Trouble running Malwarebytes to remove PC antivirus 2010

[pvonkaenel]

Hi, I could really use some guidance.

My PC is infected with PC antivirus 2010, I was able to install and update Malwarebytes, however when I tried to start the scan Malwarebytes closed after about 3 seconds and now I am unable to open Malwarebytes again.

I have already tried to re-install malwarebytes and change the file extensions from .exe to .com on both mbam_setup for the install and then to Mbam to run the program, the end result was the same as listed above.

I do have the DDS.txt, attach.txt, and ark.txt files I will attach them.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 16:11:44.28 on Mon 03/15/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.203 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\administrator.SESC\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mSearchAssistant = hxxp://www.google.com

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: cru629.dat

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

Hosts: 172.16.1.73 dena07

Hosts: 172.16.1.24 dena05

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-7 130936]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-8-7 348752]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-8-7 1097096]

S2 AntipPro2009_12;AntipyPro_12;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2010-03-15 20:00:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-15 20:00:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-15 19:56:10 11264 ----a-w- c:\windows\braviax.exe

2010-03-15 19:08:24 6144 ----a-w- c:\windows\system32\cru629.dat

2010-03-15 19:08:24 6144 ----a-w- c:\windows\cru629.dat

2010-03-15 19:08:24 11264 ----a-w- c:\windows\system32\braviax.exe

2010-03-15 18:32:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-03-15 19:08:24 11264 ----a-w- c:\windows\braviax.exe.vir

2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-01-07 14:43:44 17537 ----a-w- c:\docume~1\alluse~1\applic~1\zotatoh.exe

2009-10-27 14:37:10 15297 ----a-w- c:\program files\common files\qemyv.ban

2009-08-07 19:21:44 19817 ----a-w- c:\program files\common files\ujuvakym.reg

2009-08-07 19:21:44 15500 ----a-w- c:\program files\common files\umer.sys

============= FINISH: 16:12:30.56 ===============

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-15 16:18:38

Windows 5.1.2600 Service Pack 2

Running: 3g457n4l.exe; Driver: C:\DOCUME~1\ADMINI~1.SES\LOCALS~1\Temp\uxdyapoc.sys

---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF82AD514]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF829C282]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF829C474]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF82ADD00]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF82ADFB8]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82AC3FA]

SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF85171A0]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82AE422]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF82AD7D8]

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF829BF32]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [648] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [952] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1056] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1176] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1256] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [1300] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1416] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [1672] 0x02070000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Spyware Doctor\pctsSvc.exe [1808] 0x35670000

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2032] 0x35670000

Process C:\WINDOWS\system32\braviax.exe (*** hidden *** ) 2460

Library \\?\globalroot\Device\__max++>\927FA52A.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3900] 0x35670000

---- EOF - GMER 1.0.15 ----

Attach.zip

[myrti]

Hello and welcome to Malwarebytes!

We apologize for the delay in responding to your request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

If you still need help please let me know by replying back to this post.

regards myrti

[pvonkaenel]

I do still need help with this situation.

I have already followed the instructions on what to do before you post, the logs are above.

Also above is an explanation of what I am dealing with.

Basically I have PC antivirus 2010 on an XP machine. I was able to download, install, and update malwarebytes. However when I tried to run the scan the Malwarebytes program shutdown after about 3 seconds and I am unable to restart the malwarebytes program again.

Thanks,

[pvonkaenel]

Oh, I didn't add to the last reply.

I do thank you very much for your help.

[myrti]

Hi,

I have already followed the instructions on what to do before you post, the logs are above.

Great! I just wanted to make sure that you had seen the options.

Could you please provide a fresh scan from gmer so that I can see if the infection is still present.

Please also download and run maxlook:

http://noahdfear.net/downloads/maxlook.exe

It should open a log. Please post it in your next reply

regards myrti

[pvonkaenel]

thank you for your help, but I decided to go ahead and Re-install the OS on the Machine. When I tried to run the GMER again it would go to the BSOD every time so I said the heck with it

Thanks again for your time and assistance

[myrti]

Hi,

thanks for letting me know. Do you have any more questions or should I have this topic closed?

regards myrti

[pvonkaenel]

Go ahead and close it.

Thanks again