Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chrome crashes then the blue screen arrives....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 24th, 2011, 7:35 pm

Hi folks

Any help would be very much appreciated... I have ran AVG, Spybot, Malware etc - they have picked up a couple of things which have been removed... however.. it seems to make no difference. I can be browsing in chrome for a while (2 hours this evening) and then all of a sudden the screen flickers, turns blue and restarts...

Also, when I do a search in google, I click on the result and I get redirected elsewhere....

Please see below logs as required:

----------------------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Neil at 23:25:10.64 on 24/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1015.336 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Neil\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\neil\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Philips Intelligent Agent] "c:\program files\philips\intelligent agent\Philips Intelligent Agent.exe" /SILENT
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\neil\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\neil\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\neil\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc230nc webcam\TrayMin230.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
SecurityProviders: credssp.dll, mtlikuyr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-9 64512]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-9 1405384]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-7 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 21072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-9 15232]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2010-6-12 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2010-6-12 461056]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]
.
=============== Created Last 30 ================
.
2011-03-21 00:13:21 -------- d-----w- c:\program files\MSECache
2011-03-19 13:08:33 -------- d-----w- c:\program files\iPod
2011-03-11 04:43:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-09 23:36:45 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-09 23:36:39 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-09 23:34:43 -------- d-----w- c:\users\neil\appdata\local\Sunbelt Software
2011-03-09 23:30:33 -------- dc-h--w- c:\progra~2\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
2011-03-09 23:27:00 -------- d-----w- c:\program files\Lavasoft
2011-03-07 18:37:55 0 ----a-w- c:\windows\system32\tmp.tmp
2011-03-07 00:55:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 00:55:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-07 00:45:41 -------- d-----w- c:\users\neil\appdata\roaming\Malwarebytes
2011-03-07 00:45:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 00:45:11 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-07 00:45:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 00:45:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 22:01:47 -------- d-----w- c:\users\neil\appdata\local\Cooliris
2011-03-06 20:42:56 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-03-06 20:42:55 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-06 20:38:11 -------- d-----w- c:\windows\PCHEALTH
2011-03-06 20:35:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-06 19:47:55 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST3160815AS rev.3.CHF -> Harddisk1\DR1 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84335439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8433b7b8]; MOV EAX, [0x8433b834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E4A448] -> \Device\Harddisk1\DR1[0x8430FA78]
3 CLASSPNP[0x865A559E] -> ntkrnlpa!IofCallDriver[0x81E4A448] -> [0x84230918]
5 ACPI[0x8603B3B2] -> ntkrnlpa!IofCallDriver[0x81E4A448] -> \IdeDeviceP2T0L0-4[0x84231030]
\Driver\atapi[0x84320F38] -> IRP_MJ_CREATE -> 0x84335439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST3160815AS_____________________________3.CHF___#5&30bdebf5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:27:00.72 ===============


-------------------------------------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 21/03/2010 13:48:43
System Uptime: 24/03/2011 23:15:58 (0 hours ago)
.
Motherboard: Foxconn | | Lucknow
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | CPU 1 | 1596/64511mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 30.708 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0.997 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 45.826 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP132: 14/03/2011 18:42:52 - Scheduled Checkpoint
RP133: 21/03/2011 00:13:34 - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
AVG 2011
AVG PC Tuneup 2011
AviSynth 2.5
Bonjour
Dropbox
Fisher-Price Computer Cool School
FLV Player 2.0 (build 25)
Google Chrome
HP Product Detection
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 24
JGoodies JDiskReport 1.3.2
K-Lite Codec Pack 6.0.4 (Full)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Philips Intelligent Agent
Philips SPC230NC Webcam
QuickTime
Realtek High Definition Audio Driver
Safari
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
Videora iPod Converter 5.04
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Webcam Video Viewer
Windows Media Player Firefox Plugin
WinRAR archiver
YouTube Downloader App 2.03
.
==== Event Viewer Messages From Past Week ========
.
24/03/2011 23:26:30, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/03/2011 23:16:58, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
24/03/2011 23:16:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/03/2011 23:16:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/03/2011 23:16:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/03/2011 23:16:40, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache spldr Wanarpv6
24/03/2011 23:16:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/03/2011 23:16:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000075, 0x00000002, 0x00000001, 0x82a8886c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032411-31403-01.
24/03/2011 23:11:38, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000044 (0x84f01008, 0x00000eae, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032411-33883-01.
24/03/2011 07:28:35, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
23/03/2011 22:15:30, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/03/2011 22:11:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23/03/2011 22:11:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
23/03/2011 22:11:02, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23/03/2011 22:11:02, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:02, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:02, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:02, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:01, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/03/2011 22:11:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82b0b3e1, 0x88f13b50, 0x88f13730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032311-27939-01.
23/03/2011 22:10:54, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/03/2011 22:10:54, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23/03/2011 22:10:54, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/03/2011 22:10:54, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/03/2011 22:08:17, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
22/03/2011 19:45:00, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
21/03/2011 01:16:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
21/03/2011 01:16:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
21/03/2011 01:15:00, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
21/03/2011 01:14:00, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/03/2011 01:14:00, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/03/2011 14:01:48, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82abe3e1, 0x88f1fb50, 0x88f1f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032011-55005-01.
19/03/2011 07:01:26, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
17/03/2011 01:26:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
.
==== End Of File ===========================
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm
Advertisement
Register to Remove

Re: Chrome crashes then the blue screen arrives....

Unread postby askey127 » March 28th, 2011, 7:57 am

Hi orangepeel2k,
You have a Rootkit infection, likely from using utorrent. You may be familiar with the term. If not, see here for an overview: http://en.wikipedia.org/wiki/Rootkit
It means that we cannot be absolutely certain that your machine is secure, since the rootkit could have done anything it wished with your security settings while on board.
(They can leave a door "unlocked" so they can come back later)
It also means that any personal information used with this machine..passwords, financial, etc. may have been compromised.
I would suggest changing account numbers, passwords, etc. for any accounts, credit cards, or other information that passed thru this machine. (Don't use this machine to make the changes, or the rootkit could intercept the changes)
If you need to be completely certain the machine can be trusted, you would need to reformat the hard drive and re-install the Windows system.

If you would like us to try and help you clean your machine, please proceed as follows:
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss in the filename is the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 28th, 2011, 4:17 pm

Hi askey127

Thanks for the reply, I have ran TDSSKiller and it found 1 malicious file, see below log:

----------------------------------------------------------------------------------------------------------

2011/03/28 21:06:51.0751 6876 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/28 21:06:52.0328 6876 ================================================================================
2011/03/28 21:06:52.0328 6876 SystemInfo:
2011/03/28 21:06:52.0328 6876
2011/03/28 21:06:52.0328 6876 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/28 21:06:52.0328 6876 Product type: Workstation
2011/03/28 21:06:52.0328 6876 ComputerName: NEIL-PC
2011/03/28 21:06:52.0328 6876 UserName: Neil
2011/03/28 21:06:52.0328 6876 Windows directory: C:\Windows
2011/03/28 21:06:52.0328 6876 System windows directory: C:\Windows
2011/03/28 21:06:52.0328 6876 Processor architecture: Intel x86
2011/03/28 21:06:52.0328 6876 Number of processors: 2
2011/03/28 21:06:52.0328 6876 Page size: 0x1000
2011/03/28 21:06:52.0328 6876 Boot type: Normal boot
2011/03/28 21:06:52.0328 6876 ================================================================================
2011/03/28 21:06:59.0785 6876 Initialize success
2011/03/28 21:07:19.0987 7072 ================================================================================
2011/03/28 21:07:19.0987 7072 Scan started
2011/03/28 21:07:19.0987 7072 Mode: Manual;
2011/03/28 21:07:19.0987 7072 ================================================================================
2011/03/28 21:07:22.0483 7072 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/28 21:07:22.0998 7072 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/28 21:07:23.0528 7072 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/28 21:07:23.0981 7072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/28 21:07:24.0620 7072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/28 21:07:25.0088 7072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/28 21:07:25.0681 7072 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/28 21:07:26.0087 7072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/28 21:07:26.0461 7072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/28 21:07:26.0914 7072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/28 21:07:27.0054 7072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/28 21:07:27.0101 7072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/28 21:07:27.0413 7072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/28 21:07:27.0772 7072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/28 21:07:28.0037 7072 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/28 21:07:28.0130 7072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/28 21:07:28.0177 7072 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/28 21:07:28.0240 7072 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/28 21:07:28.0349 7072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/28 21:07:28.0380 7072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/28 21:07:28.0458 7072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/28 21:07:28.0552 7072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/28 21:07:28.0661 7072 AVGIDSDriver (1ca8e5fe74efd5826bbd76c0470e6ae4) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/28 21:07:28.0739 7072 AVGIDSEH (b9b6e535b9b49c463f68f4bcdd232944) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/28 21:07:28.0832 7072 AVGIDSFilter (32a76fd3fc12d09c586730ef63b4b20b) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/28 21:07:28.0926 7072 AVGIDSShim (84431da40330cdfd84a7b92bcf0d4a05) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/03/28 21:07:29.0004 7072 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/03/28 21:07:29.0098 7072 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/03/28 21:07:29.0144 7072 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/03/28 21:07:29.0222 7072 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/03/28 21:07:29.0347 7072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/28 21:07:29.0410 7072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/28 21:07:29.0503 7072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/28 21:07:29.0597 7072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/28 21:07:29.0706 7072 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/28 21:07:29.0768 7072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/28 21:07:29.0831 7072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/28 21:07:29.0909 7072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/28 21:07:29.0956 7072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/28 21:07:30.0018 7072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/28 21:07:30.0096 7072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/28 21:07:30.0158 7072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/28 21:07:30.0221 7072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/28 21:07:30.0268 7072 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/28 21:07:30.0346 7072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/28 21:07:30.0455 7072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/28 21:07:30.0502 7072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/28 21:07:30.0564 7072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/28 21:07:30.0626 7072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/28 21:07:30.0689 7072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/28 21:07:30.0751 7072 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/28 21:07:30.0798 7072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/28 21:07:30.0923 7072 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/28 21:07:31.0079 7072 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/28 21:07:31.0141 7072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/28 21:07:31.0188 7072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/28 21:07:31.0297 7072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/28 21:07:31.0422 7072 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/28 21:07:31.0609 7072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/28 21:07:31.0796 7072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/28 21:07:31.0843 7072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/28 21:07:32.0030 7072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/28 21:07:32.0093 7072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/28 21:07:32.0155 7072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/28 21:07:32.0233 7072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/28 21:07:32.0296 7072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/28 21:07:32.0342 7072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/28 21:07:32.0389 7072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/28 21:07:32.0436 7072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/28 21:07:32.0530 7072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/28 21:07:32.0608 7072 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/28 21:07:32.0779 7072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/28 21:07:32.0873 7072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/28 21:07:32.0966 7072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/28 21:07:33.0044 7072 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/03/28 21:07:33.0325 7072 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/28 21:07:33.0388 7072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/28 21:07:33.0434 7072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/28 21:07:33.0512 7072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/28 21:07:33.0606 7072 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/28 21:07:33.0715 7072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/28 21:07:33.0793 7072 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/28 21:07:33.0840 7072 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/28 21:07:33.0887 7072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/28 21:07:33.0949 7072 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/28 21:07:34.0168 7072 igfx (a79416044080f5ade931517c45be9d58) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/28 21:07:34.0386 7072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/28 21:07:34.0589 7072 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/28 21:07:34.0776 7072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/28 21:07:34.0838 7072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/28 21:07:34.0932 7072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/28 21:07:35.0026 7072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/28 21:07:35.0104 7072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/28 21:07:35.0182 7072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/28 21:07:35.0260 7072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/28 21:07:35.0306 7072 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/28 21:07:35.0400 7072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/28 21:07:35.0447 7072 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/28 21:07:35.0572 7072 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/28 21:07:35.0650 7072 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/28 21:07:35.0852 7072 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/28 21:07:36.0024 7072 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/28 21:07:36.0118 7072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/28 21:07:36.0227 7072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/28 21:07:36.0289 7072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/28 21:07:36.0336 7072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/28 21:07:36.0383 7072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/28 21:07:36.0445 7072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/28 21:07:36.0539 7072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/28 21:07:36.0586 7072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/28 21:07:36.0710 7072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/28 21:07:36.0757 7072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/28 21:07:36.0788 7072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/28 21:07:36.0835 7072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/28 21:07:36.0882 7072 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/28 21:07:36.0944 7072 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/28 21:07:36.0991 7072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/28 21:07:37.0069 7072 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/28 21:07:37.0319 7072 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/28 21:07:38.0099 7072 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/28 21:07:38.0395 7072 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/28 21:07:38.0660 7072 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/28 21:07:38.0785 7072 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/28 21:07:38.0941 7072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/28 21:07:39.0004 7072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/28 21:07:39.0284 7072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/28 21:07:39.0550 7072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/28 21:07:39.0846 7072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/28 21:07:40.0033 7072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/28 21:07:40.0142 7072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/28 21:07:40.0376 7072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/28 21:07:40.0501 7072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/28 21:07:40.0735 7072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/28 21:07:40.0860 7072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/28 21:07:41.0172 7072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/28 21:07:41.0500 7072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/28 21:07:41.0640 7072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/28 21:07:41.0718 7072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/28 21:07:41.0780 7072 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/28 21:07:41.0827 7072 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/28 21:07:41.0890 7072 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/28 21:07:41.0952 7072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/28 21:07:42.0046 7072 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/28 21:07:42.0155 7072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/28 21:07:42.0217 7072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/28 21:07:42.0280 7072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/28 21:07:42.0358 7072 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/28 21:07:42.0436 7072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/28 21:07:42.0498 7072 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/28 21:07:42.0545 7072 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/28 21:07:42.0607 7072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/28 21:07:42.0654 7072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/28 21:07:42.0794 7072 PAEAFLT.sys (301e92ce7fb606f94f124a76d8145622) C:\Windows\system32\DRIVERS\PAEAFLT.sys
