Alikhan

Possible malware infection

13 posts in this topic

Hi,

I recently made a topic on the General boards about Malwarebytes using 100mb ram. I was given this observation "There is a lot more going on with this computer than just 100mb of ram usage... These other issues are either due to an infection, previous infection or some hardware/software conflict. These have to be corrected and it would be best if you seek help from one of our experts...."

I personally haven't experienced any problems at all other than the high RAM usage. The errors at the end of the attach.txt could be the problem.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.03.08

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16484

Ali Khan :: ALIKHAN-PC [administrator]

Protection: Enabled

3/3/2013 6:15:05 PM

mbam-log-2013-03-03 (18-15-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208480

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16482

Run by Ali Khan at 18:18:14 on 2013-03-03

Microsoft Windows 8 Pro 6.2.9200.0.1252.44.1033.18.3874.2234 [GMT 0:00]

.

AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\AdminService.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\dashost.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\WINDOWS\System32\dwm.exe

C:\WINDOWS\system32\svchost.exe -k GPSvcGroup

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\WINDOWS\system32\taskeng.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\WINDOWS\system32\taskhost.exe

C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Ali Khan\AppData\Local\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wwahost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRunOnce: [DeleteMarkAny] C:\WINDOWS\SysWOW64\MASetupCleaner.exe C:\Program Files (x86)\MarkAny\ContentSafer

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Conime] C:\WINDOWS\System32\conime.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{88B4C9BC-E42F-4DD2-BCA7-4E6EA52B551C} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{CAA6E7FA-BA17-4714-A626-D1F15B7B0A83} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = about:blank

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - <orphaned>

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3

x64-mPolicies-Explorer: NoDriveAutoRun = dword:67108863

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\WINDOWS\System32\Drivers\aswRvrt.sys [2013-2-28 65408]

R0 aswVmm;aswVmm;C:\WINDOWS\System32\Drivers\aswVmm.sys [2013-2-28 177672]

R1 aswFW;avast! TDI Firewall driver;C:\WINDOWS\System32\Drivers\aswFW.sys [2013-2-28 127208]

R1 aswKbd;aswKbd;C:\WINDOWS\System32\Drivers\aswKbd.sys [2013-2-28 22664]

R1 aswNdisFlt;Avast! Firewall Driver;C:\WINDOWS\System32\Drivers\aswNdisFlt.sys [2013-2-28 269872]

R1 aswSnx;aswSnx;C:\WINDOWS\System32\Drivers\aswSnx.sys [2013-2-28 1025880]

R1 aswSP;aswSP;C:\WINDOWS\System32\Drivers\aswSP.sys [2013-2-28 377992]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R2 AFBAgent;AFBAgent;C:\WINDOWS\System32\FBAgent.exe [2011-4-1 379520]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\Drivers\aswFsBlk.sys [2013-2-28 33472]

R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\Drivers\aswMonFlt.sys [2013-2-28 80888]

R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2012-8-29 208384]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-2-28 45248]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-2-28 136912]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-28 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-28 682344]

R2 SrvUpdater;Software Updater;C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe [2013-2-18 32256]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-1 2655768]

R3 BtFilter;BtFilter;C:\WINDOWS\System32\Drivers\btfilter.sys [2012-8-29 565760]

R3 ETD;ELAN PS/2 Port Input Device;C:\WINDOWS\System32\Drivers\ETD.sys [2011-4-1 138024]

R3 IntcDAud;Intel® Display Audio;C:\WINDOWS\System32\Drivers\IntcDAud.sys [2010-10-14 317440]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\Drivers\L1C63x64.sys [2012-6-22 110744]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-2-28 24176]

R3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 Revoflt;Revoflt;C:\WINDOWS\System32\Drivers\revoflt.sys [2013-2-25 31800]

S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-2-24 23552]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

.

=============== File Associations ===============

.

