Author Topic: NVSVCPMMWindowClass problem  (Read 19272 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: NVSVCPMMWindowClass problem
« Reply #30 on: August 23, 2011, 04:51:59 PM »
That in a way is good as it suggests that the MBR is OK

mb7317

  • Guest
Re: NVSVCPMMWindowClass problem
« Reply #31 on: August 23, 2011, 10:56:23 PM »
Kaspersky scan in Safe Mode finally finished after 7 hours.  Attached is the Detected Threat Log. Here is the link to the Sysinfo Log:

http://www.megaupload.com/?d=VNTQIWP1

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: NVSVCPMMWindowClass problem
« Reply #32 on: August 24, 2011, 01:18:32 PM »
OK lets try to shift it with this

  • Re-run AVPTool 
  • Select the Manual Disinfection tab and press Script execution



  • Where it states  Insert text  script in the following box copy the below script and press Run script
    Copy from Begin until End



Code: [Select]
begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DelBHO('{01C80681-2DF8-49BB-85F7-D32911D35B20}');
 DeleteFile('C:\WINDOWS\system32\authz32.dll');
 BC_DeleteFile('C:\WINDOWS\system32\authz32.dll');
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
  • Your system will reboot on completion, if it does not please do so yourself   
  • On completion please run another analysis scan and attach the zip file   

mb7317

  • Guest
Re: NVSVCPMMWindowClass problem
« Reply #33 on: August 24, 2011, 06:37:35 PM »
I have a question about the AVPTool script execution.  I can only run AVP in Safe Mode.  I ran the script execution and the computer rebooted into regular mode.  AVP tried to open but failed.

I again executed the script in Safe Mode and rebooted into Safe Mode.  The AVP didn't open automatically.  What I am asking is if I execute the script in Safe Mode, reboot in Safe Mode, and then have to reopen AVP, will that negate the script? And if I then run another analysis scan will it lack the script it needs to complete its task?

I hope this makes sense  :-\

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: NVSVCPMMWindowClass problem
« Reply #34 on: August 24, 2011, 07:52:29 PM »
If you are still getting the problem then I will remove it using my really big hammer

1. Please download The Avenger by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code: [Select]
Begin copying here:
Files to delete:
C:\WINDOWS\system32\authz32.dll

Note: the above code was created specifically for this user.  If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.


    • Accept the disclaimer


    • Right click on the window under Input script here:, and select Paste.



    • You can also click on this window and  press (Ctrl+V) to paste the contents of the clipboard.
    • Click on Execute

    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:

    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions.  This log file will be located at  C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.



    mb7317

    • Guest
    Re: NVSVCPMMWindowClass problem
    « Reply #35 on: August 24, 2011, 10:00:33 PM »
    I ran the avenger.  When the computer rebooted a

             "Windows - No Disk" message popped-up:

             "Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

    This is the txt file generated by avenger:

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform:  Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Error:  file "C:\WINDOWS\system32\authz32.dll" not found!
    Deletion of file "C:\WINDOWS\system32\authz32.dll" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


    Completed script processing.

    *******************

    Finished!  Terminate.


    I have rebooted a couple of times and neither Avast nor Malwarebytes flashes any warnings about infections.

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: NVSVCPMMWindowClass problem
    « Reply #36 on: August 24, 2011, 10:05:32 PM »
    OK that is confirmation that AVP killed it

    Could you now reboot and let me know what problems as still around

    mb7317

    • Guest
    Re: NVSVCPMMWindowClass problem
    « Reply #37 on: August 24, 2011, 10:17:35 PM »
    I rebooted and no problems were found by avast or malwarebytes

    Offline essexboy

    • Malware removal instructor
    • Avast Überevangelist
    • Probably Bot
    • *****
    • Posts: 40589
    • Dragons by Sasha
      • Malware fixes
    Re: NVSVCPMMWindowClass problem
    « Reply #38 on: August 24, 2011, 10:24:54 PM »
    OK if all is still well tomorrow let me know and I will remove my tools