Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer suddenly crashes to blue screen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer suddenly crashes to blue screen

Unread postby kaosjon » September 2nd, 2011, 6:44 pm

Hi, i have been having a problem with my computer for the last 3 weeks and as far as i can tell it is virus related. Whenever i turn my computer on after about 5-10 minutes my computer suddenly crashes to a blue screen saying there is a memory problem etc... and it then has to restart. I tried scanning with malwarebytes which found a number of viruses, when i tried removing them my computer just crashed and restarted, meaning they won't get removed. My logs are below, i could really do with some help.

Thanks



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19048
Run by Al at 23:36:05 on 2011-09-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1996 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Al\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Users\Al\AppData\Roaming\login.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Al\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
uURLSearchHooks: H - No File
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: FLVBlaster.FLVBlasterIEAddon: {807ca0aa-7cb3-4f03-bd61-076f618cc82d} - mscoree.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MI1933~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
uRun: [Google Update] "C:\Users\Al\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\Users\Al\Downloads\utorrent.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [FreeVPN] "C:\Program Files (x86)\FreeVPN\FreeVPN.exe" hide
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [server] C:\Users\Al\AppData\Roaming\xVNscwsBmH.exe
uRun: [Windows Defender] C:\Users\Al\AppData\Roaming\login.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Windows Defender] C:\Users\Al\AppData\Roaming\login.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [Windows Defender] C:\Users\Al\AppData\Roaming\login.exe
StartupFolder: C:\Users\Al\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with FLV Blaster - C:\Program Files (x86)\FLV Blaster\Addons\Internet Explorer\script.htm
IE: Download with FLV Blaster\Contexts - 1 (0x1)
IE: Download with FLV Blaster\Flags - 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{57A8C3F8-70CE-408C-B5C1-2EF41AD6CBFC} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\wi371a~1\datamngr\datamngr.dll c:\progra~2\wi371a~1\datamngr\iebho.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {6DDDB63E-2D01-EFF9-DA98-6FEF88DBEAE6} - C:\Users\Al\AppData\Roaming\login.exe
mASetup: {CE6AD35F-BCBB-FBCB-CACE-DC58FAB36A41} - C:\Users\Al\AppData\Roaming\bot.exe
mASetup: {E4EDFB05-176F-BE98-F271-2DAABBDDED30} - C:\Users\TEMP\AppData\Roaming\Update123.exe
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: FLVBlaster.FLVBlasterIEAddon: {807ca0aa-7cb3-4f03-bd61-076f618cc82d} - mscoree.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MI1933~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Windows Defender] C:\Users\Al\AppData\Roaming\login.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: c:\progra~2\wi371a~1\datamngr\datamngr.dll c:\progra~2\wi371a~1\datamngr\iebho.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.7.33 free.grisoft.com
Hosts: 127.0.7.33 cert.org
Hosts: 127.0.7.33 www.cert.org
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-6-13 366640]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-25 2253688]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA009Ufd.sys --> C:\Windows\system32\DRIVERS\OA009Ufd.sys [?]
R3 OA009Vid;Creative Camera OA009 Function Driver;C:\Windows\system32\DRIVERS\OA009Vid.sys --> C:\Windows\system32\DRIVERS\OA009Vid.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-1-12 147048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-2-19 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-09-02 21:54:52 -------- d-----w- C:\Users\Al\AppData\Local\{D55701DE-42AE-4989-BA41-5E12B2F9AF6B}
2011-09-02 21:54:29 -------- d-----w- C:\Users\Al\AppData\Local\{9CC7C14E-A80F-4BC7-92F6-4C27F4513BF0}
2011-09-02 21:50:17 -------- d-----w- C:\Users\Al\AppData\Local\{9253E85E-C5BE-40FD-B9A1-4840F9FB9775}
2011-09-02 21:49:55 -------- d-----w- C:\Users\Al\AppData\Local\{DFE4381C-2043-4CD1-9338-8AB4F14186B6}
2011-09-01 18:44:00 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47400630-8CC9-46F1-B0BA-02BD03F6CB59}\mpengine.dll
2011-09-01 15:08:03 -------- d-----w- C:\Users\Al\AppData\Local\{BFE448D8-E7B7-4C3B-A742-302AD583AEF3}
2011-09-01 15:07:36 -------- d-----w- C:\Users\Al\AppData\Local\{50C029D2-0200-4DFC-8C0A-B1F6715BA17C}
2011-08-31 17:30:47 -------- d-----w- C:\Users\Al\AppData\Local\{8B821D63-D1B8-4CCE-A997-BAE2383A8B43}
2011-08-31 17:15:25 -------- d-----w- C:\Users\Al\AppData\Local\{3B87F62D-BB17-49B2-B6D9-A7D278BD84EC}
2011-08-31 17:15:02 -------- d-----w- C:\Users\Al\AppData\Local\{B009EED9-F078-484F-AD70-69FDB92DCDEE}
2011-08-30 19:20:10 -------- d-----w- C:\Users\Al\AppData\Local\{AE9149E9-0269-4A2D-9B04-275B27FBCA42}
2011-08-30 19:19:47 -------- d-----w- C:\Users\Al\AppData\Local\{688DC913-2A0B-4CD0-A235-418C16545C0B}
2011-08-29 21:07:01 -------- d-----w- C:\Users\Al\AppData\Local\ActiveState
2011-08-29 21:05:55 -------- d-----w- C:\Program Files (x86)\ActiveState Komodo Edit 6
2011-08-29 16:42:45 -------- d-----w- C:\Users\Al\AppData\Local\{586A21A1-7037-4601-8B4F-4F5D262AD9B5}
2011-08-27 20:37:21 -------- d-----w- C:\Users\Al\AppData\Local\{6B34A079-E2A1-41A0-94B6-4243A3911CBD}
2011-08-27 17:20:49 -------- d-----w- C:\Users\Al\AppData\Local\{DF0CA714-53A1-4506-A87C-106978EEB942}
2011-08-26 23:57:06 -------- d-----w- C:\Users\Al\AppData\Local\{BDE92545-BBF6-4742-9014-3133375573D4}
2011-08-26 23:56:55 -------- d-----w- C:\Users\Al\AppData\Local\{9675571D-B121-42A7-8BCC-AFCB2EB3ACC7}
2011-08-26 19:52:33 -------- d-----w- C:\Users\Al\AppData\Local\{0B3CE20F-2EEB-4BEA-BA29-BB53A8E6B7C3}
2011-08-26 19:52:09 -------- d-----w- C:\Users\Al\AppData\Local\{8A0387E9-F57C-4034-AA11-924C23C1B052}
2011-08-25 17:10:31 -------- d-----w- C:\Users\Al\AppData\Local\{66F8259A-FA01-42FE-9A5B-ACB1B7E76491}
2011-08-24 21:37:36 -------- d-----w- C:\Users\Al\AppData\Local\{72685C67-6BAD-449A-B09C-3DF5EEDAC13F}
2011-08-24 17:26:17 -------- d-----w- C:\Users\Al\AppData\Local\{CCD1ED0A-0EEA-4445-8D0C-5B1B905F2D19}
2011-08-23 17:08:39 -------- d-----w- C:\Users\Al\AppData\Local\{AB0DFA8A-11C0-41AB-92AE-7D7E2E7F9CD2}
2011-08-23 17:08:04 -------- d-----w- C:\Users\Al\AppData\Local\{B66D647D-AB93-44FD-BA22-40C58FAACFBB}
2011-08-22 19:49:39 -------- d-----w- C:\Users\Al\AppData\Local\{304C963A-9F3A-462E-9C7F-853F641ABFA2}
2011-08-22 18:02:28 -------- d-----w- C:\Users\Al\AppData\Local\{6666A7F7-59DA-493A-932B-27E339A5D483}
2011-08-21 06:57:51 -------- d-sh--w- C:\found.000
2011-08-19 16:15:11 -------- d-----w- C:\Users\Al\AppData\Local\{D28367B8-61DB-42E2-B86E-64A477CB7E7F}
2011-08-19 15:21:33 -------- d-----w- C:\Users\Al\AppData\Local\{4CE2043D-1BD3-419B-ACA0-6296AD7374AA}
2011-08-18 16:12:57 -------- d-----w- C:\Users\Al\AppData\Local\{0048E73F-DC5C-4277-9DAC-8E5D97896D3F}
2011-08-18 07:07:28 -------- d-----w- C:\Users\Al\AppData\Local\{E71F8352-3469-40DF-A0E9-92C0D7B00DB5}
2011-08-18 07:07:05 -------- d-----w- C:\Users\Al\AppData\Local\{FE20546D-4066-49F1-9487-D208FADDA5F9}
2011-08-17 19:17:04 -------- d-----w- C:\Users\Al\AppData\Local\{A5BAA8E6-3106-4310-A532-8BEE207D34AE}
2011-08-17 19:16:29 -------- d-----w- C:\Users\Al\AppData\Local\{50E67A49-AD33-4A1C-B49F-E6893DC3852F}
2011-08-16 18:56:36 -------- d-----w- C:\Users\Al\AppData\Local\{339BE020-660C-43EC-AF99-9A0F1EE265CE}
2011-08-15 21:04:49 -------- d-----w- C:\Users\Al\AppData\Local\{998D823D-CD54-4F6C-BBD0-14D82633D1A5}
2011-08-14 20:21:32 -------- d-----w- C:\Users\Al\AppData\Local\{716BE2C3-DB45-4CF9-98BC-1C7E805B6AFE}
2011-08-14 17:50:55 -------- d-----w- C:\Program Files (x86)\Realm Crafter Demo
2011-08-14 10:20:46 -------- d-----w- C:\Users\Al\AppData\Local\{FD6AEF24-F5D8-4514-8DD2-37FB844EFA19}
2011-08-14 10:20:20 -------- d-----w- C:\Users\Al\AppData\Local\{2A95EA76-E473-40DF-A525-A8F636CB0D3E}
2011-08-14 09:38:50 -------- d-----w- C:\Users\Al\AppData\Local\{9C74C591-C73F-4091-B938-54927431819C}
2011-08-14 09:38:24 -------- d-----w- C:\Users\Al\AppData\Local\{DF6FB1D6-4849-4C23-AF56-B6FD0C897447}
2011-08-13 11:15:58 -------- d-----w- C:\Users\Al\AppData\Local\{716DEFAA-8B03-401B-8DFB-159A4A5BD7CB}
2011-08-10 18:34:04 -------- d-----w- C:\Users\Al\AppData\Local\{515B2E24-3F92-414A-A10B-0EBA1993E358}
2011-08-09 21:18:23 -------- d-----w- C:\Users\Al\AppData\Local\{4610D9FB-A0D7-4265-94D8-9909CA2ACFEE}
2011-08-09 21:17:49 -------- d-----w- C:\Users\Al\AppData\Local\{3299D352-8353-4CA1-B8A9-A81DEED26048}
2011-08-08 17:30:51 -------- d-----w- C:\Users\Al\AppData\Local\{8616190E-FE33-46DF-95A5-7BC339B05CC8}
2011-08-08 17:30:22 -------- d-----w- C:\Users\Al\AppData\Local\{64BBF9C2-6928-4558-BB1D-8584C2FD7FD0}
2011-08-07 20:06:52 -------- d-----w- C:\Users\Al\AppData\Local\{2B2711BA-A240-416C-B517-1353D8C5103A}
2011-08-07 15:11:26 -------- d-----w- C:\Users\Al\AppData\Roaming\C4 Engine
2011-08-07 15:11:26 -------- d-----w- C:\Users\Al\AppData\Local\C4 Engine
2011-08-07 09:45:02 -------- d-----w- C:\Users\Al\AppData\Local\{E2E0A2AE-C3CC-4016-8DBA-F1D01A327D54}
2011-08-07 09:44:35 -------- d-----w- C:\Users\Al\AppData\Local\{E910F8E5-307E-46F0-A2C2-70556D3C272A}
2011-08-07 08:18:07 -------- d-----w- C:\Users\Al\AppData\Local\{893E7169-CF8B-40B4-8D45-A526C516743C}
2011-08-07 08:17:42 -------- d-----w- C:\Users\Al\AppData\Local\{A6C8C513-9458-4933-8A5B-4FC075F3DA40}
2011-08-06 07:50:49 -------- d-----w- C:\Users\Al\AppData\Local\{8A1EC3A2-EE3F-40D8-9CCC-B9EE09A4C63B}
2011-08-06 07:50:20 -------- d-----w- C:\Users\Al\AppData\Local\{E4EBC743-17DB-453E-8018-2EFC13BCD553}
2011-08-05 18:47:13 -------- d-----w- C:\Users\Al\AppData\Local\{34536E6C-4B87-4A63-8054-913972535FA5}
2011-08-05 17:30:35 -------- d-----w- C:\Users\Al\AppData\Local\{9D998F01-EDB5-40BF-B075-70387E16E2BF}
2011-08-05 17:30:11 -------- d-----w- C:\Users\Al\AppData\Local\{2C135485-D63B-457E-B996-A89D81567E74}
2011-08-05 17:04:23 -------- d-----w- C:\Users\Al\AppData\Local\{168BE201-46E5-4060-866D-A014D1DACDA8}
2011-08-05 17:03:59 -------- d-----w- C:\Users\Al\AppData\Local\{2C25048F-CB46-48F4-9B2A-95A2166E8578}
2011-08-05 15:41:29 -------- d-----w- C:\Users\Al\AppData\Local\{1B5E959E-2F53-4085-9E00-AA20EA4711FB}
2011-08-05 15:40:36 -------- d-----w- C:\Users\Al\AppData\Local\{3D810FAF-AA6B-4627-91CE-F1943451D436}
2011-08-04 18:30:34 -------- d-----w- C:\Users\Al\AppData\Local\{4761C65E-A009-4E2B-827C-7E3B3F62F5BA}
2011-08-04 16:27:45 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 16:27:36 -------- d-----w- C:\Users\Al\AppData\Local\{AD455835-3991-4E19-B8E4-525292B97D85}
2011-08-04 16:26:35 -------- d-----w- C:\Users\Al\AppData\Local\{89E2EA9F-0439-4B46-9F77-411DDFD3CD1A}
2011-08-04 15:55:49 -------- d-----w- C:\Users\Al\AppData\Local\{7D8BCD2E-3BF6-4DD3-BAD3-79BEE3672756}
.
==================== Find3M ====================
.
2011-07-29 17:35:41 450648 ----a-w- C:\Users\Al\AppData\Roaming\Update123.exe
2011-07-23 18:38:46 233984 ----a-w- C:\Users\Al\AppData\Roaming\xVNscwsBmH.exe
2011-07-20 22:05:58 182880 ---h--w- C:\Users\Al\AppData\Roaming\login.exe
2011-07-19 19:49:56 786 ----a-w- C:\Users\Al\AppData\Roaming\net.bat
2011-07-19 19:49:56 510 ----a-w- C:\Users\Al\AppData\Roaming\net.vbs
2011-07-06 18:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 23:37:04.44 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 18/02/2011 09:25:08
System Uptime: 02/09/2011 18:47:56 (5 hours ago)
.
Motherboard: Dell Inc. | | 0G437N
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 13.058 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 11.782 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&1B809680&0&00E2
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&1B809680&0&00E2
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&2B8E0B4B&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&2B8E0B4B&0&FB
Service:
.
==== System Restore Points ===================
.
RP288: 26/08/2011 17:58:30 - Windows Update
RP289: 27/08/2011 10:45:57 - Scheduled Checkpoint
RP290: 27/08/2011 18:31:37 - Windows Update
RP291: 28/08/2011 15:36:14 - Scheduled Checkpoint
RP292: 29/08/2011 07:44:02 - Windows Update
RP293: 29/08/2011 22:05:04 - Installed ActiveState Komodo Edit 6.1.2
RP294: 30/08/2011 17:44:35 - Windows Update
RP295: 31/08/2011 18:12:31 - Windows Update
RP296: 01/09/2011 18:14:33 - Scheduled Checkpoint
RP297: 01/09/2011 19:43:12 - Windows Update
RP298: 02/09/2011 19:37:13 - Scheduled Checkpoint
RP299: 02/09/2011 22:51:04 - CheckIfInstallerIsBusy
RP300: 02/09/2011 22:55:25 - CheckIfInstallerIsBusy
RP301: 02/09/2011 22:56:19 - Windows Live Essentials
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 9.20
AC3Filter 1.62b
ActiveState Komodo Edit 6.1.2
Adobe AIR
Adobe Download Assistant
Adobe Dreamweaver CS5
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5.5
Adobe Media Player
Adobe Photoshop CS5.1
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Amnesia - The Dark Descent
Amnesia: The Dark Descent Demo
Apple Application Support
Apple Software Update
Casino Verite Blackjack V5.5
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Dell Resource CD
DivX Setup
DVD Shrink 3.2
EVE Pilot
FileZilla Client 3.5.0
FLV Blaster
GIMP 2.6.11
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
iLivid
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Left 4 Dead 2
LogonStudio
Magic DVD Ripper V5.5.1
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.1.1800
Messenger Companion
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visio Premium 2010
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 6.0 Standard Edition
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mount&Blade Warband
MSVCRT
MSVCRT_amd64
NNScript
No-IP DUC
NUnit 2.5.10
PDF Settings CS5
Pirates, Vikings, & Knights II
QuickTime
Realtek USB 2.0 Card Reader
Roulette Sniper Version 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SENuke
Skins
Steam
Stronghold 2 Demo
Stronghold Legends
TeamViewer 6
TuneUp Companion 1.9.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
uTorrentBar Toolbar
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.9
Vuze
Vuze Remote Toolbar
Windows iLivid Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.7
.
==== Event Viewer Messages From Past Week ========
.
31/08/2011 18:27:09, Error: EventLog [6008] - The previous system shutdown at 6:25:10 PM on 8/31/2011 was unexpected.
31/08/2011 18:06:48, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
30/08/2011 20:18:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
30/08/2011 20:18:39, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/08/2011 18:04:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
30/08/2011 17:58:31, Error: EventLog [6008] - The previous system shutdown at 5:56:55 PM on 8/30/2011 was unexpected.
30/08/2011 17:37:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
29/08/2011 07:57:47, Error: EventLog [6008] - The previous system shutdown at 7:56:38 AM on 8/29/2011 was unexpected.
27/08/2011 21:32:13, Error: EventLog [6008] - The previous system shutdown at 9:07:10 PM on 8/27/2011 was unexpected.
27/08/2011 18:46:19, Error: EventLog [6008] - The previous system shutdown at 6:44:30 PM on 8/27/2011 was unexpected.
26/08/2011 20:46:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
26/08/2011 18:13:07, Error: EventLog [6008] - The previous system shutdown at 6:10:57 PM on 8/26/2011 was unexpected.
01/09/2011 19:57:00, Error: EventLog [6008] - The previous system shutdown at 7:55:00 PM on 9/1/2011 was unexpected.
.
==== End Of File ===========================
kaosjon
Active Member
 
Posts: 2
Joined: September 2nd, 2011, 6:37 pm
Advertisement
Register to Remove

Re: Computer suddenly crashes to blue screen

Unread postby Cypher » September 3rd, 2011, 1:03 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


BACKDOOR TROJAN

I'm afraid I have some bad news for you, unfortunately One or more of the identified infections is a BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

How do I respond to a possible identity theft and how do I prevent it

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
Restoring your Vista-W7 backups

Should you have any questions please feel free to ask.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer suddenly crashes to blue screen

Unread postby kaosjon » September 3rd, 2011, 7:25 pm

Hi, thanks for your reply, i sort of had an inkling that it would be a trojan of some sorts as i have some history with them, i was wondering before i reformat, what is the name of the trojan, i looked over the logs and the one that stands out is conime.exe, is that the virus?

Thanks for the help
kaosjon
Active Member
 
Posts: 2
Joined: September 2nd, 2011, 6:37 pm

Re: Computer suddenly crashes to blue screen

Unread postby Cypher » September 4th, 2011, 5:37 am

Hi kaosjon,
Thanks for the help

You're welcome.
Your computer is badly infected with numerous infections, but the one of main concern is This.
And without doubt you got infected by using the following P2P applications.
µTorrent
Vuze

If you use such applications it is one sure way to infect your computer, i strongly advise you avoid using them in the future.
If you have any other questions feel free to ask.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Computer suddenly crashes to blue screen

Unread postby Cypher » September 6th, 2011, 7:36 am

As the resolution of this issue requires a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware