TechSpot

Is it possible to use the 8-steps as a routine check?

By MrClean
Dec 28, 2010
  1. Hi, I haven't noticed any problems on my new computer, but for an initial period (few weeks to a month?) after I got it I did not have any antivirus running. Memory usage upon startup before installation of new programs etc. was about 1.0GB, now after everything has been installed and I've been using it maybe 2 months it's at about 1.5GB. This is normal right?

    Anyway my question was, can I use the 8-steps as a sort of routine checkup, and if not, can anyone recommend any other tips on how to detect when something is up with my computer? (Besides antivirus scanning, or is this considered to be mostly sufficient even in the case where something may have already been on the computer pre-installation?)

    Will the logs tell you if everything is clean? (Or probably clean?)

    Also, I did move over my documents and music etc. from my old computer which was running so slowly I'm pretty sure it was infected. I did not scan them on the old computer before moving over. Is my new computer safe?

    I realise most people here actually have visible problems but I just wanted to make sure. Anyway a few things popped up on one of the logs, not sure if it means anything.

    Here are the 8-step logs:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5408

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    29/12/2010 3:00:03 AM
    mbam-log-2010-12-29 (03-00-03).txt

    Scan type: Quick scan
    Objects scanned: 150728
    Time elapsed: 2 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-29 03:20:44
    Windows 6.1.7600
    Running: ivoxc773.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da9a8a3
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da9a8a3 (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows Live\Companion\netizen.sean@live.com.sg@e6564b58ee4470d31ae93890d6c209ac\r\n 0x01 0xDF 0xBC 0x9A ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\netizen.sean@live.com.sg@7a09dd1dee6b77ae83b48d4082631f74\r\n 0x81 0x6F 0x5E 0x4D ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\netizen.sean@live.com.sg@c753f8141b697cdfa58c86c135ca4eea\r\n 0x32 0x54 0x76 0x18 ...
    Reg HKCU\Software\Microsoft\Windows Live\Companion\netizen.sean@live.com.sg@d8bedd0930d9d5101b9f7cab92421729\r\n 0x6E 0x95 0x12 0x65 ...

    ---- Files - GMER 1.0.15 ----

    File Q:\$RECYCLE.BIN 0 bytes
    File Q:\$RECYCLE.BIN\S-1-5-21-666445272-366805093-1171402342-1000 0 bytes
    File Q:\$RECYCLE.BIN\S-1-5-21-666445272-366805093-1171402342-1000\desktop.ini 129 bytes
    File Q:\System Volume Information 0 bytes
    File Q:\System Volume Information\EfaData 0 bytes
    File Q:\System Volume Information\EfaData\SYMEFA.DB 28672 bytes
    File Q:\System Volume Information\tracking.log 20480 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Sean at 3:26:18.54 on Wed 29/12/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.4022.2426 [GMT 8:00]

    AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\ProgramData\Norton\NUA.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Sean\Documents\Setup files\8-Step Malware Removal\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [NortonUpdateAgent] C:\ProgramData\Norton\NUA.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1108000.005\symds64.sys [2010-12-22 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1108000.005\symefa64.sys [2010-12-22 221232]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NAVx64\1108000.005\cchpx64.sys [2010-12-22 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20101227.001\IDSviA64.sys [2010-12-28 476792]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1108000.005\ironx64.sys [2010-12-22 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NAVx64\1108000.005\symtdiv.sys [2010-12-22 451120]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-9-24 359552]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-22 202752]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccsvchst.exe [2010-12-22 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-7 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-24 2314240]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-1-22 6233088]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-1-22 161280]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-7-2 52264]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-9-24 35104]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-21 132656]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-9-24 56344]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-19 143472]
    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-25 115312]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-24 135664]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-26 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2010-12-8 106040]
    S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2010-12-8 180280]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-27 1255736]

