02-24 15:41:13 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-02-24 15:41:12 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-02-24 15:41:10 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-02-24 15:41:10 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-02-24 15:41:09 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-02-24 15:39:26 -------- d-----w- C:\Program Files\Elantech
2013-02-24 15:13:14 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2013-02-23 21:47:58 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\PowerISO
2013-02-23 21:35:53 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\DAEMON Tools Pro
2013-02-23 21:34:09 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2013-02-23 20:53:21 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\uTorrent
2013-02-17 21:55:46 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-17 21:05:44 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VS Revo Group
2013-02-13 13:51:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-02-13 13:50:37 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-02-13 13:47:43 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-02-13 13:47:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-11 07:43:52 511328 ----a-w- C:\WINDOWS\capicom.dll
2013-02-11 07:43:49 1721576 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01009.dll
.
==================== Find3M ====================
.
2013-02-24 18:23:22 45056 ----a-w- C:\WINDOWS\System32\acovcnt.exe
2013-01-31 03:29:52 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-01-17 01:28:58 273840 ----a-w- C:\WINDOWS\System32\MpSigStub.exe
2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2013-01-10 01:29:54 1934056 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2013-01-10 01:29:21 785504 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2013-01-09 23:26:46 1611776 ----a-w- C:\WINDOWS\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2013-01-09 23:26:25 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll
2013-01-09 23:26:25 202752 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll
2013-01-09 23:26:08 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-01-09 23:26:03 436736 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL
2013-01-09 23:25:55 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll
2013-01-09 23:23:32 95232 ----a-w- C:\WINDOWS\System32\wiaacmgr.exe
2013-01-09 23:23:25 2094592 ----a-w- C:\WINDOWS\System32\mmc.exe
2013-01-09 23:23:23 240640 ----a-w- C:\WINDOWS\System32\fsquirt.exe
2013-01-09 23:23:18 256000 ----a-w- C:\WINDOWS\System32\WSDMon.dll
2013-01-09 23:23:16 1964544 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2013-01-09 23:23:14 594944 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-01-09 23:23:14 406016 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2013-01-09 23:23:09 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll
2013-01-09 23:23:08 279040 ----a-w- C:\WINDOWS\System32\srm.dll
2013-01-09 23:23:07 1886208 ----a-w- C:\WINDOWS\System32\setupapi.dll
2013-01-09 23:23:05 728064 ----a-w- C:\WINDOWS\System32\samsrv.dll
2013-01-09 23:22:53 464384 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-01-09 23:22:53 151040 ----a-w- C:\WINDOWS\System32\netprofm.dll
2013-01-09 23:22:43 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
2013-01-09 23:22:41 666112 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL
2013-01-09 23:22:35 438272 ----a-w- C:\WINDOWS\System32\lsm.dll
2013-01-09 23:22:29 894464 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll
2013-01-09 23:22:29 159232 ----a-w- C:\WINDOWS\System32\inetpp.dll
2013-01-09 23:22:26 49152 ----a-w- C:\WINDOWS\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:25 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll
2013-01-09 23:22:05 1918464 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
2013-01-09 03:59:16 74752 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS
2013-01-09 03:58:34 51712 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys
2013-01-09 03:57:50 1175040 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-12-28 20:56:00 81984 ----a-w- C:\WINDOWS\System32\bdod.bin
2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-12-16 08:28:20 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2012-12-06 04:23:00 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
.
============= FINISH: 16:54:19.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2013 4:21:21 PM
System Uptime: 3/3/2013 3:47:58 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53E
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 2095/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 575 GiB total, 539.568 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 2/28/2013 1:10:55 PM - avast! Internet Security Setup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
aioscnnr
Alcor Micro USB Card Reader
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Splendid Video Enhancement Technology
AsusScr_K3 Series_ENG
Atheros WLAN and Bluetooth Client Installation Program
ATK Package
µTorrent
avast! Ad Blocker
avast! Internet Security
BYOND
C4USelfUpdater
CCleaner
center
D3DX10
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
essentials
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
Google Chrome
Google Toolbar for Internet Explorer
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
K-Lite Codec Pack 9.7.5 (Basic)
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
ocr
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CS6
Photo Common
Photo Gallery
PreReq
PrintProjects
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.2
Skype Click to Call
Skype™ 6.2
SoftwareUpdater
Sonic Focus
SopCast 3.5.0
swMSM
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2760512) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760318) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767852) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2737968) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2760214) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition
Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition
Update for Microsoft Word 2013 (KB2767854) 64-Bit Edition
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinRAR 4.20 (64-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
3/3/2013 3:48:02 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
3/3/2013 3:47:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
3/1/2013 2:56:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-3154655457-56958264-2728854862-4131557813-1870302242-185781391-191500189). This security permission can be modified using the Component Services administrative tool.
2/26/2013 5:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-1813268761-4144601999-2376202420-870689610-3008036278-4174748336-1321914667). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:07:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-17053975-222786771-38844745-1155300887-2986075076-3769844206-3981166251). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2013 1:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-856404191-1522327111-2016130853-3993148712-1496285319-3190681140-3617258836). This security permission can be modified using the Component Services administrative tool.
2/25/2013 1:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-26983492-1355952166-4067896605-2512856943-1558638129-1692534823-1355846313). This security permission can be modified using the Component Services administrative tool.
2/24/2013 6:10:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2/24/2013 5:28:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Qualcomm Atheros Communications - Bluetooth Controller - Bluetooth Module.
2/24/2013 5:24:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
2/24/2013 5:14:27 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/24/2013 5:13:36 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The WSService service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error: An instance of the service is already running.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Windows Store Service (WSService) service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Windows Store Service (WSService) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:11:42 PM, Error: Service Control Manager [7024] - The BranchCache service terminated with the following service-specific error: This program is blocked by group policy. For more information, contact your system administrator.
2/24/2013 4:11:40 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
2/24/2013 4:11:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 4:03:12 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
2/24/2013 4:03:12 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
2/24/2013 4:03:12 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
2/24/2013 3:57:10 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 1:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) did not load: SASDIFSV SASKUTIL
.
==== End Of File ===========================

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#5 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,125 posts
  • Gender:Male
  • Location:USA

Posted 03 March 2013 - 12:06 PM

There is a lot more going on with this computer than just 100mb of ram usage... These other issues are either due to an infection, previous infection or some hardware/software conflict. These have to be corrected and it would be best if you seek help from one of our experts....

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you


==== Event Viewer Messages From Past Week ========
.
3/3/2013 3:48:02 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
3/3/2013 3:47:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
3/1/2013 2:56:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-3154655457-56958264-2728854862-4131557813-1870302242-185781391-191500189). This security permission can be modified using the Component Services administrative tool.
2/26/2013 5:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-1813268761-4144601999-2376202420-870689610-3008036278-4174748336-1321914667). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:07:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-17053975-222786771-38844745-1155300887-2986075076-3769844206-3981166251). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2013 1:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-856404191-1522327111-2016130853-3993148712-1496285319-3190681140-3617258836). This security permission can be modified using the Component Services administrative tool.
2/25/2013 1:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-26983492-1355952166-4067896605-2512856943-1558638129-1692534823-1355846313). This security permission can be modified using the Component Services administrative tool.
2/24/2013 6:10:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2/24/2013 5:28:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Qualcomm Atheros Communications - Bluetooth Controller - Bluetooth Module.
2/24/2013 5:24:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
2/24/2013 5:14:27 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/24/2013 5:13:36 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The WSService service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error: An instance of the service is already running.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Windows Store Service (WSService) service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Windows Store Service (WSService) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:11:42 PM, Error: Service Control Manager [7024] - The BranchCache service terminated with the following service-specific error: This program is blocked by group policy. For more information, contact your system administrator.
2/24/2013 4:11:40 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
2/24/2013 4:11:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 4:03:12 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
2/24/2013 4:03:12 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
2/24/2013 4:03:12 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
2/24/2013 3:57:10 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 1:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) did not load: SASDIFSV SASKUTIL
.
==== End Of File =========================== 


post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#6 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 159 posts
  • Gender:Male

Posted 03 March 2013 - 12:40 PM

Are you sure it's Malware related since last week I installed Windows 8 (upgrade over W7)? All the errors are related from last week when the PC as upgraded.. The errors are more than a week old and I have been using this PC continuously every day..

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#7 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,125 posts
  • Gender:Male
  • Location:USA

Posted 03 March 2013 - 07:52 PM

I did not say it was malware related, go back and read my statement, it states that it could be one of many items, and since you just upgraded from 7 to 8 you may have some sort of hardware/software conflict, either way all those issues need to be resolved.... The experts can help you do that....

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users