Antivirus 2010 Virus, 8 steps followed. Logs available

Inactive
By mike202
Nov 10, 2010
Topic Status:
Not open for further replies.
  1. We have the Antivirus 2010 virus on our Laptop. I have followed all the steps within the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions. The Malwarebytes Anti-Malware scan has been unable to remove the virus, but has quarantined it.

    Malwarebytes Anti-Malware log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5087

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/11/2010 09:28:40
    mbam-log-2010-11-10 (09-28-40).txt

    Scan type: Quick scan
    Objects scanned: 141374
    Time elapsed: 8 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\work\AppData\Roaming\AntiVirus 2010 (Rogue.AntiVirus2010) -> Delete on reboot.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\work\AppData\Roaming\AntiVirus 2010\AntiVirus_Studio_2010.exe (Rogue.AntiVirusStudio2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Delete on reboot.
    C:\Users\work\AppData\Roaming\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\Help AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010\How to Activate AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.
    C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully.


    GMER log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-10 09:52:54
    Windows 6.1.7600
    Running: 3ndf9cdi.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027133aadc3
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027133aadc3 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    DDS logs

    DDS (Ver_10-11-09.01) - NTFS_AMD64
    Run by work at 9:54:34.74 on 10/11/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1788.707 [GMT 0:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\InternetEverywhere\WTGService.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    C:\Program Files (x86)\InternetEverywhere\Launcher.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\work\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=C:\Windows\system32\userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ICON22~1.LNK - C:\Program Files\Orange\ICON 225 USB Connect\ICON 225 USB Connect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\InternetEverywhere\Launcher.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\work\AppData\Roaming\Mozilla\Firefox\Profiles\seeqvjko.default\
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-11-1 218056]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0403000.005\symds64.sys [2010-9-24 433200]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0403000.005\symefa64.sys [2010-9-24 221232]
    R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2010-11-1 65072]
    R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2010-11-1 59880]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101029.001\BHDrvx64.sys [2010-11-2 954928]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0403000.005\cchpx64.sys [2010-9-24 615040]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101029.001\IDSviA64.sys [2010-10-19 476720]
    R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2010-11-1 306648]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0403000.005\ironx64.sys [2010-9-24 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0403000.005\symtdiv.sys [2010-9-24 451120]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-16 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
    R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-11-1 112592]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 27136]
    R2 GtDetectSc;GtDetectSc;C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe [2007-12-18 312320]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2010-9-24 126392]
    R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-11-1 359624]
    R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-11-1 1141712]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 228408]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-10 132656]
    R3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2010-11-1 92896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-16 215040]
    R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2010-11-1 41888]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-12-16 36408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\System32\drivers\Gt51Ip.sys [2007-11-13 124416]
    S3 GT72UBUS;GT 72 U BUS;C:\Windows\System32\drivers\gt72ubus.sys [2007-10-9 80896]
    S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2010-10-28 116224]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-16 216576]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2010-11-10 09:13:07 -------- d-----w- C:\Users\work\AppData\Roaming\Malwarebytes
    2010-11-10 09:12:35 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-10 09:12:33 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-10 09:12:31 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-10 09:12:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-01 10:48:38 -------- d-----w- C:\Users\work\AppData\Local\Threat Expert
    2010-11-01 10:26:47 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
    2010-11-01 10:26:47 59880 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
    2010-11-01 10:26:47 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
    2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll.old
    2010-11-01 10:26:29 767952 ----a-w- C:\Windows\BDTSupport.dll
    2010-11-01 10:26:28 165840 ----a-w- C:\Windows\PCTBDRes.dll
    2010-11-01 10:26:28 1652688 ----a-w- C:\Windows\PCTBDCore.dll
    2010-11-01 10:26:28 1640400 ----a-w- C:\Windows\PCTBDCore.dll.old
    2010-11-01 10:26:28 149456 ----a-w- C:\Windows\SGDetectionTool.dll
    2010-11-01 10:24:20 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
    2010-11-01 10:24:20 132048 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
    2010-11-01 10:24:11 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
    2010-11-01 10:23:57 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2010-11-01 10:23:49 -------- d-----w- C:\Users\work\AppData\Roaming\PC Tools
    2010-11-01 10:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2010-11-01 09:08:42 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
    2010-11-01 09:08:42 -------- d-----w- C:\PROGRA~3\PC Tools
    2010-11-01 09:06:47 -------- d-----w- C:\Users\work\AppData\Roaming\GetRightToGo
    2010-10-28 14:02:17 -------- d-----w- C:\N360_BACKUP
    2010-10-28 09:56:47 -------- d-----w- C:\Users\work\AppData\Local\CrashDumps
    2010-10-28 09:26:55 -------- d-----w- C:\Users\work\AppData\Roaming\InternetEverywhere
    2010-10-28 09:26:33 691712 ----a-w- C:\Windows\SysWow64\drivers\mod7700.sys
    2010-10-28 09:26:33 29696 ----a-w- C:\Windows\SysWow64\drivers\ewdcsc.sys
    2010-10-28 09:26:33 132608 ----a-w- C:\Windows\SysWow64\drivers\ewusbnet.sys
    2010-10-28 09:26:33 116224 ----a-w- C:\Windows\SysWow64\drivers\ewusbfake.sys
    2010-10-28 09:26:33 112896 ----a-w- C:\Windows\SysWow64\drivers\ewsercd.sys
    2010-10-28 09:26:16 116864 ------w- C:\Windows\SysWow64\drivers\ewusbmdm.sys
    2010-10-28 09:26:15 116864 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2010-10-28 09:26:15 116224 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys
    2010-10-28 09:26:14 -------- d-----w- C:\Program Files (x86)\InternetEverywhere
    2010-10-27 08:11:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 08:11:49 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 08:11:49 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 08:11:49 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 08:11:49 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 08:11:49 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 08:11:49 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-27 08:11:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-15 07:37:12 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-15 07:37:12 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-10-15 07:37:11 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-10-15 07:37:11 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-10-15 07:37:10 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-10-15 07:37:10 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-10-15 07:34:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-10-15 07:34:24 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-10-15 07:34:24 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-10-15 07:34:24 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-10-15 07:34:24 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-10-15 07:34:22 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-14 12:08:40 -------- d-----w- C:\Users\work\AppData\Local\CANON_INC
    2010-10-12 11:29:30 -------- d-----w- C:\Users\work\AppData\Roaming\HP SimpleSave Application

    ==================== Find3M ====================

    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

    ============= FINISH: 9:56:45.56 ===============

    I have the attach.txt log but I'm confused if I am to paste it here as per the 8 Steps instructions or attach it as a .zip file as per the actual log text.

    Thank you for your assistance in anticipation.

    Regards
  2. Broni

    Broni Malware Annihilator Posts: 45,172   +242

    Welcome aboard [​IMG]

    Always paste all logs.
    Please, do so with Attach.txt.

    Update MBAM, re-run it and post fresh log.
  3. mike202

    mike202 Newcomer, in training Topic Starter

    Ok, thanks Broni.

    I will be at the Laptop again on Monday, so will re-run and post the logs then.
  4. Broni

    Broni Malware Annihilator Posts: 45,172   +242

    OK.................
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.