Jump to content


Photo
- - - - -

Possible malware infection


  • This topic is locked This topic is locked
12 replies to this topic

#1 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 03 March 2013 - 01:20 PM

Hi,

I recently made a topic on the General boards about Malwarebytes using 100mb ram. I was given this observation "There is a lot more going on with this computer than just 100mb of ram usage... These other issues are either due to an infection, previous infection or some hardware/software conflict. These have to be corrected and it would be best if you seek help from one of our experts...."

I personally haven't experienced any problems at all other than the high RAM usage. The errors at the end of the attach.txt could be the problem.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.03.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16484
Ali Khan :: ALIKHAN-PC [administrator]

Protection: Enabled

3/3/2013 6:15:05 PM
mbam-log-2013-03-03 (18-15-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208480
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by Ali Khan at 18:18:14 on 2013-03-03
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.3874.2234 [GMT 0:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\AdminService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\system32\taskhost.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wwahost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRunOnce: [DeleteMarkAny] C:\WINDOWS\SysWOW64\MASetupCleaner.exe C:\Program Files (x86)\MarkAny\ContentSafer
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Conime] C:\WINDOWS\System32\conime.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{88B4C9BC-E42F-4DD2-BCA7-4E6EA52B551C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CAA6E7FA-BA17-4714-A626-D1F15B7B0A83} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2013-2-28 65408]
R0 aswVmm;aswVmm;C:\WINDOWS\System32\Drivers\aswVmm.sys [2013-2-28 177672]
R1 aswFW;avast! TDI Firewall driver;C:\WINDOWS\System32\Drivers\aswFW.sys [2013-2-28 127208]
R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2013-2-28 22664]
R1 aswNdisFlt;Avast! Firewall Driver;C:\WINDOWS\System32\Drivers\aswNdisFlt.sys [2013-2-28 269872]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2013-2-28 1025880]
R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2013-2-28 377992]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R2 AFBAgent;AFBAgent;C:\WINDOWS\System32\FBAgent.exe [2011-4-1 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2013-2-28 33472]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2013-2-28 80888]
R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-28 45248]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-2-28 136912]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]
R2 SrvUpdater;Software Updater;C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [2013-2-18 32256]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-1 2655768]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2011-4-1 138024]
R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-2-28 24176]
R3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\Drivers\revoflt.sys [2013-2-25 31800]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-2-24 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2013-03-03 18:03:14 -------- d-----w- C:\ProgramData\PRICache
2013-03-03 17:15:33 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Samsung
2013-03-03 17:15:32 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\Samsung
2013-03-03 17:14:27 4659712 ----a-w- C:\WINDOWS\SysWow64\Redemption.dll
2013-03-03 17:13:34 -------- d-----w- C:\Program Files (x86)\Samsung
2013-03-03 17:12:40 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Downloaded Installations
2013-03-01 14:52:08 -------- d-----w- C:\WINDOWS\SysWow64\Adobe
2013-02-28 20:08:17 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
2013-02-28 19:55:56 -------- d-----w- C:\Program Files (x86)\AVAST Software
2013-02-28 13:28:19 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\Malwarebytes
2013-02-28 13:28:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-28 13:28:11 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-02-28 13:28:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-28 13:12:08 127208 ----a-w- C:\WINDOWS\System32\drivers\aswFW.sys
2013-02-28 13:12:07 71064 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2013-02-28 13:11:59 65408 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2013-02-28 13:11:59 22664 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2013-02-28 13:11:59 177672 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2013-02-28 13:11:59 1025880 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2013-02-28 13:11:58 80888 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2013-02-28 13:11:44 269872 ----a-w- C:\WINDOWS\System32\drivers\aswNdisFlt.sys
2013-02-28 13:11:33 41664 ----a-w- C:\WINDOWS\avastSS.scr
2013-02-28 13:11:16 -------- d-----w- C:\Program Files\AVAST Software
2013-02-28 13:08:51 -------- d-----w- C:\ProgramData\AVAST Software
2013-02-27 20:34:17 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\SUPERAntiSpyware.com
2013-02-26 18:03:44 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2013-02-26 18:03:44 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2013-02-26 18:03:44 1010688 ----a-w- C:\WINDOWS\System32\reseteng.dll
2013-02-25 20:50:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-02-25 13:24:14 -------- d-----w- C:\WINDOWS\SysWow64\kodak
2013-02-25 13:14:21 31800 ----a-w- C:\WINDOWS\System32\drivers\revoflt.sys
2013-02-25 13:14:21 -------- d-----w- C:\ProgramData\VS Revo Group
2013-02-25 13:14:20 -------- d-----w- C:\Program Files\VS Revo Group
2013-02-25 12:36:50 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2013-02-24 23:52:07 -------- d-sh--w- C:\found.000
2013-02-24 18:44:16 2367528 ----a-w- C:\WINDOWS\System32\WSService.dll
2013-02-24 18:44:16 13640704 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-02-24 18:44:08 3265256 ----a-w- C:\WINDOWS\System32\drivers\evbda.sys
2013-02-24 18:44:03 10791936 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-02-24 18:42:25 3554304 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-02-24 18:41:41 301568 ----a-w- C:\WINDOWS\System32\newdev.dll
