Jump to content


Different amount of RAM used though doing the same?


  • This topic is locked This topic is locked
62 replies to this topic

#1 Guest_Dirrk_*

Guest_Dirrk_*
  • Guests

Posted 05 May 2013 - 12:49 PM

There are always the same programs running, doing the same, but the Task Manager (show processes of all users activated) shows extremely different RAM sizes being used. About 2 to almost 4 RAM (I have 4 GB RAM). The system slows down extremely. When I add the used RAM in the Task Manager (the column in tab "Processes"), e.g. now I get an amount of about 1,5 and 2 GB used RAM, but in tab "Performance" is displayed about 3,6 GB used RAM. What does that mean? Might there be anything I could correct, e.g. free RAM or anything else?

And though often the same amount of used RAM is shown and there is (according the Task Manager) enough free CPU performance, sometimes the Notebook runs OK and sometimes runs slowly, so using it becomes senseless.

I have tried some programs, which shall free (none used but occupied RAM), but they all do not work, cause problems, you have to restart the system.

(Starting post: http://www.spywarein...doing-the-same/)
---------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dirk :: DIRK-PC [administrator]

So, 05.05.2013 20:34:11
mbam-log-2013-05-05 (20-34-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214592
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Dirk at 20:15:27 on 2013-05-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4085.965 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\DVBLogic\DVBLink2\DVBLinkServer.exe
C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Copy Handler\ch64.exe
I:\PortableApps\PortableApps\ListaryPortable\App\Listary\X64\Listary.exe
C:\Program Files\Windows Sidebar\sidebar.exe
I:\Programme\ClipboardHelpAndSpellPortable\ClipboardHelpAndSpell.exe
C:\Program Files\NetDrive\netdrive.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DVBLogic\DVBLink2\DVBLinkMCLauncher.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\EventGhost\EventGhost.exe
I:\PortableApps\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
I:\LiberKey\LiberKeyTools\LiberKeyMenu\LiberKeyMenu.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\PDF Architect\HelperService.exe
C:\Program Files (x86)\PDF Architect\ConversionService.exe
C:\Windows\system32\svchost.exe -k imgsvc
I:\LiberKey\LiberKeyTools\KeyFileAssoc\KeyFileAssoc.exe
C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
I:\PortableApps\PortableApps\FirefoxPortable\FirefoxPortable.exe
I:\Programme\WinRAR\Launch WinRAR.exe
I:\Programme\Balance Control - Lautstärke\simplesndvol.exe
I:\Programme\PhraseExpress\phraseexpress.exe
I:\Programme\CPUMon\CPUMon.exe
I:\PortableApps\PortableApps\FirefoxPortable\App\firefox\firefox.exe
I:\LiberKey\LiberKeyTools\LiberKeyPortabilizer\LiberKeyPortabilizer.exe
I:\PortableApps\PortableApps\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe
I:\Programme\foobar\foobar2000.exe
I:\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NetDrive\ndsvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
I:\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
I:\LiberKey\Apps\NetWorx\App\NetWorx\networx.exe
I:\LiberKey\Apps\AIMP\App\AIMP\AIMP3.exe
I:\LiberKey\Apps\Thunderbird\App\thunderbird\thunderbird.exe
I:\LiberKey\Apps\LibreOffice\App\LibreOffice\program\soffice.exe
I:\LiberKey\Apps\LibreOffice\App\LibreOffice\program\soffice.bin
I:\LiberKey\Apps\Everything\App\Everything\Everything.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
I:\Programme\JDownloader Beta - Kopie 4\JDownloaderExp.exe
I:\LiberKey\Apps\PSPad\App\PSPad\PSPad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll
TB: PDF Architect Toolbar: {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe
uRun: [Listary] "I:\PortableApps\PortableApps\ListaryPortable\App\Listary\X64\Listary.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LiberKey] I:\LiberKey\LiberKey.exe
uRun: [Clipboard Help+Spell] "I:\Programme\ClipboardHelpAndSpellPortable\ClipboardHelpAndSpell.exe" /autorun
uRun: [NetDrive] "C:\Program Files\NetDrive\netdrive.exe" -tray
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [DVBLink MediaCenter Launcher] C:\Program Files (x86)\DVBLogic\DVBLink2\DVBLinkMCLauncher.exe
StartupFolder: C:\Users\Dirk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTG~1.LNK - C:\Program Files (x86)\EventGhost\EventGhost.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - I:\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\dlall.htm
IE: Download selected with Free Download Manager - I:\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\dlselected.htm
IE: Download video with Free Download Manager - I:\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\dlfvideo.htm
IE: Download with Free Download Manager - I:\PortableApps\PortableApps\FreeDownloadManagerPortable\App\FreeDownloadManager\dllink.htm
IE: Mit Mipony herunterladen - I:\Programme\Mipony\Browser\IEContext.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
TCP: Interfaces\{08DD50F1-C98B-4A4E-906C-5E2F3F9D4557} : NameServer = 62.109.123.7 213.191.92.86
TCP: Interfaces\{EEA68294-318D-4334-941E-F6BC342E6C1C} : DHCPNameServer = 195.234.128.7 195.234.128.16
AppInit_DLLs=   C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [Copy Handler] <no file>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-27 28600]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 38144]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-8 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-8 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-27 100712]
R2 DVBLinkServer2;DVBLink Server;C:\Program Files (x86)\DVBLogic\DVBLink2\DVBLinkServer.exe [2010-10-21 1991680]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 dvblinkcap;DVBLink Capture #1;C:\Windows\System32\drivers\dvblinkcap.sys [2010-7-19 18608]
R3 dvblinkcap2;DVBLink Capture #2;C:\Windows\System32\drivers\dvblinkcap2.sys [2010-7-19 18608]
R3 dvblinkcap3;DVBLink Capture #3;C:\Windows\System32\drivers\dvblinkcap3.sys [2010-7-19 18608]
R3 dvblinkcap4;DVBLink Capture #4;C:\Windows\System32\drivers\dvblinkcap4.sys [2010-7-19 18608]
R3 dvblinktun;DVBLink Tuner #1;C:\Windows\System32\drivers\dvblinktun.sys [2010-7-19 20784]
R3 dvblinktun2;DVBLink Tuner #2;C:\Windows\System32\drivers\dvblinktun2.sys [2010-7-19 20784]
R3 dvblinktun3;DVBLink Tuner #3;C:\Windows\System32\drivers\dvblinktun3.sys [2010-7-19 20784]
R3 dvblinktun4;DVBLink Tuner #4;C:\Windows\System32\drivers\dvblinktun4.sys [2010-7-19 20784]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-1 1100320]
R3 X10Hid;X10 Hid Device;C:\Windows\System32\drivers\x10hid.sys [2013-1-12 15896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hcw10cir;Hauppauge CIR Receiver;C:\Windows\System32\drivers\hcw10cir.sys [2012-8-20 46080]
S3 BthAudioHF;BthAudioHF-Dienst;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-2-18 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-2-18 9800]
S3 hcw10bda;Hauppauge Cx2310x WinTV Capture;C:\Windows\System32\drivers\hcw10bda.sys [2013-3-2 649904]
S3 ndfs;ndfs;C:\Program Files\NetDrive\NDFS.sys [2013-2-1 63712]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-4-26 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-10-12 9584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-8 246304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="I:\LiberKey\Apps\PSPad\PSPadLKL.exe" "%1" [default=ab_pspad  - 'Open' doesn't exist]
FileExt: .exe: exefile="I:\LiberKey\Apps\7Zip\7-ZipLKL.exe" "%1" [default=ab_open_with_7-zip_liberkey  - 'Open' doesn't exist]
FileExt: .txt: txtfile_nomade="I:\LiberKey\Apps\PSPad\PSPadLKL.exe" "%1" [default=ad_ouvrir_avec_pspad_liberkey]
FileExt: .ini: inifile="I:\LiberKey\Apps\PSPad\PSPadLKL.exe" "%1" [default=ab_ouvrir_avec_pspad_liberkey]
.
=============== Created Last 30 ================
.
2013-04-28 21:12:55    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\pdfforge
2013-04-28 21:12:28    662288    ----a-w-    C:\Windows\SysWow64\MSCOMCT2.OCX
2013-04-28 21:12:28    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2013-04-28 21:12:28    1070152    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2013-04-28 21:12:24    110264    ----a-w-    C:\Windows\System32\pdfcmon.dll
2013-04-28 21:12:19    64512    ----a-w-    C:\Windows\SysWow64\MSCC2DE.DLL
2013-04-28 21:12:19    158208    ----a-w-    C:\Windows\SysWow64\MSCMCDE.DLL
2013-04-28 21:12:18    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2013-04-28 21:12:17    --------    d-----w-    C:\Program Files (x86)\PDFCreator
2013-04-26 20:47:41    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\NCH Software
2013-04-26 20:47:10    --------    d-----w-    C:\Program Files (x86)\NCH Software
2013-04-25 23:24:54    19032    ------w-    C:\Windows\System32\pwdrvio.sys
2013-04-25 23:24:04    --------    d-----w-    C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.8
2013-04-23 20:37:20    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-23 07:28:35    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 20:59:28    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-22 20:59:24    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-22 20:59:22    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-22 20:59:22    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-22 20:59:20    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-22 20:59:20    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-22 20:59:20    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-22 20:42:40    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-14 15:29:24    --------    d-----w-    C:\Windows\Downloaded Installations
2013-04-13 00:08:56    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\TVRename
2013-04-12 00:20:12    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\Movienizer
2013-04-10 20:55:32    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\Personal Video Database
2013-04-10 20:43:00    --------    d-----w-    C:\Users\Dirk\AppData\Roaming\JLC's Software
2013-04-07 22:20:04    --------    d-----w-    C:\Users\Dirk\AppData\Local\kvibes
.
==================== Find3M  ====================
.
2013-04-25 23:51:02    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-25 23:51:02    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-23 07:28:30    866720    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-04-23 07:28:30    788896    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-27 16:05:29    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-03-27 16:05:29    100712    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-03-07 11:37:32    9584    ------w-    C:\Windows\System32\pwdspio.sys
2013-03-07 11:37:32    3074240    ----a-w-    C:\Windows\System32\pwNative.exe
2013-02-22 06:27:49    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-22 06:19:37    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 20:18:26,63 ===============
---------------------------------------------------------------------------
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.169  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
---------------------------------------------------------------------------

 



#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 05 May 2013 - 06:38 PM

Hello Dirrk.

Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 06 May 2013 - 07:55 AM

There doesn't seem to have been any malicious / unwanted software on my system, if I understand it right (of course I have any idea of that).


# AdwCleaner v2.300 - Datei am 06/05/2013 um 11:52:23 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dirk - DIRK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dirk\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\MyAshampoo
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Program Files\pdfforge
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdfforge
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Dirk\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Dirk\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Dirk\AppData\LocalLow\MyAshampoo
Ordner Gelöscht : C:\Users\Dirk\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3B8C0904-D1B3-4757-A24E-0CABF546B9A5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{413C68DF-6D30-4C5B-82B9-AAE4CBA86F66}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99A81540-7550-4A0F-92B8-67B4E134DF15}
Schlüssel Gelöscht : HKLM\Software\MyAshampoo
Schlüssel Gelöscht : HKLM\Software\MyAshampoo\toolbar
Schlüssel Gelöscht : HKLM\Software\Winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B8C0904-D1B3-4757-A24E-0CABF546B9A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{413C68DF-6D30-4C5B-82B9-AAE4CBA86F66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99A81540-7550-4A0F-92B8-67B4E134DF15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B00679E-A2E6-4C54-A19D-1192DD8FCCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{441F312F-953A-457D-BD96-357CAA499E48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0FBCE18-FC43-4032-B36A-9ED5D24C2651}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B65FB7F8-9146-47CE-A3DB-0B22B5AC61D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dirks Profil\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\n7t82fgi.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7992 octets] - [06/05/2013 11:52:23]

########## EOF - C:\AdwCleaner[S1].txt - [8052 octets] ##########
 



#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 May 2013 - 08:45 AM

Why is the log in German?  Translated, it shows that all those unwanted toolbars were removed.  Your symptoms of strange RAM usage and occasional slowing  should be fixed or much improved.

 

In case anything was missed, please run another program:

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

(Note: our email notifications are not being delivered to you. Your email server responds with "550-unrouteable mail domain spywareinfoforum.com     550 verifying mike@spywareinfoforum.com failed".)


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 06 May 2013 - 12:02 PM

Thank you very much.

 

    Quote

           Why is the log in German?



I do not know, sorry for that difficulty, I just followed the instructions. I suppose, that program automatically sets the language to the system information it finds. I couldn't find any option to change the language.


   

    Quote

    Translated, it shows that all those unwanted toolbars were removed.



OK, so there have been some or a lot of such toolbars on my system. Wasn't able to see that in the logs. How many of these toobars have been there? And where were they coming from? Belonging to which programs?

   

    Quote

        Your symptoms of strange RAM usage and occasional slowing  should be fixed or much improved.



I am not quite sure, it doesn't seem to be like that, the "Performance" tab shows more used RAM than the "Process" tab, if I am right:

http://i.imm.io/153Tz.jpeg
http://i.imm.io/153TF.jpeg

   

    Quote

        Please close your security software to avoid potential conflicts.



Doing it, I see the AntiVir real time scanner is not running, do not know why. I left it like that and closed Comodo Firewall and I didn't close any other programs and left the connection to the Internet, so, I left it all like it was besides of the security programs.

    Quote

    (Note: our email notifications are not being delivered to you. Your email server responds with "550-unrouteable mail domain spywareinfoforum.com     550 verifying mike@spywareinfoforum.com failed".)

Yes, I noticed, I tried to send e-mails to an adminsistrator without success, because after trying to change my e-mail address I could not post anymore.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Dirk on Mo, 06.05.2013 at 19:20:27,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F656A613-10FF-48CF-9413-D128DB771622}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mo, 06.05.2013 at 19:30:30,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by Diirk, 06 May 2013 - 12:02 PM.


#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 May 2013 - 12:43 PM

You can see the names of the toolbars that were removed in the AdwCleaner log.

MyAshampoo
SmartBar
WebBrowser
various Conduit toolbars

JunkRemover found and removed SearchScopes
 
Your screenshots are mostly of interest because of the high memory usage of JDownloader. This is a common problem with that Java download manager.  I suggest that you completely uninstall JDownloader.  If you find you really need a download manager, get one that doesn't use Java.  Windows 7 doesn't usually need one.

Totally uninstall JDownloader, using the Revo Uninstaller.
Download and run the free version of Revo Uninstaller.
Set it to 'Advanced'.

Select JDownloader and click Uninstall.

Revo will do this:

Step 1. Create restore point.
Step 2. Run the official JDownloader  uninstaller.

Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found.

You may need to manually delete I:\Programme\JDownloader Beta - Kopie 4


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 06 May 2013 - 01:04 PM

You can see the names of the toolbars that were removed in the AdwCleaner log.

MyAshampoo
SmartBar
WebBrowser
various Conduit toolbars

JunkRemover found and removed SearchScopes

 

OK, I see, these are the toolbars. And they obviously caused the RAM use and slowed down the system. If I only knew whereform I have installed it. Actually I try to be careful. I hope, I can avoid installing such trash from now on.

 

Your screenshots are mostly of interest because of the high memory usage of JDownloader.

So, I shouldn't worry about the different RAM shown, I guess, may be that is just normal.

 

This is a common problem with that Java download manager.  I suggest that you completely uninstall JDownloader.

 

Yes, that indeed is very inconvenient. But there doesn't seem to be a subsitute for it, I couldn't find any downloader doing what jD does. And I assume, Java shouldn't be used anyway at all, seems to slow down the system.

 

Totally uninstall JDownloader, using the Revo Uninstaller.

 

Yes, I have already the portable version of Revo in use.

 

And I have the portable version of jD, so I could just delete the folder containing it, I assume.


Edited by Diirk, 06 May 2013 - 01:09 PM.


#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 May 2013 - 01:19 PM

Deleting the folder will usually leave a lot of remnants and may cause a hang if run keys are left in the Registry, so I advise using Revo.

 

What features do you need in a downloader?

 

Toolbars often get installed unintentionally.  When they are bundled with another program, it is often necessary to uncheck the option box, which is easily overlooked.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 06 May 2013 - 01:55 PM

Deleting the folder will usually leave a lot of remnants and may cause a hang if run keys are left in the Registry, so I advise using Revo.

 

OK, I would do so. Actually I had assumed, the portable versions wouldn't leave remnants, and that would be one of the advantages using them.

 

What features do you need in a downloader?

 

Oh, there are a lot, e.g. starting / handling downloads of a lot of file hosters (I haven't seen any other downloader handling so many file hosters) like rapidshare, mediafire, zippyshare and many more automatically, resume them, store and use passwords for zip and rar files to unzipp the downloads automatically. Adding download links by copying the links with passwords to the clip board, set priorities of downloads, filter, sort links, search for download links on pages and automatically add them...

 

Toolbars often get installed unintentionally.  When they are bundled with another program, it is often necessary to uncheck the option box, which is easily overlooked.

 

Yes, I must have just overlooked them. Actually one should just not install programs offering such toolbars at all, I guess. It is estonishing, that such toobars can cause such extremely high RAM use.



#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 May 2013 - 02:10 PM

I think the amount of RAM use is not important - indeed, if you have lots of RAM it makes sense to be using it since it is so much faster than any other form of storage.

 

More significant and able to cause slowing is the amount of CPU work being done.  In Task Manager, open the Processes tab. Click the 'CPU' column header to sort the processes by CPU%.  System Idle Process should be at or near the top (click the header again if it's near the bottom).  Then take a screenshot for me.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 06 May 2013 - 02:35 PM

Though often the same rescoures are used, e.g. 3 RAM and 50 % CPU, the computer is sometimes extremely slow, sometimes it runs normally. Might the hard drive - showed to be running at 100 % often (I do not understand these graphics), http://i.imm.io/154WY.png - slow the system down?

 

More significant and able to cause slowing is the amount of CPU work being done.  In Task Manager, open the Processes tab. Click the 'CPU' column header to sort the processes by CPU%.  System Idle Process should be at or near the top (click the header again if it's near the bottom).  Then take a screenshot for me.

 

OK, done: http://i.imm.io/154YX.png

And a second one: http://i.imm.io/154Zt.png



#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 06 May 2013 - 02:58 PM

The activity of the hard drive is from swapping memory blocks between physical RAM and virtual memory (pagefile) on the disk.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 07 May 2013 - 12:10 AM

Thank you.

 

OK, done:

 

(Edit: sorry, the text is in German again, I cannot find a way to switch the program - MiniTool - to English. If there should a way, please tell me, so I would run it again)

 

By the way, at the moment my system seems to run much more better indeed, after your help. The Notebook commonly runs 24h/7d, respectively until it becomes too slow (seems to be the normal behaviour of Windows after some time) and then I restart it, what takes a long time. Many thanks.

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Dirk (administrator) on 07-05-2013 at 08:08:20
Running from "I:\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/06/2013 10:14:26 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CreateVssExamineWriterMetadata" ist ein unerwarteter Fehler aufgetreten. hr = 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:26 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "XML document is too long" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070018, Das Programm hat einen Befehl ausgegeben, aber die Befehlslänge ist falsch.
.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:17 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CreateVssExamineWriterMetadata" ist ein unerwarteter Fehler aufgetreten. hr = 0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.
.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:17 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "XML document is too long" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070018, Das Programm hat einen Befehl ausgegeben, aber die Befehlslänge ist falsch.
.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer


System errors:
=============
Error: (05/06/2013 10:21:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 für x64-basierte Systeme


Microsoft Office Sessions:
=========================
Error: (05/06/2013 10:14:26 PM) (Source: VSS)(User: )
Description: CreateVssExamineWriterMetadata0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:26 PM) (Source: VSS)(User: )
Description: XML document is too long0x80070018, Das Programm hat einen Befehl ausgegeben, aber die Befehlslänge ist falsch.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:17 PM) (Source: VSS)(User: )
Description: CreateVssExamineWriterMetadata0x80042302, Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.
Weitere Informationen finden Sie im Anwendungsereignisprotokoll.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer

Error: (05/06/2013 10:14:17 PM) (Source: VSS)(User: )
Description: XML document is too long0x80070018, Das Programm hat einen Befehl ausgegeben, aber die Befehlslänge ist falsch.


Vorgang:
   Generator legt seine Metadaten offen

Kontext:
   Ausführungskontext: Requestor
   Generatorinstanz-ID: {DFB5F8BA-5D50-4745-9CC2-F5F31EE54733}
   Generatorklassen-ID: {E8132975-6F93-4464-A53E-1050253AE220}
   Generatorname: System Writer


========================= Memory info: ===================================

Percentage of memory in use: 85%
Total physical RAM: 4084.56 MB
Available physical RAM: 597.61 MB
Total Pagefile: 10226.75 MB
Available Pagefile: 5461.39 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.59 MB

========================= Partitions: =====================================

1 Drive c: (Dirk) (Fixed) (Total:53.61 GB) (Free:11.77 GB) NTFS
3 Drive i: (Dirk) (Fixed) (Total:877.8 GB) (Free:35.82 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\DIRK-PC

Administrator            Dirk                     Gast                     
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****
 


Edited by Diirk, 07 May 2013 - 12:33 AM.


#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 May 2013 - 09:48 AM

Your memory looks fine, although usage is high, probably due to JDownloader running all the time even when not in use.
 
The error reports indicate that an update to Internet Explorer 10 failed.  This may be related to the Volume Shadow Copy error ("Unerwarteter Fehler bei einer Komponente des Volumeschattenkopie-Diensts.") .  Your System Restore may not be working.

 

This should be fixed.  Please do this:
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 07 May 2013 - 12:09 PM

Your memory looks fine, although usage is high, probably due to JDownloader running all the time even when not in use.

 

OK, thank you. But there was a strange behaviour I cannot remember to have had before: I started synchronizing with FreeFileSync by about 3 or 3,3 GB RAM and after finishing and closing FreeFileSync the RAM went to about 2,5 GB, then it goes up to 3,97, the system got frozen, I waited some minutes or more and the RAM then was about 900 MB or so and then it increases to about 3 GB, now it is 2,85 GB.

 

The error reports indicate that an update to Internet Explorer 10 failed.

 

Yes, I tried a few times to install this update, but after downloading it an error message appeared. This update is displayed as "Optional". And I do not use Internet Explorer anyway.

 

Your System Restore may not be working.

 

So what a luck, that nothing bad happened running this adware removal program.

 

I did what you said:

 

Farbar Service Scanner Version: 14-04-2013
Ran by Dirk (administrator) on 07-05-2013 at 20:03:30
Running from "I:\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is offline
LAN connected.
WAN connected
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 May 2013 - 02:43 PM

No obvious reason for the error.  

I asked you to create a restore point before running AdwCleaner. Were you able to do that? How to create Restore Point.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 07 May 2013 - 03:12 PM

No obvious reason for the error. 

 

Thank you. So, my system seems to be OK (as far you can say something like that about a Windows system), respectively there is no indication at the moment that it is not. May be the strange behaviour just is the normal one for a Windows OS.

 

I asked you to create a restore point before running AdwCleaner. Were you able to do that?

 


Yes, I had done it, a message was shown, that it was successful, no error occurred.


Edited by Diirk, 07 May 2013 - 03:17 PM.


#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 May 2013 - 03:52 PM

I think your system is indeed OK.  
You can clean up most of our tools now (keep MBAM):
Dlete the DDS files and Security Check folder from your Desktop.  Also FSS, JunkRemover, and MiniToolbar.  Run AdwCleaner and click Uninstall.
Run one last scan in case I have overlooked anything.
Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • Please  let me know if any problems remain.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 08 May 2013 - 05:16 AM

Thank you very much.

 

You can clean up most of our tools now (keep MBAM):
Dlete the DDS files and Security Check folder from your Desktop.  Also FSS, JunkRemover, and MiniToolbar.  Run AdwCleaner and click Uninstall.
 

Done.

In the morning today the Notebook was something like frozen again, very slow, after some minutes it becomes more an more "unfrozen" and then it runs somehow, but sluggish. There was a Window message, not enough RAM and Windows now closes some programs to gain more RAM. I clicked abort. Then there was about 2 or less than 2 RAM used, now it is 2,4 GB and sluggish though there actually should be enough RAM.

And the connection to the Internet got interrupted a few times now.

At the moment the RAM settings are:

http://i.imm.io/15cQO.png

http://i.imm.io/15cRg.png

Now I set: http://i.imm.io/15cQV.png

So the size is administrated by Windows now.

    Quote

    Click the esetonlinebtn.png button.

I have pressed this blue button: http://i.imm.io/15cOK.png

The scanning seems to last extremely long (and dosen't seem to bring the best results regarding malicious software, I guess, strange that Malware Bytes didn't find these threats. Or may be the discoveries are not malicious, but I do not think so), about 4 until now for 10 %, I hope it has finished until the Internet connection is interrupted automatically by the provider (each 24h) or broken again, at the moment it looks like: http://s14.directupl...08/iocb5qvp.png

 

And some time later: http://s14.directupl...08/2ag6imr4.png


Edited by Diirk, 08 May 2013 - 06:28 AM.


#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 May 2013 - 10:23 AM

Please stop ESET - use Task Manager to kill it if necessary.  It seems to be stuck on a (possibly) infected zip file.
 
Please delete any copy of TDSSKiller you have(right-click on it => "Delete"
 
Please download  tdsskiller.exe and save it to your Desktop.  Go here for information.
  • Double-click on TDSSKiller.exe to run the application.
  • Choose "Change Parameters"
    Check "Detect TDLFS file system"
    Hit; OK
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.  
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply
  • Note: Post the log only if something was found.  Look at the end of the log.  If it says:

    Detected object count: 0 then I don't need the  log.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 08 May 2013 - 01:24 PM

It goes on, at the moment, so since some hours it is at 99 %, suddenly it was at 25 and then at 99 %.

 

 

The online scanner not only scans C: but also I:, a partition on the same 1TB hard drive. May be I should still wait, don't know.

 

http://s1.directuplo...08/gwpnfbzr.png



#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 08 May 2013 - 01:30 PM

Yes, as long as it is progressing please wait. At 99% it shouldn't take very much longer.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#23 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 09 May 2013 - 02:57 PM

Still running: screenshotdof392wmzjdx.png

 

Surprisingly the scanner wasn't interrupted by disconnecting the Internet connection by the provider (each 24h automatically), I connected immediately to the Net, I hadn't expected it. So the scanner is running now for about 38 hours may be about 30 hours at 99 %.


Edited by Diirk, 09 May 2013 - 04:25 PM.


#24 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 May 2013 - 05:04 PM

OK, kill ESET.

 

Follow the directions above to run TDSSKiller.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#25 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 10 May 2013 - 02:03 AM

Thank you.

 

At the second interruption by the provider the scanner stopped anyway after running over 48 hours: http://i.imm.io/15pkq.png
 

Choose "Change Parameters"
Check "Detect TDLFS file system"
Hit; OK

 

I left the already checked options as they were, hope that is correct:  http://i.imm.io/15ppB.png

 

All done until to this step:

Click on the Start Scan button and wait for the scan and disinfection process to be over.

 

No threats: http://i.imm.io/15psX.png

I am wondering whether it is good or bad...

 

After stopping ESET this window opened, should I do anything here: http://i.imm.io/15puG.png

 

Here the log of ESES (it looks like as if there were many files which actually are no threats, so I didn't dare to let ESET delete anything, I just closed it):

 

C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\AppData\Local\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Documents and Settings\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-56b611c7    a variant of Java/JShrink.A application    
C:\Documents and Settings\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-5dabd597    a variant of Java/JShrink.A application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Documents and Settings\Dirk\Lokale Einstellungen\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\AppData\Local\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Dokumente und Einstellungen\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-56b611c7    a variant of Java/JShrink.A application    
C:\Dokumente und Einstellungen\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-5dabd597    a variant of Java/JShrink.A application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\Dirk\AppData\Local\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\1WmvvHl8.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\AppData\Local\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\AppData\Local\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\AppData\Local\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\AppData\Local\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\AppData\Local\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\AppData\Local\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\AppData\Local\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
C:\Users\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-56b611c7    a variant of Java/JShrink.A application    
C:\Users\Dirk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-5dabd597    a variant of Java/JShrink.A application    
C:\Users\Dirk\Lokale Einstellungen\Temp\+sOvZhJk.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\0LCRWQXE.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\1WmvvHl8.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\bkFdTBVT.exe.part    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\Lokale Einstellungen\Temp\CoPIoVfl.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\ESOTXIv8.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\gIIPFrg7.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\i18BYgtK.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\Lokale Einstellungen\Temp\ICReinstall_Mipony-Installer-1.exe    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\Lokale Einstellungen\Temp\lwEoLuo5.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\mhuNwu8F.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\nuDhYZdb.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\omjO1lLh.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\pmRffX6S.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\Pptz6aoP.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\Q1NMk8ck.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\TUji4av8.exe.part    a variant of Win32/InstallCore.BR application    
C:\Users\Dirk\Lokale Einstellungen\Temp\U4pXXBu+.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\UDTTsaNc.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\Lokale Einstellungen\Temp\V04Lu3oW.exe.part    Win32/InstalleRex.I application    
C:\Users\Dirk\Lokale Einstellungen\Temp\wogll+rM.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\z9g_K2Sq.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\zN5i7p2D.exe.part    Win32/InstalleRex.J application    
C:\Users\Dirk\Lokale Einstellungen\Temp\OCS\ocs_v7a.exe    a variant of Win32/DownloadSponsor.A application    
I:\jD-Downloads\Jingle_Cats_-_Meowy_Christmas_(1993)_FLAC.rar.part    Win32/InstalleRex.E application    
I:\jD-Downloads\skymonk1631381.exe.part    Win32/Skymonk.A application    
I:\jD-Downloads\SM Versi Trial.rar    a variant of Win32/Packed.Enigma.AAF trojan    
I:\LiberKey\Apps\HFS\App\HFS\hfs.exe    a variant of Win32/Server-Web.HFS.A application    
I:\LiberKey\Apps\SmartSniff\App\SmartSniff\x86\smsniff.exe    a variant of Win32/Sniffer.SniffPass.B application    
I:\PortableApps\PortableApps\uTorrentPortable\App\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application    
I:\Programme\Audiograbber\$[53]\setup.exe    a variant of Win32/Toolbar.Funmoods application    
I:\Programme\CryptLoad\CryptLoad_1.1.8.rar    Win32/RemoteAdmin.NetCat application    
I:\Programme\Desktop - Backup\.DirSyncProBackup\Lupo_PenSuite_v6.76_Full_00.exe    probably a variant of Win32/PSWTool.WirelessNetView.A application    
I:\Programme\JDownloader Beta\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\JDownloader Beta - Kopie - Kopie\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\JDownloader Beta - Kopie - Kopie - Kopie\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\JDownloader Beta - Kopie 4\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\JDownloader Beta - Kopie 4a - Kopie\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\JDownloader Beta - Kopie 5\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\jDownloader Beta - zum Installieren (diesen nicht benutzen)\toolbar.exe    Win32/Toolbar.Conduit application    
I:\Programme\Nirsoft Package\NirSoft\astlog.exe    Win32/PSWTool.AsteriskLogger.104 application    
I:\Programme\Nirsoft Package\NirSoft\awatch.exe    a variant of Win32/AdapterWatch.A application    
I:\Programme\Nirsoft Package\NirSoft\bulletspassview.exe    a variant of Win32/PSWTool.BulletsPassView.C application    
I:\Programme\Nirsoft Package\NirSoft\chromepass.exe    Win32/PSWTool.ChromePass.A application    
I:\Programme\Nirsoft Package\NirSoft\dialupass.exe    a variant of Win32/PSWTool.Dialupass.F application    
I:\Programme\Nirsoft Package\NirSoft\iepv.exe    Win32/PSWTool.IEPassView.NAE application    
I:\Programme\Nirsoft Package\NirSoft\lsasecretsdump.exe    Win32/PSWTool.LsaSecretsDump.A application    
I:\Programme\Nirsoft Package\NirSoft\lsasecretsview.exe    Win32/PSWTool.LsasView application    
I:\Programme\Nirsoft Package\NirSoft\mailpv.exe    Win32/PSWTool.MailPassView.E application    
I:\Programme\Nirsoft Package\NirSoft\mspass.exe    Win32/MPass.A application    
I:\Programme\Nirsoft Package\NirSoft\netpass.exe    a variant of Win32/NetPass.AA application    
I:\Programme\Nirsoft Package\NirSoft\operapassview.exe    Win32/PSWTool.OperaPassView application    
I:\Programme\Nirsoft Package\NirSoft\passwordfox.exe    a variant of Win32/PSWTool.PassFox.D application    
I:\Programme\Nirsoft Package\NirSoft\produkey.exe    a variant of Win32/PSWTool.ProductKey application    
I:\Programme\Nirsoft Package\NirSoft\pstpassword.exe    Win32/PSWTool.PstPassword.A application    
I:\Programme\Nirsoft Package\NirSoft\rdpv.exe    Win32/PSWTool.RDPassView.NAA application    
I:\Programme\Nirsoft Package\NirSoft\routerpassview.exe    a variant of Win32/PSWTool.RouterPassView.B application    
I:\Programme\Nirsoft Package\NirSoft\skypelogview.exe    a variant of Win32/SkypeLogView.A application    
I:\Programme\Nirsoft Package\NirSoft\smsniff.exe    a variant of Win32/Sniffer.SniffPass.B application    
I:\Programme\Nirsoft Package\NirSoft\sniffpass.exe    a variant of Win32/Sniffer.SniffPass.A application    
I:\Programme\Nirsoft Package\NirSoft\vncpassview.exe    Win32/PSWTool.VNCPassView.A application    
I:\Programme\Nirsoft Package\NirSoft\webbrowserpassview.exe    a variant of Win32/PSWTool.WebBrowserPassView.B application    
I:\Programme\Nirsoft Package\NirSoft\wirelesskeyview-x64.exe    a variant of Win64/WirelessKeyView.B application    
I:\Programme\Nirsoft Package\NirSoft\wirelesskeyview.exe    a variant of Win32/WirelessKeyView.A application    
I:\Programme\Nirsoft Package\NirSoft\wirelessnetview.exe    probably a variant of Win32/PSWTool.WirelessNetView.A application    
I:\Programme - nicht installiert\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask application    
I:\Programme - nicht installiert\eac-0.99pb5.exe    a variant of Win32/Bundled.Toolbar.Ask application    
I:\Programme - nicht installiert\PDFCreator-1_7_0_setup.exe    Win32/OpenCandy application    
I:\Programme - nicht installiert\pdfforge_Images2PDF-0_9_2-setup.exe    Win32/OpenCandy application    
I:\Programme - nicht installiert\Sandboxie 3.38 Full Inc. keygen\Sandboxie_3.38_full.rar    a variant of Win32/Keygen.BN application    
I:\Programme - nicht installiert\Sandboxie 3.38 Full Inc. keygen\Sandboxie v3.38\Sandboxie v3.38\Keygen\keygen.exe    a variant of Win32/Keygen.BN application    
I:\Programme - nicht installiert\Your Uninstaller2008PRO\Your_Uninstaller2008PRO.rar    a variant of Win32/Keygen.EM application    
I:\Programme - nicht installiert\Your Uninstaller2008PRO\Your Uninstaller2008PRO\Keygen\Keygen.exe    a variant of Win32/Keygen.EM application    
I:\Programme - nicht installiert\99 Prozent sicher\SyncBack Pro 5.5.0.9\SyncBackPro_5.5.0.9_cw.rar    a variant of Win32/Keygen.AR application    
I:\Programme - nicht installiert\99 Prozent sicher\SyncBack Pro 5.5.0.9\SyncBackPro_5.5.0.9_cw\SyncBackPro 5.5.0.9\Keygen.exe    a variant of Win32/Keygen.AR application    
I:\Programme - nicht installiert\Advanced Archive Password Recovery - ElcomSoft -2\elc.rar    probably a variant of Win32/Agent.LWCXLTN trojan    
I:\Programme - nicht installiert\Geprüft & Ungewiß\Ashampoo UnInstaller 4.02 - A\Ashampoo.Uninstaller.4.402.rar    a variant of Win32/PSW.Tacsasi.AB trojan    
I:\Programme - nicht installiert\Guitar and Bass\cnet2_guitar-and-bass-setup_exe.exe    a variant of Win32/InstallCore.D application    
I:\Programme - nicht installiert\Mediaplayer - noch nicht in Gebrauch\Miro_setup.exe    a variant of Win32/OpenInstall application    
I:\Programme - nicht installiert\Memory Manager - RAM - Arbeitsspeicher freigeben\fwtuner.exe    multiple threats    
I:\Programme - nicht installiert\noch testen\{Rs] ElcomSoft DreamPack (2009)\just4freeplanet-edp2009_2b.rar    Win32/PassRecovery application    
I:\Programme - nicht installiert\noch testen\{Rs] ElcomSoft DreamPack (2009)\edp2009_2b\edp2009_2b\edp2009\awpr351.zip    Win32/PassRecovery application    
I:\Programme - nicht installiert\noch testen\{Rs] ElcomSoft DreamPack (2009)\edp2009_2b\edp2009_2b\edp2009\pspr553.zip    a variant of Win32/PassRecovery application    
I:\Programme - nicht installiert\Treiber Manager\DeviceDoctorPro.exe    multiple threats    
I:\Programme - nicht installiert\Treiber Manager\DeviceDoctor_Bundle.exe    a variant of Win32/Bundled.Toolbar.Ask application    
I:\Programme - nicht installiert\cryptload\cryptload.rar    Win32/RemoteAdmin.NetCat application    
I:\vorübergehend\Mipony-Installer.exe    a variant of Win32/InstallCore.BR application    
I:\vorübergehend\nirsoft_package_1.18.06.zip    multiple threats    
I:\vorübergehend\PDFCreator-1_6_1_setup.exe    Win32/OpenCandy application    
I:\vorübergehend\volumouse-x64-Downloader.exe    a variant of Win32/DownloadSponsor.A application    
I:\vorübergehend\LupoPenSuite\Apps\PicPick\PicPick.exe    a variant of Win32/Bundled.Toolbar.Ask application    
I:\WinPenPack\wpp_full_4.2.zip    a variant of Win32/Server-Web.HFS.A application    
I:\WinPenPack\winPenPack\Bin\hfs\hfs.exe    a variant of Win32/Server-Web.HFS.A application    
 


Edited by Diirk, 10 May 2013 - 02:26 AM.


#26 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 May 2013 - 10:24 AM

It does appear that you do not have any known variants of the TDSS rootkit.
But please run TDSSKiller again with the options set:

Choose "Change Parameters"
Check "Detect TDLFS file system"

 
Or was there some reason you chose not to do that?
 
You have a lot of undesirable toolbars on I: drive (OpenCandy, Conduit, etc).  AdwCleaner can only handle C: drive.  Your unusual setup makes troubleshooting difficult.
 
Nirsoft is probably OK (a false positive detection), see http://www.wildersse...ad.php?t=288969 but some of the things ESET found look very suspicious, in particular randomly named files in temp folders identified as InstalleRex.J.
 
I don't want to tell you to run ComboFix in view of the unusual setup.  It is a very powerful program and could be confused in this situation and do damage.
 
Please do a scan with AswMbr:
Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Please send that zipped file to VirusTotal.
    • Please go to http://www.virustotal.com click on 'Choose file', and send the following file/s for analysis: 

      mbr.zip

      After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me.  Don't copy the results, just post the link.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#27 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 10 May 2013 - 10:52 AM

Many thanks.

 

But please run TDSSKiller again with the options set:

Choose "Change Parameters"
Check "Detect TDLFS file system"

 

Oh, sorry, I guess I am missing anything: http://i.imm.io/15ppB.png

This is the wrong check box?

 

You have a lot of undesirable toolbars on I: drive (OpenCandy, Conduit, etc).  AdwCleaner can only handle C: drive.  Your unusual setup makes troubleshooting difficult.

 

May be I should just delete the entire programs providing these tool bars?

 

I don't want to tell you to run ComboFix in view of the unusual setup.

 

Unusual regarding the portable programs on I:, I assume. I know, the time will come I have to set up my system completely new and than it is much more easyer to just copy the portable programs instead of installing the installer versions and do all settings again, respectivily to back up their settings (and find the files containing them before etc.) and restore after installing.

 

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan

 

Oh, I am not quite sure how to handle this: http://i.imm.io/15shv.png

OK, I have not downloaded anything, not Avast, just clicked "No" and "Scan".

 

So, it seems to has finished: http://i.imm.io/15siN.png

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-10 18:41:59
-----------------------------
18:41:59.400    OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:59.400    Number of processors: 4 586 0x2505
18:41:59.401    ComputerName: DIRK-PC  UserName: Dirk
18:42:05.360    Initialize success
18:43:57.666    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:43:57.669    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11
18:43:57.883    Disk 0 MBR read successfully
18:43:57.885    Disk 0 MBR scan
18:43:57.888    Disk 0 Windows 7 default MBR code
18:43:57.967    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:43:58.002    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        54900 MB offset 206848
18:43:58.033    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       898867 MB offset 112642048
18:43:58.218    Disk 0 scanning C:\Windows\system32\drivers
18:44:13.131    Service scanning
18:44:36.811    Modules scanning
18:44:36.848    Disk 0 trace - called modules:
18:44:36.876    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:44:36.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d74060]
18:44:37.227    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ab6060]
18:44:37.232    Scan finished successfully
18:46:40.445    Disk 0 MBR has been saved successfully to "I:\Downloads\MBR.dat"
18:46:40.664    The log file has been saved successfully to "I:\Downloads\aswMBR.txt"

 

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me.  Don't copy the results, just post the link.

 

 

All done.

 

https://www.virustot...sis/1368204629/

 

By the way, I discovered, that foobar - using extremely many GBs RAM, about 300.000 k at the moment as Task Manager shows - obviously causes a very intensive slow down of the system: after restarting foobar, the system sometimes runs much more faster.

 

Thank your very much.


Edited by Diirk, 10 May 2013 - 11:14 AM.


#28 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 May 2013 - 11:30 AM

Is your foobar up to date?  Get the latest from http://www.foobar2000.org/.  foobar2000 v1.2.6 final was released on May 4.

 

I find this in the foobar FAQ:

I am experiencing high system resource usage (memory or CPU) while playing.
Please disable any unneeded DSPs (such as resampler). Some of them require a lot of resources to operate.
Some DSPs such as crossfader or gap remover need extra memory buffers to operate; you can reduce the memory usage by changing their settings. Also, certain output modes (Kernel Streaming) have been reported to use excessive amounts of CPU time on certain systems.
Finally, some third-party components are known to use high amounts of CPU time.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#29 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 10 May 2013 - 01:09 PM

Many thanks for the information on foobar.

 

I had done a post some time ago because of the memory usage on the foobar forum, but if I remember right, there was no really solution.

 

There are very often updates, I just updated from 1.2.5. to 1.2.6, thanks. But actually there should be no difference in the resource usage. I guess, I must have almost all of the add ons, but the CPU is OK, only the RAM usage is high. I guess, I should remove at least some of them. May be I should use Aimp, it uses about 15.000 k.

 

And the CPU and memory usage of foobar nearly stay the same on my system, but the behaviour of the system changes after a while, it becomes very sluggish and when I restart foobar then, sometimes it becomes much more faster.

 

Shall I ran the TDSSKiller a second time with a special option? Is there anything else I should do against these toolbars or is there other malicious software to be remomoved?


Edited by Diirk, 10 May 2013 - 01:13 PM.


#30 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 May 2013 - 01:20 PM

I do not believe you have any known malware.  The TDSSKiller was fine - I didn't understand what you meant by "I left the already checked options as they were".
 

May be I should just delete the entire programs providing these tool bars?

That could leave some orphan Registry keys and give you error messages when you boot.
 
Do this scan and I'll see what we can manage:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of these files, one at a time, and post with your next two replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#31 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 10 May 2013 - 02:51 PM

I do not believe you have any known malware.  The TDSSKiller was fine - I didn't understand what you meant by "I left the already checked options as they were".

 

Ah sorry for the bad expression.

 

And thank you.

 

Very strange, at the moment the Notebook runs very fast (compared with the normal behaviour). The same programs are opened like usual. The same resources usage as far as I can see. CPU is at 30 to 60 %, RAM about 3,4 GB. I really do not understand that at all. Firefox is very fast. All programs react fast like never before (so to say). As I see, Ditto is not active. But should this single program cause...?

 

Might it be possible, that my computer is used as a bot? Or could you notice something like that in the logs?

 

I clicked the blue "Scan" button, not the "Quick Scan" one, hope, that was right. http://i.imm.io/15tzY.png

Meanwhile I assume I should have clicked the "Quick Scan" button...but as the scanner already runs so long...or should I interrupt and start "Quick Scan"?



#32 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 10 May 2013 - 03:33 PM

The blue 'Run Scan' was the correct button.

 

There is a good general explanation here (about a different clipboard manager) explaining how a clipboard manager can fail to get Windows messages or get them more than once.  When that happens Ditto will be constantly checking for Windows messages and use a lot of CPU.  Or if it keeps copying the same text it will use a lot of memory.  Usually it will work to just stop Ditto and restart it.  Sometimes it will be necessary to reboot, which will rebuild the message queue.

 

If you want to consider a different free clipboard manager, ArsClip sounds good though I have no experience with it - I use ClipMate.

ArsClip vs Ditto review.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#33 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 10 May 2013 - 04:19 PM

OK, thanks, the right button, so just wait.

 

There is a good general explanation here (about a different clipboard manager) explaining how a clipboard manager can fail to get Windows messages or get them more than once.  When that happens Ditto will be constantly checking for Windows messages and use a lot of CPU.

 

Many thanks for the link. Strangly the resources do not differ very much generally, I always have the same programs opened, but sometimes the computer is extremly sluggish with same resource usages sometimes - e.g. now - fast like never before. May be the Task Manager (and the same with other programs) does not show the right resource usages.

 

Usually it will work to just stop Ditto and restart it.

 

Yes, the same with Firefox, Thunderbird. I will stop using Ditto for a while or ever, try whether the Notebooks stays fast like it is now, would be great.

 

Sometimes it will be necessary to reboot, which will rebuild the message queue.

 

Yes, like I have to do often, that helps.

 

 

If you want to consider a different free clipboard manager, ArsClip sounds good though I have no experience with it - I use ClipMate.

ArsClip vs Ditto review.

 

Thank you, I will try both.

 

Many thanks for researching.

 

OTL still running...



#34 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 11 May 2013 - 12:04 AM

...still running...I suppose, there seems to be anything wrong...it seems to be (still) the same folder which is scanned as some hours before...but it obviously scans, the files displayed at the bottom change...if it still scans on partition C:. When it still has to scan partition I: with about 1.500.000 / 2.000.000 files it will last a long time, I guess.

 

http://i.imm.io/15x7s.png

 

 

May be I should just delete the entire programs providing these tool bars?

That could leave some orphan Registry keys and give you error messages when you boot.

 

Even the programs on I: which are all portable?

 

But...it is a bit worrisome..actually very worrisome, I am wondering how I could download / install all this malicious programs / the toolbars (even without noticing it). Actually - I would say - I look to it, but...

 

I have stopped now the scan and started a "Quick Scan", I see, it started with scanning the I: partition (and C: after), but it seems to stick at the same folder(s) as before (MediaPortal - it is not opened, do not know, may be there is a service running of MP, cannot find one). And some settings are changed after pressing "Quick Scan" (http://i.imm.io/15y4N.png) and it last very long also, still running, 1 hour or so.

 

It doesn't seem to come to an end, semm to be the same folders being scanned.


Edited by Diirk, 11 May 2013 - 08:11 AM.


#35 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 11 May 2013 - 10:38 AM

There is a strange folder there whose name is too long, see the bottom line in that picture.  That is what is causing the scans to get stuck.

 

Stop OTL.

 

Then let Windows attempt to untangle your file system.

Do Start > Computer.  Right-click C: and select Properties.  In the Tools tab click 'Check now..'

Check only the top box, then click Start.  

Click picture to enlarge:

Attached File  ScreenShot083.png   69.71KB   9 downloads


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#36 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 12 May 2013 - 07:29 AM

Thank you.

 

Done, after the second try the system was checked before Windows started while booting. There doesn't seem to be got fixed / changed anything as far as I could see while chdsk was running.

This Windows update does not install all the time since one, two weeks: http://i.imm.io/15Iex.png  

But why is the file system untangled? I guess this causes a slow down also. I know, I have some or more files I copied which have a path length longer than about 256 signs or so, music files, zip, rar files. Hope, they do not cause tis issue also.

I just try a run with OTL anyway, a "Quick Scan", may be the long pathes are gone.

 

I just see, when I list all folders with "MediaPortal" there is no path shown which should be too long anymore, if I am right. When the quick scan works (I will post), I will do the scan you wanted me to do. I guess I should have done this scan at first and leave the quick scan, me be the duration is not that much longer.


Edited by Diirk, 12 May 2013 - 08:04 AM.


#37 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 10:05 AM

All those long paths will slow up your PC whenever they are accessed by a scan.

 

Open Explorer (Computer) and look at C:\users\All users\Anwendungsdaten.

It appears that under that folder are 7 subfolders all named Anwendungsdaten

Your pic of OTL scan shows it looking at it and trying to scan

C:\users\All users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\..etc ..\Applications Data\Application Data\Team MediaPortal\Media Portal\.. etc..\movie_details_sub_folder

(I replaced parts of the path with "..etc..")

 

This is a very strange path.  I know nothing about MediaPortal or how to fix this.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#38 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 12 May 2013 - 10:48 AM

Many thanks.

 

"Anwendungsdaten" should be "application data", I assume.

 

Also this scan does not work, the same as it was before: http://i.imm.io/15JtM.png

 

Strange, such a path / folder / file (movie_details_sub_folder)  or whatever it is, I cannot find with a searching program...aha, when I look for it manually in a file manager I see until here - C:\users\All users

- it is a usual path and the first time "Anwendungsdaten" is a link (http://i.imm.io/15JzE.png, http://i.imm.io/15JA9.png) - C:\users\All users\Anwendungsdaten - and it goes on: C:\users\All users\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten and so on.

 

I do not have any idea what this is.

 

I tried to delete one "Anwendungsdaten", a message appears, like "cannot find path". But now there is no "Anwendungsdaten" anymore, I am trying a new scan.

 

Each "Anwendungsdaten" is a link.

 

Open Explorer (Computer) and look at C:\users\All users\Anwendungsdaten.

 

It looks: http://i.imm.io/15JEJ.png

 

It appears that under that folder are 7 subfolders all named Anwendungsdaten

 

7 links "Anwendungsdaten" obviously, not folders. 7 "Anwendungsdaten" or more, the path wasn't found anymore after trying to open the next "Anwendungsdaten", the 8th)

 

The OTL scan sticks again, the same folder, respectively link. Now there are mixed links, changing "Anwendungsdaten" and "Application Data"

 

Meanwhile the system runs sluggish, slow, senseless (all the time "No response" whatever I do) again like usually though the Task Manager shows about the same resources usages. Ditto is not running.


Edited by Diirk, 12 May 2013 - 11:18 AM.


#39 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 11:39 AM

By "link" you mean "shortcut"? Shortcut to shortcut to shortcut...??  Weird.

 

You're on your own.  Look in your  startup folder C:\Users\Dirk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\

If you see those weird links delete them.  You can always make new shortcuts.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#40 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 12 May 2013 - 12:03 PM

By "link" you mean "shortcut"? Shortcut to shortcut to shortcut...??  Weird

 

Sorry, yes, a shortcut (folder with arrow).

 

Can you access / see my screen shots?

 

 Look in your  startup folder C:\Users\Dirk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ If you see those weird links delete them.

 

There are just two items in: http://i.imm.io/15KiP.png

So, nothing to delete.



#41 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 12:06 PM

We could search for all the files with Anwendungsdaten but perhaps you can find where the shortcuts are located without that.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#42 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 02:16 PM

My grandson suggests that each of those shortcuts was pointing to the folder where that same shortcut was, and running the same shortcut over again.  Now that the links are gone you probably have lost access to the files at the ends of the paths - do you know what the filenames were, and do you need those files?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#43 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 12 May 2013 - 02:41 PM

We could search for all the files with Anwendungsdaten but perhaps you can find where the shortcuts are located without that.

 

I had unsuccessfully tried to find them with a search program.

 

Now that the links are gone you probably have lost access to the files at the ends of the paths - do you know what the filenames were, and do you need those files?

 

I have any idea, actually the message appearing after "trying" to delete such a shortcut from the chain of shortcuts with the same name said something like the "Application Data not found": http://i.imm.io/15JEJ.png

So it seems that nothing was deleted, but there is no access anymore to such a shortcut, but they are still appearing in the bottom line of OTL.

I could not find / reach / see any file at the end (where ever it might be) of such a shortcut chain, because when a special path length was reached, there was no access anymore. I hope I do not need whatever was at the end.



#44 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 03:45 PM

We can't find the files if you don't know the names.

Perhaps you can find the folder \movie_details_sub_folder


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#45 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 12 May 2013 - 04:41 PM

May be there were no files, may be there wasn't any folder, but only weired shortcuts. It is like they would not exist.

 

Alas, no, the movie_details_sub_folderi I still cannot find, it stays the same as it was with my first tries to find it, actually it doesn't seem to exist, I would say, but...and I couldn't see any reason, why I should not found it otherwise.



#46 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 12 May 2013 - 04:52 PM

Well, try this.

Please download SystemLook_x64 from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff....temLook_x64.exe
http://images.malwar...temLook_x64.exe
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:

:folderfind
*movie_details*
:regfind
*movie_details*

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#47 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 13 May 2013 - 01:02 AM

Thank you.

 

A few minutes are over now for a longer or long time and the scan still seems to be running: http://i.imm.io/15OSW.png

 

May be I will still wait some time...

 

Ah yes, on my system everthings seems to last extremely longer, here it is:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:32 on 13/05/2013 by Dirk
Administrator - Elevation successful

========== folderfind ==========

Searching for "*movie_details*"
No folders found.

========== regfind ==========

Searching for "*movie_details*"
No data found.

-= EOF =-

 

Oh, SystemLook needs very much RAM: http://i.imm.io/15OXl.png


Edited by Diirk, 13 May 2013 - 01:26 AM.


#48 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 May 2013 - 10:00 AM

All that slowness is probably due to the difficulty of traversing your file system.  I will have some suggestions but first I want to see what is in certain folders.  This will run quickly as it does not look in subfolders.
 
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\Documents and Settings\Dirk\AppData\Local
C:\users\Dirk\AppData\local
C:\users\All users
Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#49 Diirk

Diirk

    Member

  • Full Member
  • Pip
  • 30 posts

Posted 13 May 2013 - 03:52 PM

Thank you.

