TechSpot

Antivirus 2010 Virus, 8 steps followed. Logs available

By mike202
Nov 10, 2010
  1. We have the Antivirus 2010 virus on our Laptop. I have followed all the steps within the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions. The Malwarebytes Anti-Malware scan has been unable to remove the virus, but has quarantined it.

    Malwarebytes Anti-Malware log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5087

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/11/2010 09:28:40
    mbam-log-2010-11-10 (09-28-40).txt

    Scan type: Quick scan
    Objects scanned: 141374
    Time elapsed: 8 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\work\AppData\Roaming\AntiVirus 2010 (Rogue.AntiVirus2010) -> Delete on reboot.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\work\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Delete on reboot.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Help AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\How to Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.


    GMER log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-10 09:52:54
    Windows 6.1.7600
    Running: 3ndf9cdi.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133aadc3
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133aadc3 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    DDS logs

    DDS (Ver_10-11-09.01) - NTFS_AMD64
    Run by work at 9:54:34.74 on 10/11/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1788.707 [GMT 0:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\InternetEverywhere\WTGService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    C:\Program Files (x86)\InternetEverywhere\Launcher.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\work\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=C:\Windows\system32\userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICON22~1.LNK - C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\InternetEverywhere\Launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\work\AppData\Roaming\Mozilla\Firefox\Profiles\seeqvjko.default\
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-1 218056]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]
    R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-11-1 65072]
    R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-11-1 59880]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-11-2 954928]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSviA64.sys [2010-10-19 476720]
    R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-11-1 306648]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-16 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-1 112592]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 GtDetectSc;GtDetectSc;C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 312320]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-1 359624]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-1 1141712]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 228408]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-10 132656]
    R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-11-1 92896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-16 215040]
    R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-11-1 41888]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-16 36408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\System32\drivers\Gt51Ip.sys [2007-11-13 124416]
    S3 GT72UBUS;GT 72 U BUS;C:\Windows\System32\drivers\gt72ubus.sys [2007-10-9 80896]
    S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-10-28 116224]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-16 216576]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2010-11-10 09:13:07 -------- d-----w- C:\Users\work\AppData\Roaming\Malwarebytes
    2010-11-10 09:12:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-10 09:12:33 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-10 09:12:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-10 09:12:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-01 10:48:38 -------- d-----w- C:\Users\work\AppData\Local\Threat Expert
    2010-11-01 10:26:47 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
    2010-11-01 10:26:47 59880 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
    2010-11-01 10:26:47 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
    2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll.old
    2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll
    2010-11-01 10:26:28 165840 ----a-w- C:\Windows\PCTBDRes.dll
    2010-11-01 10:26:28 1652688 ----a-w- C:\Windows\PCTBDCore.dll
    2010-11-01 10:26:28 1640400 ----a-w- C:\Windows\PCTBDCore.dll.old
    2010-11-01 10:26:28 149456 ----a-w- C:\Windows\SGDetectionTool.dll
    2010-11-01 10:24:20 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2010-11-01 10:24:20 132048 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2010-11-01 10:24:11 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2010-11-01 10:23:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2010-11-01 10:23:49 -------- d-----w- C:\Users\work\AppData\Roaming\PC Tools
    2010-11-01 10:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2010-11-01 09:08:42 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
    2010-11-01 09:08:42 -------- d-----w- C:\PROGRA~3\PC Tools
    2010-11-01 09:06:47 -------- d-----w- C:\Users\work\AppData\Roaming\GetRightToGo
    2010-10-28 14:02:17 -------- d-----w- C:\N360_BACKUP
    2010-10-28 09:56:47 -------- d-----w- C:\Users\work\AppData\Local\CrashDumps
    2010-10-28 09:26:55 -------- d-----w- C:\Users\work\AppData\Roaming\InternetEverywhere
    2010-10-28 09:26:33 691712 ----a-w- C:\Windows\SysWow64\drivers\mod7700.sys
    2010-10-28 09:26:33 29696 ----a-w- C:\Windows\SysWow64\drivers\ewdcsc.sys
    2010-10-28 09:26:33 132608 ----a-w- C:\Windows\SysWow64\drivers\ewusbnet.sys
    2010-10-28 09:26:33 116224 ----a-w- C:\Windows\SysWow64\drivers\ewusbfake.sys
    2010-10-28 09:26:33 112896 ----a-w- C:\Windows\SysWow64\drivers\ewsercd.sys
    2010-10-28 09:26:16 116864 ------w- C:\Windows\SysWow64\drivers\ewusbmdm.sys
    2010-10-28 09:26:15 116864 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2010-10-28 09:26:15 116224 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
    2010-10-28 09:26:14 -------- d-----w- C:\Program Files (x86)\InternetEverywhere
    2010-10-27 08:11:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 08:11:49 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 08:11:49 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 08:11:49 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 08:11:49 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 08:11:49 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 08:11:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-27 08:11:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-15 07:37:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-15 07:37:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-10-15 07:37:11 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-10-15 07:37:11 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-10-15 07:37:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-10-15 07:37:10 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-10-15 07:34:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-10-15 07:34:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-10-15 07:34:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-10-15 07:34:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-10-15 07:34:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-10-15 07:34:22 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-14 12:08:40 -------- d-----w- C:\Users\work\AppData\Local\CANON_INC
    2010-10-12 11:29:30 -------- d-----w- C:\Users\work\AppData\Roaming\HP SimpleSave Application

    ==================== Find3M ====================

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

    ============= FINISH: 9:56:45.56 ===============

    I have the attach.txt log but I'm confused if I am to paste it here as per the 8 Steps instructions or attach it as a .zip file as per the actual log text.

    Thank you for your assistance in anticipation.

    Regards
     
  2. Broni

    Broni Malware Annihilator Posts: 52,565   +340

    Welcome aboard [​IMG]

    Always paste all logs.
    Please, do so with Attach.txt.

    Update MBAM, re-run it and post fresh log.
     
  3. mike202

    mike202 TS Rookie Topic Starter

    Ok, thanks Broni.

    I will be at the Laptop again on Monday, so will re-run and post the logs then.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,565   +340

    OK.................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...