2013-02-24 18:40:59 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll
2013-02-24 18:39:57 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2013-02-24 18:22:13 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-02-24 18:22:13 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-02-24 18:19:02 -------- d-----r- C:\WINDOWS\BrowserChoice
2013-02-24 17:36:48 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-24 17:36:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-02-24 17:23:34 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-02-24 17:23:31 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll
2013-02-24 17:23:29 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll
2013-02-24 17:23:29 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll
2013-02-24 17:23:26 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe
2013-02-24 17:23:26 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe
2013-02-24 17:23:23 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll
2013-02-24 17:23:23 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll
2013-02-24 17:23:23 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe
2013-02-24 17:23:23 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll
2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2013-02-24 17:21:25 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-02-24 17:20:04 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-02-24 17:19:01 83968 ----a-w- C:\WINDOWS\SysWow64\wiaacmgr.exe
2013-02-24 17:19:00 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll
2013-02-24 17:17:21 1437696 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2013-02-24 17:17:20 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2013-02-24 17:11:14 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-02-24 17:09:09 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-02-24 17:09:08 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-02-24 17:09:08 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-02-24 17:09:08 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-02-24 17:07:51 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 17:07:50 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 16:21:37 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VirtualStore
2013-02-24 16:21:30 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Packages
2013-02-24 15:59:03 -------- d-----w- C:\ProgramData\SonicFocus
2013-02-24 15:58:58 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2013-02-24 15:58:58 -------- d-----w- C:\Program Files\Realtek
2013-02-24 15:53:17 -------- d-----w- C:\WINDOWS\Panther
2013-02-24 15:41:13 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2013-02-24 15:41:13 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2013-02-24 15:41:12 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2013-02-24 15:41:10 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2013-02-24 15:41:10 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-02-24 15:41:09 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2013-02-24 15:39:26 -------- d-----w- C:\Program Files\Elantech
2013-02-24 15:13:14 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2013-02-23 21:47:58 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\PowerISO
2013-02-23 21:35:53 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\DAEMON Tools Pro
2013-02-23 20:53:21 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\uTorrent
2013-02-17 21:55:46 -------- d-----r- C:\Program Files (x86)\Skype
2013-02-17 21:05:44 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VS Revo Group
2013-02-13 13:51:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-02-13 13:50:37 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-02-13 13:47:43 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2013-02-13 13:47:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-02-11 07:43:52 511328 ----a-w- C:\WINDOWS\capicom.dll
2013-02-11 07:43:49 1721576 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01009.dll
.
==================== Find3M ====================
.
2013-02-24 18:23:22 45056 ----a-w- C:\WINDOWS\System32\acovcnt.exe
2013-01-31 03:29:52 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-01-17 01:28:58 273840 ----a-w- C:\WINDOWS\System32\MpSigStub.exe
2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys
2013-01-10 01:29:54 1934056 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2013-01-10 01:29:21 785504 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2013-01-09 23:26:46 1611776 ----a-w- C:\WINDOWS\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2013-01-09 23:26:25 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll
2013-01-09 23:26:25 202752 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll
2013-01-09 23:26:08 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-01-09 23:26:03 436736 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL
2013-01-09 23:25:55 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll
2013-01-09 23:23:32 95232 ----a-w- C:\WINDOWS\System32\wiaacmgr.exe
2013-01-09 23:23:25 2094592 ----a-w- C:\WINDOWS\System32\mmc.exe
2013-01-09 23:23:23 240640 ----a-w- C:\WINDOWS\System32\fsquirt.exe
2013-01-09 23:23:18 256000 ----a-w- C:\WINDOWS\System32\WSDMon.dll
2013-01-09 23:23:16 1964544 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2013-01-09 23:23:14 594944 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-01-09 23:23:14 406016 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2013-01-09 23:23:09 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll
2013-01-09 23:23:08 279040 ----a-w- C:\WINDOWS\System32\srm.dll
2013-01-09 23:23:07 1886208 ----a-w- C:\WINDOWS\System32\setupapi.dll
2013-01-09 23:23:05 728064 ----a-w- C:\WINDOWS\System32\samsrv.dll
2013-01-09 23:22:53 464384 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-01-09 23:22:53 151040 ----a-w- C:\WINDOWS\System32\netprofm.dll
2013-01-09 23:22:43 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll
2013-01-09 23:22:41 666112 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL
2013-01-09 23:22:35 438272 ----a-w- C:\WINDOWS\System32\lsm.dll
2013-01-09 23:22:29 894464 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll
2013-01-09 23:22:29 159232 ----a-w- C:\WINDOWS\System32\inetpp.dll
2013-01-09 23:22:26 49152 ----a-w- C:\WINDOWS\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:25 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll
2013-01-09 23:22:05 1918464 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll
2013-01-09 03:59:16 74752 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS
2013-01-09 03:58:34 51712 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys
2013-01-09 03:57:50 1175040 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys
2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2012-12-28 20:56:00 81984 ----a-w- C:\WINDOWS\System32\bdod.bin
2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll
2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll
2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll
2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll
2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll
2012-12-16 08:28:20 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2012-12-06 04:23:00 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll
2012-12-06 04:22:59 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
2012-12-04 04:21:42 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll
.
============= FINISH: 18:19:00.86 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2013 4:21:21 PM
System Uptime: 3/3/2013 3:47:58 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53E
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU 1 | 2095/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 575 GiB total, 539.101 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 2/28/2013 1:10:55 PM - avast! Internet Security Setup
RP3: 3/3/2013 5:12:59 PM - Installed Samsung Kies
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
aioscnnr
Alcor Micro USB Card Reader
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Splendid Video Enhancement Technology
AsusScr_K3 Series_ENG
Atheros WLAN and Bluetooth Client Installation Program
ATK Package
µTorrent
avast! Ad Blocker
avast! Internet Security
BYOND
C4USelfUpdater
CCleaner
center
D3DX10
Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
essentials
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
Google Chrome
Google Toolbar for Internet Explorer
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
K-Lite Codec Pack 9.7.5 (Basic)
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
ocr
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CS6
Photo Common
Photo Gallery
PreReq
PrintProjects
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.2
Skype Click to Call
Skype™ 6.2
SoftwareUpdater
Sonic Focus
SopCast 3.5.0
swMSM
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2760512) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760318) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767852) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2737968) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2760214) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition
Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition
Update for Microsoft Word 2013 (KB2767854) 64-Bit Edition
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinRAR 4.20 (64-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
3/3/2013 3:48:02 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
3/3/2013 3:47:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
3/1/2013 2:56:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-3154655457-56958264-2728854862-4131557813-1870302242-185781391-191500189). This security permission can be modified using the Component Services administrative tool.
2/26/2013 5:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-1813268761-4144601999-2376202420-870689610-3008036278-4174748336-1321914667). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:07:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-17053975-222786771-38844745-1155300887-2986075076-3769844206-3981166251). This security permission can be modified using the Component Services administrative tool.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/25/2013 2:04:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2013 1:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-856404191-1522327111-2016130853-3993148712-1496285319-3190681140-3617258836). This security permission can be modified using the Component Services administrative tool.
2/25/2013 1:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-26983492-1355952166-4067896605-2512856943-1558638129-1692534823-1355846313). This security permission can be modified using the Component Services administrative tool.
2/24/2013 6:10:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2/24/2013 5:28:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Qualcomm Atheros Communications - Bluetooth Controller - Bluetooth Module.
2/24/2013 5:24:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
2/24/2013 5:14:27 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
2/24/2013 5:13:36 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The WSService service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/24/2013 4:41:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error: An instance of the service is already running.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Windows Store Service (WSService) service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Windows Store Service (WSService) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/24/2013 4:11:42 PM, Error: Service Control Manager [7024] - The BranchCache service terminated with the following service-specific error: This program is blocked by group policy. For more information, contact your system administrator.
2/24/2013 4:11:40 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
2/24/2013 4:11:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 4:03:12 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed
2/24/2013 4:03:12 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
2/24/2013 4:03:12 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.
2/24/2013 3:57:10 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2013 1:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) did not load: SASDIFSV SASKUTIL
.
==== End Of File ===========================

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 05:27 AM

Hello All821,

The events shown at the end of the attach log are system exceptions. They are -not- necessarily caused by "an infection".
We can do some quick looks to rule out infection.
For a reference point, tell me what date (when) you had upgraded to Windows 8 ?
Was that before 24 February or after ?

As to the "high RAM usage".... whatever amount MBAM uses .... it is what it is.
The amount of ram allocated when the app starts does not prevent the system from properly working or from running other apps.
That's the same for any windows app.

How much total physical ram does this system have?

Step 1
To show all files:
  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in
    explorer.exe
    and press Enter
  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

Step 2
You ran a quick scan with MBAM and it detected noting. Have you done a full scan with your Avast?
If not, then do that and avise of result.

Step 3
Download Dr.Web CureIt to the desktop.
The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Posted Image drweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Posted Image drweb-cureit.exe file to start the tool.

  • You will see a screen similar to this:
    Posted Image
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Posted Image

    Click on Select onjects for scanning
  • Next
    Posted Image

    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.

    Then click on Start scanning button
  • The scan in progress will be shown like this
    Posted Image
  • IF something is detected, you will see a screen similar to this
    Posted Image

    For each item "detected", click on the Action column down arrow, like this
    Posted Image
    Your options will be Cure or Ignore

    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.

    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Posted Image
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Step 4
Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 04 March 2013 - 08:41 AM

Hi,

I upgraded to Windows 8 on exactly the 24th February. Perhaps the issue isn't malware related but causes by hardware/software conflicts since I upgraded. I've already done a full scan with Avast and it found nothing. That being said, the only reason I'm worried about the 100mb+ ram usage is because I have the same combo on 3 PCs, just the operating system on those (Windows 7) is different to Windows 8. There malwarebytes takes around 40-50mb when idle. I have 4gb ram on this laptop with an i3 processor.

I attached the Dr Web log since whenever I tried to reply with it I got a server error. It found nothing.


Farbar Service Scanner Version: 03-03-2013
Ran by Ali Khan (administrator) on 04-03-2013 at 13:39:15
Running from "C:\Users\Ali Khan\Desktop"
Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Attached Files


Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 11:47 AM

The DrWeb Cure-It noted

There are no infected objects detected

. That is a very excellent indicator.
And prior to that, MBAM did not find anything.

Infections can be ruled out.
As to the MBAM memory usage, it is what it is. You have to realize that memory needs are allocated and then Windows is in charge of managing memopry needs.
Looking at my WIN8 MBAM has 135.5 MB but currently using 0% of cpu because it is not at this time "hard at a task".
I do not concern myself about the memory allocated.
And with your 4 GB ram you should not be having a worry.

Looking at the FSS log, I think we need to "wake up" your Windows automatic updates service. It needs to be on, so at least you get notfied of updates.
Windows services
This will be a batch-fix .
Press the Windows-key on keyboard.
In the Posted Image box, type notepad and press Enter.
Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.

@Echo off
sc stop wuauserv
sc stop bits
sc config dcomlaunch start= auto
sc config nsi start= auto
sc config dhcp start= auto
sc config rpcss start= auto
sc config winmgmt start= auto
sc config wscsvc start= delayed-auto
sc config bits start= delayed-auto
sc config wuauserv start= delayed-auto
sc config sdrsvc start= manual
sc config vss start= auto
sc config eventlog start= auto
sc config bfe start= auto
sc config eventsystem start= auto
sc start sdrsvc
sc start vss
sc start rpcss
sc start eventsystem
sc start bfe
sc start bits
sc start wuauserv
shutdown -r -t 1
del %0

Select File -> Save AS.
Press the Desktop button on the left side of the save dialog.
In the Posted Image box, type in Fix.bat.
Press Posted Image.
Close Notepad.
Right click Fix.bat on your desktop, and choose Posted Image.
Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 04 March 2013 - 12:35 PM

I just ran the fix.bat and Windows rebooted as told. The errors that occured during the install of Windows 8.. are they causes by conflicts which need to be corrected? Since my Avast is expiring soon, I was wondering also if you recommend any paid AV suite too. Here is the FSS log which you might need:


Farbar Service Scanner Version: 03-03-2013
Ran by Ali Khan (administrator) on 04-03-2013 at 17:33:15
Running from "C:\Users\Ali Khan\Desktop"
Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 12:48 PM

If you had had "fatal" errors during Win8 install, you'd not be on Win8, but back on your previous Windows.
What "errors" do you now refer to?

For paid antivirus apps, it is really up to you. ESET & Kaspersky are good ones.

I believe you are good to go. But if you want, you may do an ESET online scan

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • De-select (un- check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Re-enable the antivirus program.

Reply with copy of the Eset scan log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 04 March 2013 - 02:03 PM

The errors I was talking about was when installing Windows 8, some indicated Software/Hardware comflicts. Eset found 2 adware threats which it quarantined and deleted in the temp folder. The log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 04:34 PM

At the actual Windows 8 upgrade, there were not "things" that stopped or barred that, since the upgrade -did- finish.
I am indicating that they were non-fatal. Not show-stoppers.

Now then, what were the conflicts? and if software programs were noted, you should have Uninstalled. Then later looked for possible Windows-8 compatible updates or new releases.

Now then, I need to know the 2 items detected by ESET. Did you view the log?
IF you did not, then we need a 2nd run with the option to remove.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions; IF that comes up.
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Re-enable the antivirus program.

Reply with copy of the Eset scan log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 04 March 2013 - 04:42 PM

I deleted the Win32/Adblock I think it was. I'm certain I deleted the 2 files. It had something with a adlink in it and it was in the temp folder..I haven't had any conflicts and am still relating to the quote..."these other issues are either due to an infection, previous infection or some hardware/software conflict" relating to the 100mb ram usage.

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 04:51 PM

The latter quote is not mine. I am of the opinion that there's -not- an infection.

The 100MB usage is normal. My Win8 system shows 135.5 MB (at least).
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 Alikhan

Alikhan

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 157 posts
  • Gender:Male

Posted 04 March 2013 - 04:54 PM

Then I guess this laptop is fine. Thanks for the help.

Windows 7 Home Premium 64-bit • Eset NOD32 Antivirus (latest) • MBAM Premium (latest) • Google Chrome • CCleaner


#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 March 2013 - 05:20 PM

You are welcome.
Delete these to cleanup some tools used:
DrWeb Cure-It
FSS.exe

Go to Control Panel >> Add-or-Remove Programs & uninstall
ESET Online scan

I wish you well.


You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention
We are finished here. Best regards. Posted Image
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 March 2013 - 11:17 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users