 

Yes, that worked fast, a few seconds:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:49 on 13/05/2013 by Dirk
Administrator - Elevation successful

========== dir ==========

C:\Documents and Settings\Dirk\AppData\Local - Parameters: "(none)"

---Files---
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini    --a---- 5120 bytes    [21:46 21/10/2012]    [11:18 01/05/2013]
GDIPFONTCACHEV1.DAT    --a---- 68328 bytes    [15:01 08/10/2012]    [23:27 21/03/2013]
IconCache.db    --ah--- 2712500 bytes    [13:53 18/11/2012]    [12:41 12/05/2013]
recently-used.xbel    --a---- 218 bytes    [09:06 03/05/2013]    [20:19 21/12/2012]
Resmon.ResmonCfg    --a---- 7640 bytes    [13:04 12/10/2012]    [12:38 12/05/2013]

---Folders---
AlbumArtDownloader    d------    [21:20 05/11/2012]
Anwendungsdaten    d--hs--    [13:31 08/10/2012]
Apps    d------    [12:37 04/11/2012]
ashampoo    d------    [22:10 18/12/2012]
assembly    d------    [22:44 21/03/2013]
ATI    d------    [15:40 22/02/2013]
Avg2013    d------    [15:25 08/10/2012]
ChanSort    d------    [02:02 20/11/2012]
Copy Handler    d------    [16:45 08/10/2012]
Deployment    d------    [12:14 15/02/2013]
Diagnostics    d------    [16:09 08/10/2012]
DoNotTrackPlus    d------    [15:35 08/10/2012]
Downloaded Installations    d------    [10:58 01/03/2013]
ElevatedDiagnostics    d------    [11:00 30/10/2012]
Eraser 6    d------    [16:17 09/10/2012]
FreeCommanderXE    d------    [16:29 10/10/2012]
HolosTek,_Inc    d------    [12:57 17/11/2012]
kvibes    d------    [22:20 07/04/2013]
Lingoes    d------    [08:57 01/04/2013]
Macromedia    d------    [08:37 10/10/2012]
Matthijs_de_Zwart    d------    [21:07 30/03/2013]
MFAData    d------    [15:25 08/10/2012]
Microsoft    d------    [13:31 08/10/2012]
Mozilla    d------    [16:31 08/10/2012]
Passbild_Generator    d------    [22:48 20/02/2013]
Programs    d------    [20:51 18/12/2012]
Raymond    d------    [21:16 12/10/2012]
Stardock    d------    [22:51 11/10/2012]
Temp    d------    [13:31 08/10/2012]
Temporary Internet Files    d--hs--    [13:31 08/10/2012]
Thunderbird    d------    [15:59 09/10/2012]
Verlauf    d--hs--    [13:31 08/10/2012]
VirtualStore    d------    [13:31 08/10/2012]

C:\users\Dirk\AppData\local - Parameters: "(none)"

---Files---
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini    --a---- 5120 bytes    [21:46 21/10/2012]    [11:18 01/05/2013]
GDIPFONTCACHEV1.DAT    --a---- 68328 bytes    [15:01 08/10/2012]    [23:27 21/03/2013]
IconCache.db    --ah--- 2712500 bytes    [13:53 18/11/2012]    [12:41 12/05/2013]
recently-used.xbel    --a---- 218 bytes    [09:06 03/05/2013]    [20:19 21/12/2012]
Resmon.ResmonCfg    --a---- 7640 bytes    [13:04 12/10/2012]    [12:38 12/05/2013]

---Folders---
AlbumArtDownloader    d------    [21:20 05/11/2012]
Anwendungsdaten    d--hs--    [13:31 08/10/2012]
Apps    d------    [12:37 04/11/2012]
ashampoo    d------    [22:10 18/12/2012]
assembly    d------    [22:44 21/03/2013]
ATI    d------    [15:40 22/02/2013]
Avg2013    d------    [15:25 08/10/2012]
ChanSort    d------    [02:02 20/11/2012]
Copy Handler    d------    [16:45 08/10/2012]
Deployment    d------    [12:14 15/02/2013]
Diagnostics    d------    [16:09 08/10/2012]
DoNotTrackPlus    d------    [15:35 08/10/2012]
Downloaded Installations    d------    [10:58 01/03/2013]
ElevatedDiagnostics    d------    [11:00 30/10/2012]
Eraser 6    d------    [16:17 09/10/2012]
FreeCommanderXE    d------    [16:29 10/10/2012]
HolosTek,_Inc    d------    [12:57 17/11/2012]
kvibes    d------    [22:20 07/04/2013]
Lingoes    d------    [08:57 01/04/2013]
Macromedia    d------    [08:37 10/10/2012]
Matthijs_de_Zwart    d------    [21:07 30/03/2013]
MFAData    d------    [15:25 08/10/2012]
Microsoft    d------    [13:31 08/10/2012]
Mozilla    d------    [16:31 08/10/2012]
Passbild_Generator    d------    [22:48 20/02/2013]
Programs    d------    [20:51 18/12/2012]
Raymond    d------    [21:16 12/10/2012]
Stardock    d------    [22:51 11/10/2012]
Temp    d------    [13:31 08/10/2012]
Temporary Internet Files    d--hs--    [13:31 08/10/2012]
Thunderbird    d------    [15:59 09/10/2012]
Verlauf    d--hs--    [13:31 08/10/2012]
VirtualStore    d------    [13:31 08/10/2012]

C:\users\All users - Parameters: "(none)"

---Files---
ntuser.pol    -rahs-- 306 bytes    [15:53 12/10/2012]    [09:49 29/10/2012]

---Folders---
Adobe    d------    [23:50 25/04/2013]
AMD    d------    [15:39 22/02/2013]
aMPed    d------    [01:36 28/02/2013]
ARGUS TV    d------    [09:39 26/02/2013]
ashampoo    d------    [22:10 18/12/2012]
ATI    d------    [15:40 22/02/2013]
Avira    d------    [15:33 08/10/2012]
Caphyon    d------    [10:09 26/02/2013]
Common Files    d--h---    [15:25 08/10/2012]
Comodo    d------    [15:40 08/10/2012]
CPA_VA    d------    [19:36 08/10/2012]
Desktop    d--hs--    [05:08 14/07/2009]
Documents    d--hs--    [05:08 14/07/2009]
Dokumente    d--hs--    [13:31 08/10/2012]
DVBLogic    d------    [23:22 22/02/2013]
EventGhost    d------    [20:48 04/03/2013]
Favoriten    d--hs--    [13:31 08/10/2012]
Favorites    d--hs--    [05:08 14/07/2009]
Geekzone    d------    [20:42 01/03/2013]
Hauppauge    d------    [22:21 23/02/2013]
IDM    d------    [21:21 18/02/2013]
Lingoes    d------    [08:57 01/04/2013]
Malwarebytes    d------    [18:32 05/05/2013]
MFAData    d------    [15:25 08/10/2012]
Microsoft    d---s--    [03:20 14/07/2009]
MySQL    d------    [21:03 27/02/2013]
NCH Software    d------    [20:47 26/04/2013]
NCH Swift Sound    d------    [09:37 31/10/2012]
Nero    d------    [14:43 22/12/2012]
PDF Architect    d------    [21:04 18/12/2012]
ServerCare    d------    [08:01 27/02/2013]
Start Menu    d--hs--    [05:08 14/07/2009]
Startmenü    d--hs--    [13:31 08/10/2012]
Sun    d------    [16:40 08/10/2012]
Team MediaPortal    d------    [21:02 27/02/2013]
TEMP    d-a----    [23:27 22/02/2013]
Templates    d--hs--    [05:08 14/07/2009]
UltiDev    d------    [10:07 26/02/2013]
Vorlagen    d--hs--    [13:31 08/10/2012]
X10 Settings    d------    [22:05 14/01/2013]

-= EOF =-



#50 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 13 May 2013 - 04:34 PM

Note that you have pairs of duplicated folders - one with German name, one with English name.
C:\users\All users
\Documents
\Dokumente
\Favoriten
\Favorites
\Start Menu
\Startmenü 
I would suggest  consolidating them.
 
Now a look at Team MediaPortal and Anwendungsdaten folders which I think may be screwed up. 
Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
C:\users\All users\Team MediaPortal
C:\Documents and Settings\Dirk\AppData\Local\Anwendungsdaten
Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by cnm, 13 May 2013 - 04:39 PM.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button