FileExt: .vbs: VBSFile="C:\WINDOWS\System32\WScript.exe" "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-03-03 18:03:14 -------- d-----w- C:\ProgramData\PRICache

2013-03-03 17:15:33 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Samsung

2013-03-03 17:15:32 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\Samsung

2013-03-03 17:14:27 4659712 ----a-w- C:\WINDOWS\SysWow64\Redemption.dll

2013-03-03 17:13:34 -------- d-----w- C:\Program Files (x86)\Samsung

2013-03-03 17:12:40 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Downloaded Installations

2013-03-01 14:52:08 -------- d-----w- C:\WINDOWS\SysWow64\Adobe

2013-02-28 20:08:17 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater

2013-02-28 19:55:56 -------- d-----w- C:\Program Files (x86)\AVAST Software

2013-02-28 13:28:19 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\Malwarebytes

2013-02-28 13:28:12 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-28 13:28:11 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

2013-02-28 13:28:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-28 13:12:08 127208 ----a-w- C:\WINDOWS\System32\drivers\aswFW.sys

2013-02-28 13:12:07 71064 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys

2013-02-28 13:11:59 65408 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys

2013-02-28 13:11:59 22664 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys

2013-02-28 13:11:59 177672 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys

2013-02-28 13:11:59 1025880 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys

2013-02-28 13:11:58 80888 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys

2013-02-28 13:11:44 269872 ----a-w- C:\WINDOWS\System32\drivers\aswNdisFlt.sys

2013-02-28 13:11:33 41664 ----a-w- C:\WINDOWS\avastSS.scr

2013-02-28 13:11:16 -------- d-----w- C:\Program Files\AVAST Software

2013-02-28 13:08:51 -------- d-----w- C:\ProgramData\AVAST Software

2013-02-27 20:34:17 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\SUPERAntiSpyware.com

2013-02-26 18:03:44 443392 ----a-w- C:\WINDOWS\System32\ReAgent.dll

2013-02-26 18:03:44 375808 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll

2013-02-26 18:03:44 1010688 ----a-w- C:\WINDOWS\System32\reseteng.dll

2013-02-25 20:50:23 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2013-02-25 13:24:14 -------- d-----w- C:\WINDOWS\SysWow64\kodak

2013-02-25 13:14:21 31800 ----a-w- C:\WINDOWS\System32\drivers\revoflt.sys

2013-02-25 13:14:21 -------- d-----w- C:\ProgramData\VS Revo Group

2013-02-25 13:14:20 -------- d-----w- C:\Program Files\VS Revo Group

2013-02-25 12:36:50 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

2013-02-24 23:52:07 -------- d-sh--w- C:\found.000

2013-02-24 18:44:16 2367528 ----a-w- C:\WINDOWS\System32\WSService.dll

2013-02-24 18:44:16 13640704 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll

2013-02-24 18:44:08 3265256 ----a-w- C:\WINDOWS\System32\drivers\evbda.sys

2013-02-24 18:44:03 10791936 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

2013-02-24 18:42:25 3554304 ----a-w- C:\WINDOWS\System32\tquery.dll

2013-02-24 18:41:41 301568 ----a-w- C:\WINDOWS\System32\newdev.dll

2013-02-24 18:40:59 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll

2013-02-24 18:39:57 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll

2013-02-24 18:22:13 78168 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-02-24 18:22:13 692568 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-02-24 18:19:02 -------- d-----r- C:\WINDOWS\BrowserChoice

2013-02-24 17:36:48 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-02-24 17:36:47 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-02-24 17:23:34 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll

2013-02-24 17:23:31 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll

2013-02-24 17:23:29 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll

2013-02-24 17:23:29 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll

2013-02-24 17:23:26 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe

2013-02-24 17:23:26 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe

2013-02-24 17:23:23 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll

2013-02-24 17:23:23 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll

2013-02-24 17:23:23 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe

2013-02-24 17:23:23 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll

2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll

2013-02-24 17:23:22 2048 ----a-w- C:\WINDOWS\System32\tzres.dll

2013-02-24 17:21:25 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll

2013-02-24 17:20:04 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll

2013-02-24 17:19:01 83968 ----a-w- C:\WINDOWS\SysWow64\wiaacmgr.exe

2013-02-24 17:19:00 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll

2013-02-24 17:17:21 1437696 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll

2013-02-24 17:17:20 1690624 ----a-w- C:\WINDOWS\System32\GdiPlus.dll

2013-02-24 17:11:14 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys

2013-02-24 17:09:09 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll

2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll

2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll

2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll

2013-02-24 17:09:08 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll

2013-02-24 17:09:08 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll

2013-02-24 17:09:08 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll

2013-02-24 17:09:08 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll

2013-02-24 17:07:51 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-24 17:07:50 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-24 16:21:37 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VirtualStore

2013-02-24 16:21:30 -------- d-----w- C:\Users\Ali Khan\AppData\Local\Packages

2013-02-24 15:59:03 -------- d-----w- C:\ProgramData\SonicFocus

2013-02-24 15:58:58 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM

2013-02-24 15:58:58 -------- d-----w- C:\Program Files\Realtek

2013-02-24 15:53:17 -------- d-----w- C:\WINDOWS\Panther

2013-02-24 15:41:13 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe

2013-02-24 15:41:13 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll

2013-02-24 15:41:12 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll

2013-02-24 15:41:10 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe

2013-02-24 15:41:10 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-02-24 15:41:09 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll

2013-02-24 15:39:26 -------- d-----w- C:\Program Files\Elantech

2013-02-24 15:13:14 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros

2013-02-23 21:47:58 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\PowerISO

2013-02-23 21:35:53 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\DAEMON Tools Pro

2013-02-23 20:53:21 -------- d-----w- C:\Users\Ali Khan\AppData\Roaming\uTorrent

2013-02-17 21:55:46 -------- d-----r- C:\Program Files (x86)\Skype

2013-02-17 21:05:44 -------- d-----w- C:\Users\Ali Khan\AppData\Local\VS Revo Group

2013-02-13 13:51:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-02-13 13:50:37 -------- d-----w- C:\Program Files\Microsoft SQL Server

2013-02-13 13:47:43 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2013-02-13 13:47:43 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-02-11 07:43:52 511328 ----a-w- C:\WINDOWS\capicom.dll

2013-02-11 07:43:49 1721576 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01009.dll

.

==================== Find3M ====================

.

2013-02-24 18:23:22 45056 ----a-w- C:\WINDOWS\System32\acovcnt.exe

2013-01-31 03:29:52 2226408 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys

2013-01-17 01:28:58 273840 ----a-w- C:\WINDOWS\System32\MpSigStub.exe

2013-01-16 00:35:49 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll

2013-01-16 00:31:26 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2013-01-14 03:56:14 6967016 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2013-01-10 01:53:32 28904 ----a-w- C:\WINDOWS\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\WINDOWS\System32\drivers\partmgr.sys

2013-01-10 01:29:54 1934056 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys

2013-01-10 01:29:21 785504 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys

2013-01-09 23:26:46 1611776 ----a-w- C:\WINDOWS\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll

2013-01-09 23:26:25 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll

2013-01-09 23:26:25 202752 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\WINDOWS\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\WINDOWS\SysWow64\samlib.dll

2013-01-09 23:26:08 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll

2013-01-09 23:26:03 436736 ----a-w- C:\WINDOWS\SysWow64\MP4SDECD.DLL

2013-01-09 23:25:55 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll

2013-01-09 23:23:32 95232 ----a-w- C:\WINDOWS\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\WINDOWS\System32\mmc.exe

2013-01-09 23:23:23 240640 ----a-w- C:\WINDOWS\System32\fsquirt.exe

2013-01-09 23:23:18 256000 ----a-w- C:\WINDOWS\System32\WSDMon.dll

2013-01-09 23:23:16 1964544 ----a-w- C:\WINDOWS\System32\wlidsvc.dll

2013-01-09 23:23:14 594944 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll

2013-01-09 23:23:14 406016 ----a-w- C:\WINDOWS\System32\Windows.Media.dll

2013-01-09 23:23:09 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll

2013-01-09 23:23:08 279040 ----a-w- C:\WINDOWS\System32\srm.dll

2013-01-09 23:23:07 1886208 ----a-w- C:\WINDOWS\System32\setupapi.dll

2013-01-09 23:23:05 728064 ----a-w- C:\WINDOWS\System32\samsrv.dll

2013-01-09 23:22:53 464384 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll

2013-01-09 23:22:53 151040 ----a-w- C:\WINDOWS\System32\netprofm.dll

2013-01-09 23:22:43 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll

2013-01-09 23:22:41 666112 ----a-w- C:\WINDOWS\System32\MP4SDECD.DLL

2013-01-09 23:22:35 438272 ----a-w- C:\WINDOWS\System32\lsm.dll

2013-01-09 23:22:29 894464 ----a-w- C:\WINDOWS\System32\iphlpsvc.dll

2013-01-09 23:22:29 159232 ----a-w- C:\WINDOWS\System32\inetpp.dll

2013-01-09 23:22:26 49152 ----a-w- C:\WINDOWS\System32\drivers\UMDF\HidBthLE.dll

2013-01-09 23:22:25 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll

2013-01-09 23:22:05 1918464 ----a-w- C:\WINDOWS\System32\wbem\cimwin32.dll

2013-01-09 03:59:16 74752 ----a-w- C:\WINDOWS\System32\drivers\BTHUSB.SYS

2013-01-09 03:58:34 51712 ----a-w- C:\WINDOWS\System32\drivers\bthenum.sys

2013-01-09 03:57:50 1175040 ----a-w- C:\WINDOWS\System32\drivers\bthport.sys

2013-01-04 05:32:36 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2013-01-04 04:19:53 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2012-12-28 20:56:00 81984 ----a-w- C:\WINDOWS\System32\bdod.bin

2012-12-20 00:37:37 1775616 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2012-12-20 00:37:04 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2012-12-20 00:37:02 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll

2012-12-20 00:37:02 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll

2012-12-20 00:36:50 431616 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll

2012-12-20 00:29:16 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll

2012-12-20 00:29:11 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2012-12-20 00:28:29 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll

2012-12-20 00:28:26 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll

2012-12-20 00:28:04 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll

2012-12-18 01:56:27 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll

2012-12-16 08:28:20 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll

2012-12-16 08:20:01 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll

2012-12-16 08:08:33 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll

2012-12-16 07:57:09 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll

2012-12-06 04:23:00 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll

2012-12-06 04:22:59 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll

2012-12-04 04:21:42 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll

.

============= FINISH: 18:19:00.86 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume2

Install Date: 2/24/2013 4:21:21 PM

System Uptime: 3/3/2013 3:47:58 PM (3 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K53E

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 2095/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 575 GiB total, 539.101 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2: 2/28/2013 1:10:55 PM - avast! Internet Security Setup

RP3: 3/3/2013 5:12:59 PM - Installed Samsung Kies

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 12.0

aioscnnr

Alcor Micro USB Card Reader

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS Splendid Video Enhancement Technology

AsusScr_K3 Series_ENG

Atheros WLAN and Bluetooth Client Installation Program

ATK Package

µTorrent

avast! Ad Blocker

avast! Internet Security

BYOND

C4USelfUpdater

CCleaner

center

D3DX10

Definition update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

essentials

ETDWare PS/2-X64 8.0.5.1_WHQL

Fast Boot

Google Chrome

Google Toolbar for Internet Explorer

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

K-Lite Codec Pack 9.7.5 (Basic)

Kodak AIO Printer

KODAK AiO Software

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft Application Error Reporting

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Word MUI (English) 2013

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Movie Maker

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

ocr

Outils de vérification linguistique 2013 de Microsoft Office - Français

PDF Settings CS6

Photo Common

Photo Gallery

PreReq

PrintProjects

Realtek High Definition Audio Driver

Revo Uninstaller Pro 3.0.2

Skype Click to Call

Skype™ 6.2

SoftwareUpdater

Sonic Focus

SopCast 3.5.0

swMSM

Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition

Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2760512) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726961) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition

Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760311) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760318) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767852) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767861) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767864) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2737968) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2760214) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2767856) 64-Bit Edition

Update for Microsoft Word 2013 (KB2760244) 64-Bit Edition

Update for Microsoft Word 2013 (KB2767854) 64-Bit Edition

Windows Live Communications Platform

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

WinRAR 4.20 (64-bit)

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

3/3/2013 3:48:02 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

3/3/2013 3:47:39 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

3/1/2013 2:56:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-3154655457-56958264-2728854862-4131557813-1870302242-185781391-191500189). This security permission can be modified using the Component Services administrative tool.

2/26/2013 5:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-1813268761-4144601999-2376202420-870689610-3008036278-4174748336-1321914667). This security permission can be modified using the Component Services administrative tool.

2/25/2013 2:07:20 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-17053975-222786771-38844745-1155300887-2986075076-3769844206-3981166251). This security permission can be modified using the Component Services administrative tool.

2/25/2013 2:04:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

2/25/2013 2:04:43 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/25/2013 1:27:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-856404191-1522327111-2016130853-3993148712-1496285319-3190681140-3617258836). This security permission can be modified using the Component Services administrative tool.

2/25/2013 1:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user AliKhan-PC\Ali Khan SID (S-1-5-21-2847728861-3915489070-3157556616-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-26983492-1355952166-4067896605-2512856943-1558638129-1692534823-1355846313). This security permission can be modified using the Component Services administrative tool.

2/24/2013 6:10:22 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

2/24/2013 5:28:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Qualcomm Atheros Communications - Bluetooth Controller - Bluetooth Module.

2/24/2013 5:24:59 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

2/24/2013 5:14:27 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

2/24/2013 5:13:36 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).

2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The WSService service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/24/2013 4:41:26 PM, Error: Service Control Manager [7038] - The FDResPub service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/24/2013 4:41:26 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Time Broker service, but this action failed with the following error: An instance of the service is already running.

2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Windows Store Service (WSService) service failed to start due to the following error: The service did not start due to a logon failure.

2/24/2013 4:41:26 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not start due to a logon failure.

2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Windows Store Service (WSService) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/24/2013 4:24:10 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/24/2013 4:11:42 PM, Error: Service Control Manager [7024] - The BranchCache service terminated with the following service-specific error: This program is blocked by group policy. For more information, contact your system administrator.

2/24/2013 4:11:40 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

2/24/2013 4:11:24 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/24/2013 4:03:12 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: Server execution failed

2/24/2013 4:03:12 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.

2/24/2013 4:03:12 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80080005.

2/24/2013 3:57:10 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/24/2013 1:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) did not load: SASDIFSV SASKUTIL

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello All821,

The events shown at the end of the attach log are system exceptions. They are -not- necessarily caused by "an infection".

We can do some quick looks to rule out infection.

For a reference point, tell me what date (when) you had upgraded to Windows 8 ?

Was that before 24 February or after ?

As to the "high RAM usage".... whatever amount MBAM uses .... it is what it is.

The amount of ram allocated when the app starts does not prevent the system from properly working or from running other apps.

That's the same for any windows app.

How much total physical ram does this system have?

Step 1

To show all files:

  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in
    explorer.exe

    and press Enter

  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

Step 2

You ran a quick scan with MBAM and it detected noting. Have you done a full scan with your Avast?

If not, then do that and avise of result.

Step 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Step 4

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Share this post


Link to post
Share on other sites

Hi,

I upgraded to Windows 8 on exactly the 24th February. Perhaps the issue isn't malware related but causes by hardware/software conflicts since I upgraded. I've already done a full scan with Avast and it found nothing. That being said, the only reason I'm worried about the 100mb+ ram usage is because I have the same combo on 3 PCs, just the operating system on those (Windows 7) is different to Windows 8. There malwarebytes takes around 40-50mb when idle. I have 4gb ram on this laptop with an i3 processor.

I attached the Dr Web log since whenever I tried to reply with it I got a server error. It found nothing.

