2 replies to this topic

[killallmalware]

Hello. I'm new to the Malwarebytes forum and I just recently bought the PRO version of Malwarebytes Anti-Malware. This incident has occured: whenever I do a quick scan in my administrator account and when Malwarebytes found a threat, in the middle of the scan, I would get the Blue Screen of Death. It said it had to do with some sort of kernel problem. This has happened 2 times. However, when I ran a quick scan in my limited account, no threats were detected and the Blue Screen of Death didn't show up. I have provided the 2 requested logs.

DDS.txt contents:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Nimda at 12:26:14 on 2012-04-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1078 [GMT -7:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Mom\AppData\Local\CrossLoop\CrossLoopService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
TB: DocuCom PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [ISUSPM] "c:\programdata\flexnet\connect\11\ISUSPM.exe" -scheduler
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: Open with PDF Professional 7 - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{096B7C05-3AB6-4981-BFDF-2F2ECC6AF8DE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C3A24C77-1FA4-40C5-B947-A9E672F3AB04} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nimda\appdata\roaming\mozilla\firefox\profiles\cktzc9uw.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-3-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-3-1 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-19 820856]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.2.1\definitions\ipsdefs\20120401.001\IDSvix86.sys [2012-4-2 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-3-1 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502000.00d\symnets.sys [2012-3-1 299640]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 CrossLoopService;CrossLoop Service;c:\users\mom\appdata\local\crossloop\CrossLoopService.exe [2012-3-27 569072]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-1 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-3-1 130008]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2011-9-9 135016]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-5-16 350248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-1 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-1 20464]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\drivers\WMP54Gv41x86.sys [2010-4-7 376160]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-5-16 37504]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-5-16 100328]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-5-16 309224]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2011-5-16 76840]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2011-5-16 129640]
S3 BFNVis32;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVx86.sys [2011-5-16 129640]
S3 BXOIS;BXOIS;c:\windows\system32\drivers\bxois.sys [2011-5-16 431144]
S3 cbaf;UWB Cable Based Association Framework Driver;c:\windows\system32\drivers\cbaf.sys [2011-5-16 11008]
S3 dfuuwb;Intel Wireless UWB Link 1480M Device Firmware Utility;c:\windows\system32\drivers\DfuUWB.sys [2011-5-16 500736]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-5-16 109448]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-5-16 33152]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-5-16 52992]
S3 HWA;Intel® Wireless USB Host Adapter;c:\windows\system32\drivers\HWA.sys [2011-5-16 53376]
S3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x32.sys [2011-5-16 269584]
S3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60x32.sys [2011-5-16 61712]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-5-16 132480]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd16032.sys [2011-5-16 36552]
S3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\system32\drivers\qd26032.sys [2011-5-16 37576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-2 40776]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-16 40832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-3-27 129976]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-5-16 63872]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-5-16 141952]
S3 nvamacpi;nvamacpi;c:\windows\system32\drivers\nvamacpi.sys [2011-5-16 24608]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-6-17 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 tvnserver;TightVNC Server;c:\users\mom\appdata\local\crossloop\tvnserver.exe [2012-3-27 814080]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2011-5-18 11596]
S3 uwbusb;UWB Bus Control USB-Miniport Driver;c:\windows\system32\drivers\usbuwbmini.sys [2011-5-16 9600]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2011-1-18 54144]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-3 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-04-03 18:59:02 -------- d-----w- C:\f1bf0072615ea8aa8e90
2012-04-03 05:47:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-03 05:35:38 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-04-03 04:39:08 -------- d-----w- C:\a3e13c58a3d203d2982d2978
2012-04-03 04:30:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-03 04:26:34 -------- d-----w- C:\a45fcc22a60094f3c0d0e3e688
2012-04-03 04:22:56 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-04-03 04:22:55 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-04-02 04:38:20 -------- d-----w- c:\program files\Advanced Port Scanner
2012-04-02 01:17:21 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-31 21:35:40 -------- d-----w- c:\users\nimda\appdata\local\Adobe
2012-03-27 23:07:20 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-03-27 23:07:16 145960 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-03-27 23:07:16 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-03-26 01:28:47 -------- d-----w- c:\users\nimda\appdata\roaming\IconChanger
2012-03-26 01:21:14 -------- d-----w- c:\program files\IconChanger
2012-03-26 01:06:08 -------- d-----w- c:\users\nimda\appdata\local\Deployment
2012-03-26 01:06:08 -------- d-----w- c:\users\nimda\appdata\local\Apps
2012-03-26 00:18:31 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-03-26 00:14:39 -------- d-----w- c:\users\nimda\appdata\roaming\Microsoft Corporation
2012-03-25 18:34:10 -------- d-----w- c:\program files\FBP - Facebook Blaster Pro