    =============== Created Last 30 ================

    2010-12-28 18:56:40 -------- d-----w- C:\Users\Sean\AppData\Roaming\Malwarebytes
    2010-12-28 18:56:34 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-28 18:56:34 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-28 18:56:31 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-28 18:56:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-28 18:50:46 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
    2010-12-28 18:49:36 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-12-28 17:34:57 53808 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
    2010-12-23 15:03:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-12-22 09:06:32 451120 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symtdiv.sys
    2010-12-22 09:06:32 433200 ----a-r- C:\Windows\System32\drivers\NAVx64\1108000.005\symds64.sys
    2010-12-22 09:06:32 221232 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symefa64.sys
    2010-12-22 09:06:31 615040 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\cchpx64.sys
    2010-12-22 09:06:31 505392 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtsp64.sys
    2010-12-22 09:06:31 32304 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtspx64.sys
    2010-12-22 09:06:31 150064 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\ironx64.sys
    2010-12-22 09:06:21 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1108000.005
    2010-12-20 16:01:38 -------- d-----w- C:\Users\Sean\AppData\Local\CrashDumps
    2010-12-20 05:54:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2010-12-18 10:08:54 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-12-18 10:08:53 -------- d-----w- C:\Program Files\Symantec
    2010-12-18 10:08:53 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2010-12-18 10:08:24 -------- d-----w- C:\Windows\System32\drivers\NAVx64
    2010-12-18 10:08:22 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
    2010-12-18 10:06:12 -------- d-----w- C:\PROGRA~3\Norton
    2010-12-18 10:05:19 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2010-12-18 10:05:19 -------- d-----w- C:\PROGRA~3\NortonInstaller
    2010-12-18 08:34:25 -------- d-----w- C:\Program Files\iTunes
    2010-12-18 08:34:25 -------- d-----w- C:\Program Files\iPod
    2010-12-18 08:34:25 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-12-13 18:30:10 -------- dc----w- C:\Users\Sean\AppData\Local\MigWiz
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2010-12-11 09:06:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2010-12-08 15:57:29 180280 ----a-w- C:\Windows\System32\drivers\mkd3kfnt.sys
    2010-12-08 15:57:29 106040 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
    2010-12-08 15:57:06 -------- d-----w- C:\Windows\Application Data
    2010-12-08 15:56:35 -------- d-----w- C:\Program Files (x86)\AhnLab
    2010-12-08 15:51:57 -------- d-----w- C:\Program Files (x86)\Wizet
    2010-12-04 16:48:04 -------- d-----w- C:\PROGRA~3\PC Drivers HeadQuarters
    2010-11-29 09:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 09:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-29 00:17:57 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-11-29 00:16:41 -------- d-----w- C:\Users\Sean\AppData\Local\PunkBuster
    2010-11-29 00:15:24 189480 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-11-29 00:15:22 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-11-29 00:15:22 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2010-11-29 00:11:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll
    2010-11-28 23:56:41 -------- d-----w- C:\Program Files (x86)\USArmy

    ==================== Find3M ====================

    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-07 04:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2010-10-07 04:36:16 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2010-10-07 04:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2010-10-07 04:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2010-10-07 04:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2010-10-07 04:23:02 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2010-10-07 04:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2010-10-07 04:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

    ============= FINISH: 3:26:41.85 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/11/2010 3:48:14 PM
    System Uptime: 29/12/2010 2:50:13 AM (1 hours ago)

    Motherboard: ASUSTeK Computer Inc. | | K42Jr
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 919/533mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 116 GiB total, 65.188 GiB free.
    D: is FIXED (NTFS) - 330 GiB total, 329.689 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP28: 18/12/2010 3:00:16 AM - Windows Update
    RP29: 18/12/2010 7:29:25 AM - Windows Update
    RP30: 18/12/2010 6:20:03 PM - Windows Update
    RP31: 21/12/2010 11:33:33 PM - Configured Microsoft Office Home and Student 2010
    RP32: 21/12/2010 11:36:52 PM - Configured Microsoft Office Home and Student 2010
    RP33: 23/12/2010 11:02:34 PM - Installed Java(TM) 6 Update 23

    ==== Installed Programs ======================

    AA3Deploy
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2 MUI
    AhnLab Online Security
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS MultiFrame
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ATK Package
    Bing Bar
    Bing Bar Platform
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    ControlDeck
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 23
    JMicron Ethernet Adapter NDIS Driver
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    MapleStorySEA version v0.97
    Messenger Companion
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser (KB973685)
    Norton AntiVirus
    PunkBuster Services
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    Wireless Console 3

    ==== Event Viewer Messages From Past Week ========

    29/12/2010 2:49:12 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
    25/12/2010 3:57:51 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user PC-Sean\Sean SID (S-1-5-21-666445272-366805093-1171402342-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...