Farbar Service Scanner Version: 03-03-2013

Ran by Ali Khan (administrator) on 04-03-2013 at 13:39:15

Running from "C:\Users\Ali Khan\Desktop"

Windows 8 Pro (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

drweb.txt

Share this post


Link to post
Share on other sites

The DrWeb Cure-It noted

There are no infected objects detected
. That is a very excellent indicator.

And prior to that, MBAM did not find anything.

Infections can be ruled out.

As to the MBAM memory usage, it is what it is. You have to realize that memory needs are allocated and then Windows is in charge of managing memopry needs.

Looking at my WIN8 MBAM has 135.5 MB but currently using 0% of cpu because it is not at this time "hard at a task".

I do not concern myself about the memory allocated.

And with your 4 GB ram you should not be having a worry.

Looking at the FSS log, I think we need to "wake up" your Windows automatic updates service. It needs to be on, so at least you get notfied of updates.

Windows services

This will be a batch-fix .

Press the Windows-key on keyboard.

In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.

Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.

@Echo off
sc stop wuauserv
sc stop bits
sc config dcomlaunch start= auto
sc config nsi start= auto
sc config dhcp start= auto
sc config rpcss start= auto
sc config winmgmt start= auto
sc config wscsvc start= delayed-auto
sc config bits start= delayed-auto
sc config wuauserv start= delayed-auto
sc config sdrsvc start= manual
sc config vss start= auto
sc config eventlog start= auto
sc config bfe start= auto
sc config eventsystem start= auto
sc start sdrsvc
sc start vss
sc start rpcss
sc start eventsystem
sc start bfe
sc start bits
sc start wuauserv
shutdown -r -t 1
del %0

Select File -> Save AS.

Press the Desktop button on the left side of the save dialog.

In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.

Press 10-16-2011%204-36-39%20PM.png.

Close Notepad.

Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.

Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

Share this post


Link to post
Share on other sites

I just ran the fix.bat and Windows rebooted as told. The errors that occured during the install of Windows 8.. are they causes by conflicts which need to be corrected? Since my Avast is expiring soon, I was wondering also if you recommend any paid AV suite too. Here is the FSS log which you might need:

Farbar Service Scanner Version: 03-03-2013

Ran by Ali Khan (administrator) on 04-03-2013 at 17:33:15

Running from "C:\Users\Ali Khan\Desktop"

Windows 8 Pro (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Share this post


Link to post
Share on other sites

If you had had "fatal" errors during Win8 install, you'd not be on Win8, but back on your previous Windows.

What "errors" do you now refer to?

For paid antivirus apps, it is really up to you. ESET & Kaspersky are good ones.

I believe you are good to go. But if you want, you may do an ESET online scan

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • De-select (un- check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Share this post


Link to post
Share on other sites

The errors I was talking about was when installing Windows 8, some indicated Software/Hardware comflicts. Eset found 2 adware threats which it quarantined and deleted in the temp folder. The log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

At the actual Windows 8 upgrade, there were not "things" that stopped or barred that, since the upgrade -did- finish.

I am indicating that they were non-fatal. Not show-stoppers.

Now then, what were the conflicts? and if software programs were noted, you should have Uninstalled. Then later looked for possible Windows-8 compatible updates or new releases.

Now then, I need to know the 2 items detected by ESET. Did you view the log?

IF you did not, then we need a 2nd run with the option to remove.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions; IF that comes up.
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Share this post


Link to post
Share on other sites

I deleted the Win32/Adblock I think it was. I'm certain I deleted the 2 files. It had something with a adlink in it and it was in the temp folder..I haven't had any conflicts and am still relating to the quote..."these other issues are either due to an infection, previous infection or some hardware/software conflict" relating to the 100mb ram usage.

Share this post


Link to post
Share on other sites

The latter quote is not mine. I am of the opinion that there's -not- an infection.

The 100MB usage is normal. My Win8 system shows 135.5 MB (at least).

Share this post


Link to post
Share on other sites

Then I guess this laptop is fine. Thanks for the help.

Share this post


Link to post
Share on other sites

You are welcome.

Delete these to cleanup some tools used:

DrWeb Cure-It

FSS.exe

Go to Control Panel >> Add-or-Remove Programs & uninstall

ESET Online scan

I wish you well.

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.