We have the Antivirus 2010 virus on our Laptop. I have followed all the steps within the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions. The Malwarebytes Anti-Malware scan has been unable to remove the virus, but has quarantined it.
Malwarebytes Anti-Malware log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5087
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/11/2010 09:28:40
mbam-log-2010-11-10 (09-28-40).txt
Scan type: Quick scan
Objects scanned: 141374
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\work\AppData\Roaming\AntiVirus 2010 (Rogue.AntiVirus2010) -> Delete on reboot.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\work\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\AntiVirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Delete on reboot.
C:\Users\work\AppData\Roaming\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Help AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\How to Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-10 09:52:54
Windows 6.1.7600
Running: 3ndf9cdi.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133aadc3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133aadc3 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS logs
DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by work at 9:54:34.74 on 10/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1788.707 [GMT 0:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\InternetEverywhere\WTGService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Program Files (x86)\InternetEverywhere\Launcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\work\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICON22~1.LNK - C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\InternetEverywhere\Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
================= FIREFOX ===================
FF - ProfilePath - C:\Users\work\AppData\Roaming\Mozilla\Firefox\Profiles\seeqvjko.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-1 218056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-11-1 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-11-1 59880]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-11-2 954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSviA64.sys [2010-10-19 476720]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-11-1 306648]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-1 112592]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 312320]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-1 359624]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-1 1141712]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-10 132656]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-11-1 92896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-16 215040]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-11-1 41888]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-16 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\System32\drivers\Gt51Ip.sys [2007-11-13 124416]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\System32\drivers\gt72ubus.sys [2007-10-9 80896]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-10-28 116224]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-16 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
=============== Created Last 30 ================
2010-11-10 09:13:07 -------- d-----w- C:\Users\work\AppData\Roaming\Malwarebytes
2010-11-10 09:12:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-10 09:12:33 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-10 09:12:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-10 09:12:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-01 10:48:38 -------- d-----w- C:\Users\work\AppData\Local\Threat Expert
2010-11-01 10:26:47 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2010-11-01 10:26:47 59880 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2010-11-01 10:26:47 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll.old
2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll
2010-11-01 10:26:28 165840 ----a-w- C:\Windows\PCTBDRes.dll
2010-11-01 10:26:28 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2010-11-01 10:26:28 1640400 ----a-w- C:\Windows\PCTBDCore.dll.old
2010-11-01 10:26:28 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2010-11-01 10:24:20 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-01 10:24:20 132048 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-01 10:24:11 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-01 10:23:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-01 10:23:49 -------- d-----w- C:\Users\work\AppData\Roaming\PC Tools
2010-11-01 10:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-01 09:08:42 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-01 09:08:42 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-01 09:06:47 -------- d-----w- C:\Users\work\AppData\Roaming\GetRightToGo
2010-10-28 14:02:17 -------- d-----w- C:\N360_BACKUP
2010-10-28 09:56:47 -------- d-----w- C:\Users\work\AppData\Local\CrashDumps
2010-10-28 09:26:55 -------- d-----w- C:\Users\work\AppData\Roaming\InternetEverywhere
2010-10-28 09:26:33 691712 ----a-w- C:\Windows\SysWow64\drivers\mod7700.sys
2010-10-28 09:26:33 29696 ----a-w- C:\Windows\SysWow64\drivers\ewdcsc.sys
2010-10-28 09:26:33 132608 ----a-w- C:\Windows\SysWow64\drivers\ewusbnet.sys
2010-10-28 09:26:33 116224 ----a-w- C:\Windows\SysWow64\drivers\ewusbfake.sys
2010-10-28 09:26:33 112896 ----a-w- C:\Windows\SysWow64\drivers\ewsercd.sys
2010-10-28 09:26:16 116864 ------w- C:\Windows\SysWow64\drivers\ewusbmdm.sys
2010-10-28 09:26:15 116864 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2010-10-28 09:26:15 116224 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
2010-10-28 09:26:14 -------- d-----w- C:\Program Files (x86)\InternetEverywhere
2010-10-27 08:11:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 08:11:49 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 08:11:49 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 08:11:49 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 08:11:49 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 08:11:49 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 08:11:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 08:11:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-15 07:37:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-15 07:37:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-15 07:37:11 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-15 07:37:11 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-15 07:37:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-15 07:37:10 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-15 07:34:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-15 07:34:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-15 07:34:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-15 07:34:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-15 07:34:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-15 07:34:22 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-14 12:08:40 -------- d-----w- C:\Users\work\AppData\Local\CANON_INC
2010-10-12 11:29:30 -------- d-----w- C:\Users\work\AppData\Roaming\HP SimpleSave Application
==================== Find3M ====================
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
============= FINISH: 9:56:45.56 ===============
I have the attach.txt log but I'm confused if I am to paste it here as per the 8 Steps instructions or attach it as a .zip file as per the actual log text.
Thank you for your assistance in anticipation.
Regards
Malwarebytes Anti-Malware log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5087
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/11/2010 09:28:40
mbam-log-2010-11-10 (09-28-40).txt
Scan type: Quick scan
Objects scanned: 141374
Time elapsed: 8 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\work\AppData\Roaming\AntiVirus 2010 (Rogue.AntiVirus2010) -> Delete on reboot.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\work\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\AntiVirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Delete on reboot.
C:\Users\work\AppData\Roaming\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Help AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\How to Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-10 09:52:54
Windows 6.1.7600
Running: 3ndf9cdi.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133aadc3
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133aadc3 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
DDS logs
DDS (Ver_10-11-09.01) - NTFS_AMD64
Run by work at 9:54:34.74 on 10/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1788.707 [GMT 0:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\InternetEverywhere\WTGService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
C:\Program Files (x86)\InternetEverywhere\Launcher.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\work\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICON22~1.LNK - C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\InternetEverywhere\Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
================= FIREFOX ===================
FF - ProfilePath - C:\Users\work\AppData\Roaming\Mozilla\Firefox\Profiles\seeqvjko.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-1 218056]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]
R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-11-1 65072]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-11-1 59880]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-11-2 954928]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSviA64.sys [2010-10-19 476720]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-11-1 306648]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-1 112592]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 312320]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-1 359624]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-1 1141712]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 228408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-10 132656]
R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-11-1 92896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-16 215040]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-11-1 41888]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-16 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\System32\drivers\Gt51Ip.sys [2007-11-13 124416]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\System32\drivers\gt72ubus.sys [2007-10-9 80896]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-10-28 116224]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-16 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
=============== Created Last 30 ================
2010-11-10 09:13:07 -------- d-----w- C:\Users\work\AppData\Roaming\Malwarebytes
2010-11-10 09:12:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-10 09:12:33 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-10 09:12:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-10 09:12:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-01 10:48:38 -------- d-----w- C:\Users\work\AppData\Local\Threat Expert
2010-11-01 10:26:47 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2010-11-01 10:26:47 59880 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2010-11-01 10:26:47 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll.old
2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll
2010-11-01 10:26:28 165840 ----a-w- C:\Windows\PCTBDRes.dll
2010-11-01 10:26:28 1652688 ----a-w- C:\Windows\PCTBDCore.dll
2010-11-01 10:26:28 1640400 ----a-w- C:\Windows\PCTBDCore.dll.old
2010-11-01 10:26:28 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2010-11-01 10:24:20 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2010-11-01 10:24:20 132048 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-11-01 10:24:11 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2010-11-01 10:23:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2010-11-01 10:23:49 -------- d-----w- C:\Users\work\AppData\Roaming\PC Tools
2010-11-01 10:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2010-11-01 09:08:42 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2010-11-01 09:08:42 -------- d-----w- C:\PROGRA~3\PC Tools
2010-11-01 09:06:47 -------- d-----w- C:\Users\work\AppData\Roaming\GetRightToGo
2010-10-28 14:02:17 -------- d-----w- C:\N360_BACKUP
2010-10-28 09:56:47 -------- d-----w- C:\Users\work\AppData\Local\CrashDumps
2010-10-28 09:26:55 -------- d-----w- C:\Users\work\AppData\Roaming\InternetEverywhere
2010-10-28 09:26:33 691712 ----a-w- C:\Windows\SysWow64\drivers\mod7700.sys
2010-10-28 09:26:33 29696 ----a-w- C:\Windows\SysWow64\drivers\ewdcsc.sys
2010-10-28 09:26:33 132608 ----a-w- C:\Windows\SysWow64\drivers\ewusbnet.sys
2010-10-28 09:26:33 116224 ----a-w- C:\Windows\SysWow64\drivers\ewusbfake.sys
2010-10-28 09:26:33 112896 ----a-w- C:\Windows\SysWow64\drivers\ewsercd.sys
2010-10-28 09:26:16 116864 ------w- C:\Windows\SysWow64\drivers\ewusbmdm.sys
2010-10-28 09:26:15 116864 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2010-10-28 09:26:15 116224 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
2010-10-28 09:26:14 -------- d-----w- C:\Program Files (x86)\InternetEverywhere
2010-10-27 08:11:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 08:11:49 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 08:11:49 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 08:11:49 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 08:11:49 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 08:11:49 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 08:11:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 08:11:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-15 07:37:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-15 07:37:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-15 07:37:11 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-15 07:37:11 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-15 07:37:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-15 07:37:10 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-15 07:34:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-15 07:34:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-15 07:34:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-15 07:34:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-15 07:34:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-15 07:34:22 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-14 12:08:40 -------- d-----w- C:\Users\work\AppData\Local\CANON_INC
2010-10-12 11:29:30 -------- d-----w- C:\Users\work\AppData\Roaming\HP SimpleSave Application
==================== Find3M ====================
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
============= FINISH: 9:56:45.56 ===============
I have the attach.txt log but I'm confused if I am to paste it here as per the 8 Steps instructions or attach it as a .zip file as per the actual log text.
Thank you for your assistance in anticipation.
Regards