2012-03-19 03:26:24 -------- d-----w- c:\users\nimda\appdata\roaming\Dev-Cpp
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-18 22:27:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-03-18 22:25:47 -------- d-----w- c:\users\nimda\appdata\local\Apple
2012-03-17 04:01:21 -------- d-----w- c:\users\nimda\appdata\local\ElevatedDiagnostics
2012-03-15 00:43:22 -------- d-----w- c:\programdata\VS
2012-03-15 00:40:13 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-03-15 00:38:39 -------- d-----w- C:\484bfc10b1ea60baa5
2012-03-15 00:38:35 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-03-15 00:38:13 -------- d-----w- c:\program files\Application Verifier
2012-03-15 00:25:55 -------- d-----w- c:\windows\system32\appmgmt
2012-03-14 22:56:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 05:28:41 3971440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 05:28:41 3916656 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 04:32:58 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:32:56 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:07:19 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:07:19 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:07:19 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:07:17 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 04:07:17 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:07:16 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 04:07:16 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 03:36:39 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-13 03:35:20 -------- d-----w- c:\windows\system32\RsFx
2012-03-13 03:29:56 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-13 03:29:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-13 03:29:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-13 03:22:47 -------- d-----w- c:\program files\Microsoft ASP.NET
2012-03-13 03:22:42 -------- d-----w- c:\program files\IIS
2012-03-13 03:21:29 2480064 ----a-w- c:\programdata\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2012-03-13 03:11:36 -------- d-----w- c:\windows\system32\1033
2012-03-13 03:11:11 -------- d-----w- c:\program files\Microsoft F#
2012-03-13 03:11:11 -------- d-----w- c:\program files\HTML Help Workshop
2012-03-13 03:11:10 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-03-13 03:11:10 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-03-13 03:11:10 -------- d-----w- c:\program files\common files\Merge Modules
2012-03-12 22:22:02 473656 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-12 22:20:59 -------- d-----w- c:\users\nimda\appdata\roaming\DAEMON Tools Lite
2012-03-12 22:20:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-12 17:08:32 -------- d-----w- c:\users\nimda\appdata\roaming\Image-Line
2012-03-12 15:24:20 -------- d-----w- c:\users\nimda\appdata\roaming\NoNameScript
2012-03-12 15:23:35 -------- d-----w- c:\windows\MSAgent
2012-03-12 15:15:25 -------- d-----w- c:\users\nimda\appdata\roaming\mIRC
2012-03-12 01:39:51 -------- d-----w- c:\users\nimda\appdata\local\Diagnostics
2012-03-12 00:43:37 -------- d-----w- c:\users\nimda\appdata\local\Mozilla
2012-03-10 16:44:26 -------- d-----w- c:\windows\PIXTRAN
2012-03-10 16:44:08 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-03-10 16:44:05 -------- d-----w- c:\program files\Nuance
2012-03-10 16:40:43 -------- d-----w- C:\Pro_11459.1
2012-03-10 15:54:17 -------- d-----w- c:\users\nimda\appdata\roaming\FLEXnet
2012-03-10 15:54:15 -------- d-----w- c:\users\nimda\appdata\roaming\Nuance
2012-03-10 15:51:14 -------- d-----w- c:\users\nimda\appdata\roaming\Zeon
2012-03-10 15:51:05 -------- d-----w- c:\programdata\Nuance
2012-03-10 15:50:21 -------- d-----w- c:\programdata\zeon
2012-03-10 06:14:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-10 06:14:07 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-10 06:13:28 -------- d-----w- c:\program files\ASIO4ALL v2
2012-03-10 06:13:01 225280 ----a-w- c:\windows\system32\rewire.dll
2012-03-10 06:13:01 -------- d-----w- c:\program files\VstPlugins
2012-03-10 06:12:43 1554944 ----a-w- c:\windows\system32\vorbis.acm
2012-03-10 06:12:31 -------- d-----w- c:\program files\Outsim
2012-03-10 06:08:44 -------- d-----w- c:\program files\Image-Line
2012-03-09 02:03:03 -------- d-----w- c:\windows\pss
2012-03-07 22:05:07 -------- d-----w- c:\program files\MSXML 4.0
2012-03-07 04:33:39 -------- d-----w- c:\users\nimda\appdata\local\HP
2012-03-07 04:17:58 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-03-07 04:17:40 -------- d-----w- c:\program files\common files\HP
2012-03-07 04:12:53 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-03-07 02:36:39 -------- d-----w- c:\program files\HP
2012-03-05 01:22:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-05 00:00:58 -------- d-----w- c:\windows\system32\Adobe
.
==================== Find3M ====================
.
2012-03-11 17:41:34 13824 ----a-w- c:\windows\system32\slwga.dll
2012-03-11 17:41:33 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-03-11 17:41:32 811520 ----a-w- c:\windows\system32\user32.dll
2012-03-03 22:28:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-02 00:28:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-01 23:28:22 0 ----a-w- c:\windows\ativpsrm.bin
2012-01-29 13:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-18 14:44:52 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
2012-01-18 14:44:52 4332960 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2012-01-18 14:44:40 545056 ----a-w- c:\windows\system32\LVUI2.dll
2012-01-18 14:44:28 312096 ----a-w- c:\windows\system32\drivers\lvrs.sys
2012-01-18 14:44:26 307488 ----a-w- c:\windows\system32\lvcodec2.dll
2012-01-18 14:44:26 196896 ----a-w- c:\windows\system32\lvci13311044.dll
2012-01-18 14:44:00 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 14:44:00 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 14:44:00 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-18 14:23:12 38958 ----a-w- c:\windows\system32\Repository.reg
.
============= FINISH: 12:27:19.69 ===============

Attached Files

•  Attach.zip   3.37K   10 downloads

[D-FRED-BROWN]

Hello killallmalware and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt

How is your computer running now?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!