2011/03/28 21:07:42.0904 7072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/28 21:07:42.0966 7072 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/28 21:07:43.0013 7072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/28 21:07:43.0091 7072 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/28 21:07:43.0153 7072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/28 21:07:43.0216 7072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/28 21:07:43.0262 7072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/28 21:07:43.0325 7072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/28 21:07:43.0543 7072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/28 21:07:43.0574 7072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/28 21:07:43.0652 7072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/28 21:07:43.0730 7072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/28 21:07:43.0824 7072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/28 21:07:43.0933 7072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/28 21:07:43.0980 7072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/28 21:07:44.0058 7072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/28 21:07:44.0136 7072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/28 21:07:44.0183 7072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/28 21:07:44.0230 7072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/28 21:07:44.0276 7072 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/28 21:07:44.0323 7072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/28 21:07:44.0386 7072 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/28 21:07:44.0510 7072 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/28 21:07:44.0666 7072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/28 21:07:44.0729 7072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/28 21:07:44.0822 7072 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/28 21:07:44.0885 7072 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/28 21:07:44.0978 7072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/28 21:07:45.0088 7072 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/03/28 21:07:45.0212 7072 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/28 21:07:45.0290 7072 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/28 21:07:45.0368 7072 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/28 21:07:45.0431 7072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/28 21:07:45.0509 7072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/28 21:07:45.0587 7072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/28 21:07:45.0665 7072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/28 21:07:45.0758 7072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/28 21:07:45.0821 7072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/28 21:07:45.0868 7072 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/28 21:07:45.0914 7072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/28 21:07:45.0992 7072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/28 21:07:46.0024 7072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/28 21:07:46.0086 7072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/28 21:07:46.0148 7072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/28 21:07:46.0320 7072 SPC230NC (2265d43d44cf9695c050e3b58f05295b) C:\Windows\system32\DRIVERS\SPC230NC.SYS
2011/03/28 21:07:46.0476 7072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/28 21:07:46.0616 7072 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/28 21:07:46.0741 7072 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/28 21:07:46.0835 7072 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/28 21:07:47.0022 7072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/28 21:07:47.0100 7072 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/28 21:07:47.0147 7072 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/28 21:07:47.0209 7072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/28 21:07:47.0396 7072 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/28 21:07:47.0552 7072 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/28 21:07:47.0693 7072 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/28 21:07:47.0771 7072 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/28 21:07:47.0849 7072 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/28 21:07:47.0942 7072 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/28 21:07:48.0005 7072 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/28 21:07:48.0130 7072 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/28 21:07:48.0239 7072 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/28 21:07:48.0317 7072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/28 21:07:48.0410 7072 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/28 21:07:48.0473 7072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/28 21:07:48.0535 7072 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/28 21:07:48.0598 7072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/28 21:07:48.0754 7072 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/28 21:07:48.0847 7072 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/28 21:07:48.0941 7072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/28 21:07:49.0034 7072 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/28 21:07:49.0128 7072 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/28 21:07:49.0206 7072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/28 21:07:49.0284 7072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/28 21:07:49.0393 7072 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/28 21:07:49.0471 7072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/28 21:07:49.0534 7072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/28 21:07:49.0627 7072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/28 21:07:49.0705 7072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/28 21:07:49.0783 7072 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/28 21:07:49.0877 7072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/28 21:07:49.0939 7072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/28 21:07:50.0033 7072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/28 21:07:50.0158 7072 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/28 21:07:50.0236 7072 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/28 21:07:50.0345 7072 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/28 21:07:50.0454 7072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/28 21:07:50.0548 7072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/28 21:07:50.0610 7072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/28 21:07:50.0672 7072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/28 21:07:50.0813 7072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/28 21:07:50.0875 7072 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/28 21:07:50.0922 7072 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/28 21:07:51.0094 7072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/28 21:07:51.0374 7072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/28 21:07:51.0593 7072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/28 21:07:51.0655 7072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/28 21:07:51.0796 7072 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/28 21:07:51.0920 7072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/28 21:07:52.0076 7072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/28 21:07:52.0170 7072 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/28 21:07:52.0232 7072 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/28 21:07:52.0310 7072 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/28 21:07:52.0420 7072 ================================================================================
2011/03/28 21:07:52.0420 7072 Scan finished
2011/03/28 21:07:52.0420 7072 ================================================================================
2011/03/28 21:07:52.0451 7064 Detected object count: 1
2011/03/28 21:08:20.0172 7064 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/28 21:08:20.0172 7064 \HardDisk0 - ok
2011/03/28 21:08:20.0219 7064 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/28 21:08:26.0677 6796 Deinitialize success
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm

Re: Chrome crashes then the blue screen arrives....

Unread postby askey127 » March 28th, 2011, 6:14 pm

orangepeel2k,
We are going to remove your AVG 2011 antivirus (along with uTorrent) and replace it with an antivirus called Avira Antivir.
We will update your Adobe Reader later.
This is necessary to for all our tools to work corrrectly.
Then we will have Antivir run a scan and give us a report without removing anything.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
------------------------------------------------
Remove AVG Antivirus (and others) Using the Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each one of these Entries, and choose Uninstall/Change, and give permission to Continue:

µTorrent
AVG 2011
Adobe Reader 9.4.0

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any items it finds.
IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

So will be looking for the following in your reply:
  • The log from Antivir
  • The Combofix.txt log
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 29th, 2011, 4:46 pm

Thank you so much for the help.

Please see Avira report below. I will now run the ComboFix tool and post results once complete:

=======================================================================




Avira AntiVir Personal
Report file date: 29 March 2011 18:40

Scanning for 2541666 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NEIL-PC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 04/03/2011 13:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 04/03/2011 13:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 13:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 13:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 13:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 13:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 13:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 13:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 13:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 13:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 13:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 13:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 13:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 13:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 13:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 13:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 13:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 17:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 15:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 17:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 15:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 06:36:01
VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 06:36:02
VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 06:36:02
VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 06:36:02
VBASE025.VDF : 7.11.5.8 246272 Bytes 21/03/2011 06:36:03
VBASE026.VDF : 7.11.5.38 137216 Bytes 23/03/2011 06:36:03
VBASE027.VDF : 7.11.5.82 151552 Bytes 27/03/2011 06:36:04
VBASE028.VDF : 7.11.5.83 2048 Bytes 27/03/2011 06:36:04
VBASE029.VDF : 7.11.5.84 2048 Bytes 27/03/2011 06:36:04
VBASE030.VDF : 7.11.5.85 2048 Bytes 27/03/2011 06:36:04
VBASE031.VDF : 7.11.5.101 102400 Bytes 29/03/2011 06:36:04
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 04/03/2011 13:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 29/03/2011 06:36:09
AESCN.DLL : 8.1.7.2 127349 Bytes 04/03/2011 13:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 04/03/2011 13:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 29/03/2011 06:36:09
AEPACK.DLL : 8.2.4.13 524662 Bytes 29/03/2011 06:36:08
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 29/03/2011 06:36:08
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 29/03/2011 06:36:07
AEHELP.DLL : 8.1.16.1 246134 Bytes 04/03/2011 13:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 29/03/2011 06:36:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 04/03/2011 13:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 04/03/2011 13:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 04/03/2011 13:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/03/2011 13:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 04/03/2011 13:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 04/03/2011 13:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 04/03/2011 13:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 04/03/2011 13:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 04/03/2011 13:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/03/2011 13:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 04/03/2011 13:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 04/03/2011 13:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 29 March 2011 18:40

Starting search for hidden objects.
While loading the module (AVARKT.DLL) the following error occured:
The file does not exist!
AVARKT.DLL

The scan of running processes will be started
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '43' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'avcenter.exe' - '117' Module(s) have been scanned
Scan process 'chrome.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '20' Module(s) have been scanned
Scan process 'Dropbox.exe' - '67' Module(s) have been scanned
Scan process 'TrayMin230.exe' - '27' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '43' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '35' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '46' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'FPCCSMiddleware.exe' - '29' Module(s) have been scanned
Scan process 'Monitor.exe' - '26' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'igfxpers.exe' - '32' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'wuauclt.exe' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '174' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
Scan process 'AAWTray.exe' - '25' Module(s) have been scanned
Scan process 'taskhost.exe' - '40' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '71' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '36' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '36' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '63' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '89' Module(s) have been scanned
Scan process 'AAWService.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '111' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '0' files ).


Starting the file scan:

Begin scan in 'C:\' <COMPAQ>
C:\Users\Neil\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101111183421634.rsc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> 101111183421634-001381.file
[1] Archive type: ZIP
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HN Java virus
--> 101111183421634-001383.file
[1] Archive type: ZIP
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
--> 101111183421634-001391.file
[1] Archive type: ZIP
--> vload.class
[DETECTION] Contains recognition pattern of the JAVA/LoadClass.A Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
--> 101111183421634-001393.file
[1] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\74c1b8c2-2627ecc5
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4854b4d7-63b61eb1
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3bad569f-68922ac9
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c1292e0-60e9b2b7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c1.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c2.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\733a623a-14a2b1b5
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736271bb-68389aaa
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c1.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c2.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\503e8e09-393ac965
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78fcee10-38e101b7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1eff1f4a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
Begin scan in 'D:\' <Recovery>
Begin scan in 'F:\' <BACKUP>
F:\ARCHIVE\Documents and Settings\ish\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> BnnnnBaa.class
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> VaannnaaBaa.class
[DETECTION] Is the TR/ClassLoader Trojan
--> Dnnny.class
[DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus
--> Bnnnnn.class
[DETECTION] Is the TR/Java.ClassLoader.AS Trojan
--> Den.class
[DETECTION] Is the TR/Exploit.Bytverify Trojan
--> Din.class
[DETECTION] Is the TR/Exploit.Bytverify.A Trojan
--> Dun.class
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan
F:\ARCHIVE\Documents and Settings\neil.whittaker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> BnnnnBaa.class
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> VaannnaaBaa.class
[DETECTION] Is the TR/ClassLoader Trojan
--> Dnnny.class
[DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus
--> Bnnnnn.class
[DETECTION] Is the TR/Java.ClassLoader.AS Trojan
--> Den.class
[DETECTION] Is the TR/Exploit.Bytverify Trojan
--> Din.class
[DETECTION] Is the TR/Exploit.Bytverify.A Trojan
--> Dun.class
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan
F:\ARCHIVE\Documents and Settings\neil.whittaker-1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> BnnnnBaa.class
[DETECTION] Is the TR/Java.Downloader.Gen Trojan
--> VaannnaaBaa.class
[DETECTION] Is the TR/ClassLoader Trojan
--> Dnnny.class
[DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus
--> Bnnnnn.class
[DETECTION] Is the TR/Java.ClassLoader.AS Trojan
--> Den.class
[DETECTION] Is the TR/Exploit.Bytverify Trojan
--> Din.class
[DETECTION] Is the TR/Exploit.Bytverify.A Trojan
--> Dun.class
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan

Beginning disinfection:
F:\ARCHIVE\Documents and Settings\neil.whittaker-1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan
[WARNING] The file was ignored!
F:\ARCHIVE\Documents and Settings\neil.whittaker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan
[WARNING] The file was ignored!
F:\ARCHIVE\Documents and Settings\ish\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a81619f-1cc2daa6.zip
[DETECTION] Is the TR/Exploit.Bytverify.B Trojan
[WARNING] The file was ignored!
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1eff1f4a
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
[WARNING] The file was ignored!
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78fcee10-38e101b7
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\503e8e09-393ac965
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736271bb-68389aaa
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\733a623a-14a2b1b5
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c1292e0-60e9b2b7
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3bad569f-68922ac9
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4854b4d7-63b61eb1
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[WARNING] The file was ignored!
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\74c1b8c2-2627ecc5
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[WARNING] The file was ignored!
C:\Users\Neil\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101111183421634.rsc
[DETECTION] Contains recognition pattern of the EXP/Java.2009-3867 exploit
[WARNING] The file was ignored!


End of the scan: 29 March 2011 21:43
Used time: 3:01:35 Hour(s)

The scan has been done completely.

51075 Scanned directories
1092581 Files were scanned
19 Viruses and/or unwanted programs were found
21 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1092541 Files not concerned
10416 Archives were scanned
13 Warnings
0 Notes
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm

Re: Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 29th, 2011, 5:18 pm

And the ComboFix log:

=====================================


ComboFix 11-03-29.01 - Neil 29/03/2011 21:59:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1015.365 [GMT 1:00]
Running from: c:\users\Neil\Desktop\zzz.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))
.
.
2011-03-29 21:09 . 2011-03-29 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 17:37 . 2011-03-29 17:37 -------- d-----w- c:\users\Neil\AppData\Roaming\Avira
2011-03-29 06:33 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-29 06:33 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-29 06:32 . 2011-03-29 06:32 -------- d-----w- c:\programdata\Avira
2011-03-29 06:32 . 2011-03-29 06:32 -------- d-----w- c:\program files\Avira
2011-03-29 00:52 . 2011-03-29 00:53 -------- d-----w- c:\windows\system32\SPReview
2011-03-28 23:47 . 2011-03-28 23:47 -------- d-----w- c:\windows\system32\EventProviders
2011-03-28 21:42 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-28 21:42 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-21 00:13 . 2011-03-21 00:13 -------- d-----w- c:\program files\MSECache
2011-03-19 13:08 . 2011-03-19 13:08 -------- d-----w- c:\program files\iPod
2011-03-11 04:43 . 2011-03-09 07:47 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-09 23:36 . 2011-03-09 07:47 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-09 23:36 . 2011-03-09 23:36 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-09 23:34 . 2011-03-09 23:34 -------- d-----w- c:\users\Neil\AppData\Local\Sunbelt Software
2011-03-09 23:30 . 2011-03-09 23:30 -------- dc-h--w- c:\programdata\{78A29A4D-35CE-4C46-9AC9-2692EE35F0BE}
2011-03-09 23:27 . 2011-03-09 23:33 -------- d-----w- c:\programdata\Lavasoft
2011-03-09 23:27 . 2011-03-09 23:27 -------- d-----w- c:\program files\Lavasoft
2011-03-07 10:30 . 2011-03-07 10:30 -------- d-----w- c:\windows\Sun
2011-03-07 00:55 . 2011-03-27 08:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-07 00:55 . 2011-03-07 07:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-07 00:45 . 2011-03-07 00:45 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2011-03-07 00:45 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-07 00:45 . 2011-03-07 00:45 -------- d-----w- c:\programdata\Malwarebytes
2011-03-07 00:45 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-07 00:45 . 2011-03-07 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-06 22:01 . 2011-03-14 23:56 -------- d-----w- c:\users\Neil\AppData\Local\Cooliris
2011-03-06 20:42 . 2006-10-26 19:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-03-06 20:42 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-03-06 20:40 . 2011-03-29 01:30 -------- d-----w- c:\program files\Microsoft Works
2011-03-06 20:38 . 2011-03-06 20:38 -------- d-----w- c:\windows\PCHEALTH
2011-03-06 20:35 . 2011-03-06 20:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-06 19:47 . 2011-03-06 19:47 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-29 07:16 . 2009-07-14 02:05 152064 ----a-w- c:\windows\system32\msclmd.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:45 . 2011-02-09 21:40 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 21:40 . 2010-10-10 17:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-07 07:27 . 2011-02-09 21:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 21:40 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 21:42 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 21:42 2329088 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Neil\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-07 136176]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-10 538432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Neil\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2010-6-12 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, mtlikuyr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 17:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-09 64512]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-09 15232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-09 07:47]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027009558-3523127240-3792046654-1001Core.job
- c:\users\Neil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 05:18]
.
2011-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4027009558-3523127240-3792046654-1001UA.job
- c:\users\Neil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-07 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-29 22:11:45
ComboFix-quarantined-files.txt 2011-03-29 21:11
.
Pre-Run: 33,430,978,560 bytes free
Post-Run: 33,357,479,936 bytes free
.
- - End Of File - - 892AE0AEE57851E5F16B148103D4320A
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm

Re: Chrome crashes then the blue screen arrives....

Unread postby askey127 » March 30th, 2011, 1:46 pm

Please run the Antivir Full scan again. This time have it quarantine or Delete anything it finds.
Then post the last sacn report.
Let me know how it goes.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 30th, 2011, 4:21 pm

Evening (UK time!) askey127

Have now ran the scan, I have had no crashes and no google re-directs since actioning your requests - thanks :)

Results of scan below:

================================================================================




Avira AntiVir Personal
Report file date: 30 March 2011 19:01

Scanning for 2548999 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : NEIL-PC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 04/03/2011 13:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 04/03/2011 13:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 13:37:08
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 13:37:08
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 13:37:08
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 13:37:08
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 13:37:08
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 13:37:08
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 13:37:08
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 13:37:08
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 13:37:08
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 13:37:09
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 13:37:09
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 13:37:09
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 13:37:09
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 13:37:09
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 13:37:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 17:02:23
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 15:08:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 17:30:49
VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 15:14:47
VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 06:36:01
VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 06:36:02
VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 06:36:02
VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 06:36:02
VBASE025.VDF : 7.11.5.8 246272 Bytes 21/03/2011 06:36:03
VBASE026.VDF : 7.11.5.38 137216 Bytes 23/03/2011 06:36:03
VBASE027.VDF : 7.11.5.82 151552 Bytes 27/03/2011 06:36:04
VBASE028.VDF : 7.11.5.122 154112 Bytes 30/03/2011 18:01:14
VBASE029.VDF : 7.11.5.123 2048 Bytes 30/03/2011 18:01:14
VBASE030.VDF : 7.11.5.124 2048 Bytes 30/03/2011 18:01:14
VBASE031.VDF : 7.11.5.133 62976 Bytes 30/03/2011 18:01:14
Engineversion : 8.2.4.192
AEVDF.DLL : 8.1.2.1 106868 Bytes 04/03/2011 13:36:49
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 29/03/2011 06:36:09
AESCN.DLL : 8.1.7.2 127349 Bytes 04/03/2011 13:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 04/03/2011 13:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 29/03/2011 06:36:09
AEPACK.DLL : 8.2.4.13 524662 Bytes 29/03/2011 06:36:08
AEOFFICE.DLL : 8.1.1.18 205178 Bytes 29/03/2011 06:36:08
AEHEUR.DLL : 8.1.2.91 3387767 Bytes 29/03/2011 06:36:07
AEHELP.DLL : 8.1.16.1 246134 Bytes 04/03/2011 13:36:41
AEGEN.DLL : 8.1.5.3 397684 Bytes 29/03/2011 06:36:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 04/03/2011 13:36:40
AECORE.DLL : 8.1.19.2 196983 Bytes 04/03/2011 13:36:40
AEBB.DLL : 8.1.1.0 53618 Bytes 04/03/2011 13:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/03/2011 13:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 04/03/2011 13:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 04/03/2011 13:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 04/03/2011 13:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 04/03/2011 13:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 04/03/2011 13:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/03/2011 13:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 04/03/2011 13:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 04/03/2011 13:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 30 March 2011 19:01

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'rundll32.exe' - '46' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '42' Module(s) have been scanned
Scan process 'chrome.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '87' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '75' Module(s) have been scanned
Scan process 'AAWTray.exe' - '24' Module(s) have been scanned
Scan process 'taskhost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '114' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '20' Module(s) have been scanned
Scan process 'Dropbox.exe' - '67' Module(s) have been scanned
Scan process 'TrayMin230.exe' - '27' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '43' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '58' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '46' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '74' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'FPCCSMiddleware.exe' - '29' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'Monitor.exe' - '26' Module(s) have been scanned
Scan process 'igfxpers.exe' - '32' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '202' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '36' Module(s) have been scanned
Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
Scan process 'taskhost.exe' - '52' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '36' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '40' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned
Scan process 'spoolsv.exe' - '89' Module(s) have been scanned
Scan process 'AAWService.exe' - '120' Module(s) have been scanned
Scan process 'svchost.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'svchost.exe' - '162' Module(s) have been scanned
Scan process 'svchost.exe' - '105' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '0' files ).


Starting the file scan:

Begin scan in 'C:\' <COMPAQ>
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\74c1b8c2-2627ecc5
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4854b4d7-63b61eb1
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3bad569f-68922ac9
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c1292e0-60e9b2b7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c1.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c2.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\733a623a-14a2b1b5
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/huiak.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus
--> durdom/Stremer.class
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736271bb-68389aaa
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c1.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.G Java virus
--> powerColor/c2.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\503e8e09-393ac965
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
--> lort/cooter.class
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78fcee10-38e101b7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1eff1f4a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
--> vmain.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus

Beginning disinfection:
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1eff1f4a
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '48872b70.qua'.
C:\Windows.old\Users\PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78fcee10-38e101b7
[DETECTION] Contains recognition pattern of the JAVA/Agent.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '502f04d0.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\503e8e09-393ac965
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '024f5e30.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\736271bb-68389aaa
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '647711f1.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\733a623a-14a2b1b5
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '21fc3cc0.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\2c1292e0-60e9b2b7
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '5ee51171.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3bad569f-68922ac9
[DETECTION] Contains recognition pattern of the JAVA/Exdoer.E Java virus
[NOTE] The file was moved to the quarantine directory under the name '126d3d34.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\4854b4d7-63b61eb1
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '6e4962bd.qua'.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\74c1b8c2-2627ecc5
[DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus
[NOTE] The file was moved to the quarantine directory under the name '432d4df4.qua'.


End of the scan: 30 March 2011 21:16
Used time: 2:14:19 Hour(s)

The scan has been canceled!

37716 Scanned directories
647284 Files were scanned
14 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
647270 Files not concerned
4937 Archives were scanned
0 Warnings
9 Notes
584362 Objects were scanned with rootkit scan
0 Hidden objects were found
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm

Re: Chrome crashes then the blue screen arrives....

Unread postby askey127 » March 30th, 2011, 6:14 pm

orangepeel2k,
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button

Now resolve not to use uTorrent or any other P2P again..... repeat after me....
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chrome crashes then the blue screen arrives....

Unread postby orangepeel2k » March 30th, 2011, 7:00 pm

Thanks askey127!

I promise never to use uTorrent or any P2P again :)

So very much appreciated.

Thank you.
orangepeel2k
Active Member
 
Posts: 6
Joined: March 24th, 2011, 7:31 pm

Re: Chrome crashes then the blue screen arrives....

Unread postby askey127 » March 31st, 2011, 8:15 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware