1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Blue Screens of Death

Discussion in 'Virus & Other Malware Removal' started by hands0meg0ri11a, Jan 3, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. hands0meg0ri11a

    hands0meg0ri11a Thread Starter

    Joined:
    Jul 23, 2009
    Messages:
    25
    My computer has constantly been freezing with aim on for the past two days. Every a time a box pops up telling me that the program is unresponsive.
    I've also gotten the blue screen of death thrice within an hour of running GMER.
    I have no idea what's going on.

    Thanks in advance,
    Alex

    HJT LOG:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:06:46 PM, on 1/3/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\vVX3000.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AIM\aim.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 6696 bytes


    DDS LOG:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Alexander at 20:28:38.26 on Mon 01/03/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1025 [GMT -5:00]

    AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\ATKOSD2\ATKOSD2.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Windows\vVX3000.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG9\avgui.exe
    C:\Program Files\AVG\AVG9\avgscanx.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Alexander\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [Google Update] "c:\users\alexander\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [VX3000] c:\windows\vVX3000.exe
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-12-31 01:16:21 -------- d-----w- c:\program files\AIM
    2010-12-31 01:16:19 -------- d-----w- c:\program files\common files\Software Update Utility
    2010-12-16 00:56:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-16 00:56:50 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-16 00:56:49 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-16 00:56:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-16 00:56:49 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-16 00:56:48 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-16 00:56:48 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-12-16 00:54:42 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-16 00:54:42 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-16 00:50:37 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-16 00:49:39 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-16 00:45:44 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-12 03:19:57 -------- d-----w- c:\program files\iPod
    2010-12-12 03:19:55 -------- d-----w- c:\program files\iTunes
    2010-12-12 03:19:55 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-12-12 03:17:09 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2010-12-12 03:17:08 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2010-12-12 03:13:29 -------- d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2011-01-04 01:14:06 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 20:31:33.75 ===============


    GMER LOG:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-03 21:51:54
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821A rev.3.ALA
    Running: gmer.exe; Driver: C:\Users\ALEXAN~1\AppData\Local\Temp\uxlcauog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C418E9 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C613D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91402340, 0x3EE217, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2136] kernel32.dll!SetUnhandledExceptionFilter 75B23162 4 Bytes [C2, 04, 00, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + 6 76E04A36 4 Bytes [28, 00, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtCreateFile + B 76E04A3B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + 6 76E05096 1 Byte [28]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + 6 76E05096 4 Bytes [28, 03, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtMapViewOfSection + B 76E0509B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + 6 76E05146 4 Bytes [68, 00, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenFile + B 76E0514B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + 6 76E051F6 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcess + B 76E051FB 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + 6 76E05206 4 Bytes CALL 75E0590C
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessToken + B 76E0520B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + 6 76E05216 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenProcessTokenEx + B 76E0521B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + 6 76E05276 4 Bytes [68, 01, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThread + B 76E0527B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + 6 76E05286 4 Bytes [68, 02, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadToken + B 76E0528B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + 6 76E05296 4 Bytes CALL 75E0599D
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtOpenThreadTokenEx + B 76E0529B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + 6 76E053A6 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryAttributesFile + B 76E053AB 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + 6 76E05456 4 Bytes CALL 75E05B5B
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtQueryFullAttributesFile + B 76E0545B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + 6 76E05AA6 4 Bytes [28, 01, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationFile + B 76E05AAB 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + 6 76E05B06 4 Bytes [28, 02, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtSetInformationThread + B 76E05B0B 1 Byte [E2]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 76E05E26 1 Byte [68]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + 6 76E05E26 4 Bytes [68, 03, 07, 00]
    .text C:\Users\Alexander\AppData\Local\Google\Chrome\Application\chrome.exe[4748] ntdll.dll!NtUnmapViewOfSection + B 76E05E2B 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000079 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\BTHUSB \Device\0000007b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0017310b045a
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0017310b045a (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. hands0meg0ri11a

    hands0meg0ri11a Thread Starter

    Joined:
    Jul 23, 2009
    Messages:
    25
    Is there anything I can do for now?
     
  3. hands0meg0ri11a

    hands0meg0ri11a Thread Starter

    Joined:
    Jul 23, 2009
    Messages:
    25
    Hello? Bump
     
  4. hands0meg0ri11a

    hands0meg0ri11a Thread Starter

    Joined:
    Jul 23, 2009
    Messages:
    25
    Can anyone provide some advice?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972515

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice