Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Anti Virus 2010, Malwarbytes crashes


  • This topic is locked This topic is locked
2 replies to this topic

#1 heliumdream

heliumdream

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 12 December 2010 - 03:58 PM

hey there folks, i am a pretty keen computer user and have never had this much trouble removing a malware. in fact, i've helped friends remove this very same infection...but now its back and its on 'roids.

i am attempting to follow this guide, here
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

i booted into safe mode
ran RKill
installed malwarebytes anti-malware

went to run malwarebytes and it crashes after about 2 seconds of scanning. the program then becomes locked, requiring cacls execution from dos. you can open malwarebytes again after this, but the same crash occurs when it scans again.

i read it is preferred to make your own post, rather than follow posts for other infections. so here i am!

what logs do i need to post?
thanks in advance.

BC AdBot (Login to Remove)

 


#2 heliumdream

heliumdream
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 13 December 2010 - 08:04 PM

oops, forgot to follow the preparation guide -> http://www.bleepingcomputer.com/forums/topic34773.html

I got DDS to run, but I had trouble with GMER. Every time I go to scan with GMER it crashes and gets locked - similar to what I describe above when I try to run Malwarbytes.

dds.txt

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mom at 19:46:39.18 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1791.1192 [GMT -5:00]

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\lxcgcoms.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\svchost.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Mom\AppData\Roaming\Jenkat\Jenkat Games Arcade\NotifyApp.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mom\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0609&m=et1810
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0609&m=et1810
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=0609&m=et1810
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: zynga2009 Toolbar: {1624838e-931b-42c3-a022-a14a7cb09afb} - c:\program files\zynga2009\tbzyng.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
mURLSearchHooks: zynga2009 Toolbar: {1624838e-931b-42c3-a022-a14a7cb09afb} - c:\program files\zynga2009\tbzyng.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL
BHO: zynga2009 Toolbar: {1624838e-931b-42c3-a022-a14a7cb09afb} - c:\program files\zynga2009\tbzyng.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll
TB: zynga2009 Toolbar: {1624838e-931b-42c3-a022-a14a7cb09afb} - c:\program files\zynga2009\tbzyng.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} -
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
uRun: [Jenkat Arcade] c:\users\mom\appdata\roaming\jenkat\jenkat games arcade\notifyapp.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Skytel] Skytel.exe
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZLfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mom\appdata\roaming\mozilla\firefox\profiles\gukpix3g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383175&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2383175&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\mom\appdata\roaming\mozilla\firefox\profiles\gukpix3g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\mom\appdata\roaming\mozilla\firefox\profiles\gukpix3g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\mom\appdata\roaming\mozilla\firefox\profiles\gukpix3g.default\extensions\{a4552066-c29d-44e9-bc48-a523ac068d3e}\components\FFExternalAlert.dll
FF - component: c:\users\mom\appdata\roaming\mozilla\firefox\profiles\gukpix3g.default\extensions\{a4552066-c29d-44e9-bc48-a523ac068d3e}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: mafiawarsts Toolbar: {a4552066-c29d-44e9-bc48-a523ac068d3e} - %profile%\extensions\{a4552066-c29d-44e9-bc48-a523ac068d3e}
FF - Ext: Qute: {36C13C8F-54F1-412e-8177-2E411719162D} - %profile%\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: My Web Search: m3ffxtbr@mywebsearch.com - c:\program files\mywebsearch\bar\firefox
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091102.002\IDSvix86.sys [2009-10-28 343088]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-6-9 24576]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-10 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-28 136176]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-27 30192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-12 20:31:57 -------- d--h--w- c:\windows\PIF
2010-12-12 19:58:50 -------- d-----w- c:\users\mom\appdata\roaming\Malwarebytes
2010-12-12 19:58:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 19:58:46 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-12 19:58:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-12 19:58:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 13:09:04 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-12-10 12:55:52 469256 ----a-w- c:\program files\common files\windows live\.cache\9213f2c01cb98692c\InstallManager_WLE_WLE.exe
2010-12-10 12:55:22 15712 ----a-w- c:\program files\common files\windows live\.cache\81aa22b01cb986920\MeshBetaRemover.exe
2010-12-10 12:54:58 94040 ----a-w- c:\program files\common files\windows live\.cache\72c40c701cb986919\DSETUP.dll
2010-12-10 12:54:58 525656 ----a-w- c:\program files\common files\windows live\.cache\72c40c701cb986919\DXSETUP.exe
2010-12-10 12:54:58 1691480 ----a-w- c:\program files\common files\windows live\.cache\72c40c701cb986919\dsetup32.dll
2010-12-10 12:54:55 94040 ----a-w- c:\program files\common files\windows live\.cache\70aaf0701cb986918\DSETUP.dll
2010-12-10 12:54:55 525656 ----a-w- c:\program files\common files\windows live\.cache\70aaf0701cb986918\DXSETUP.exe
2010-12-10 12:54:55 1691480 ----a-w- c:\program files\common files\windows live\.cache\70aaf0701cb986918\dsetup32.dll
2010-12-10 12:54:22 6260088 ----a-w- c:\program files\common files\windows live\.cache\5c2dbb001cb98690e\Silverlight.4.0.exe
2010-12-10 12:53:47 -------- d-----w- c:\users\mom\appdata\local\Windows Live
2010-12-10 12:52:48 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-10 12:51:09 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b6fb886d-34c0-4bbf-9ba2-b2dd3749fd55}\mpengine.dll
2010-11-24 05:01:07 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-18 04:38:03 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-11-18 04:33:11 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-11-18 04:33:11 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-11-18 04:33:10 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-11-18 04:33:10 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-11-18 04:33:10 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-11-18 04:33:10 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-11-18 04:33:10 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-11-18 04:33:10 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-11-18 04:33:10 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-11-18 04:32:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-18 04:32:23 -------- d-----w- C:\NVIDIA
2010-11-18 04:29:54 -------- d-----w- c:\program files\SystemRequirementsLab
2010-11-18 03:05:35 -------- d-----w- c:\windows\system32\AGEIA
2010-11-18 03:04:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-17 23:28:45 -------- d-----w- c:\users\mom\appdata\roaming\LolClient
2010-11-17 23:23:02 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-11-17 23:23:02 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-11-17 23:23:02 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-11-17 23:23:02 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-11-17 23:23:02 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-11-17 23:19:06 -------- d-----w- C:\Riot Games
2010-11-17 23:00:08 -------- d-----w- c:\users\mom\appdata\local\PMB Files
2010-11-17 23:00:07 -------- d-----w- c:\progra~2\PMB Files
2010-11-17 22:59:55 -------- d-----w- c:\program files\Pando Networks
2010-11-17 22:59:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 17:42:20 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 17:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 17:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 17:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 17:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll

============= FINISH: 19:47:27.90 ===============

Attached Files


Edited by heliumdream, 13 December 2010 - 08:06 PM.


#3 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:26 AM

Posted 16 December 2010 - 04:12 AM

Hi heliumdream,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.

Do you have Windows Vista Install DVD handy or Can you boot into pre-installed recovery options ? We need it to remove the main culprit via command-line recovery console . Advise me in your next reply.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


In your next reply, please post back:

1.TDSSKiller log Thanks

Edited by sundavis, 16 December 2010 - 04:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users