1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Chrome kill pages error

Discussion in 'Virus & Other Malware Removal' started by armendvisoka, Sep 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. armendvisoka

    armendvisoka Thread Starter

    Joined:
    Jun 4, 2007
    Messages:
    102
    Hi, since yesterday Google Chrome has been hanging and it tells me to kill the oages. This happens whenever I open Chrome. Also, sometimes when I start up it sometimes just displays a black screen and only the mouse can be seen. I did a Hijack this log and a malware bytes search. Malwarebytes deleted 3 items but I'm still getting the problem. I'm running on Windows 7 and it's a netbook. Also, HijackThis said something about not being allowed access to the hosts files when doing the search. Thanks!


    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\FSP\FspUip.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fl.iamwired.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Armend\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    --
    End of file - 5521 bytes









    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4714

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    29/09/2010 08:04:50
    mbam-log-2010-09-29 (08-04-50).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 185862
    Time elapsed: 55 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Armend\AppData\Local\Temp\9CDD.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Users\Armend\AppData\Local\Temp\spottyface.exe (Adware.Agent) -> Quarantined and deleted successfully.
     
  2. armendvisoka

    armendvisoka Thread Starter

    Joined:
    Jun 4, 2007
    Messages:
    102
    And I made a log with ComboFix since I alaways get asked to make one on this site:

    ComboFix 10-09-28.03 - Armend 29/09/2010 9:24.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.453 [GMT 1:00]
    Running from: c:\users\Armend\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
    .

    2010-09-29 08:42 . 2010-09-29 08:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-09-29 07:50 . 2010-09-29 08:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-09-29 07:50 . 2010-09-29 08:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-09-29 07:25 . 2010-09-29 07:25 388096 ----a-r- c:\users\Armend\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-29 07:25 . 2010-09-29 07:25 -------- d-----w- c:\program files\Trend Micro
    2010-09-29 06:08 . 2010-09-29 06:08 -------- d-----w- c:\users\Armend\AppData\Roaming\Malwarebytes
    2010-09-29 06:08 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-29 06:08 . 2010-09-29 06:08 -------- d-----w- c:\programdata\Malwarebytes
    2010-09-29 06:08 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-29 06:08 . 2010-09-29 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-29 05:15 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-29 05:15 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-29 05:15 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-29 05:15 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-29 05:15 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-29 05:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-29 05:15 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-29 05:15 . 2010-09-29 05:15 -------- d-----w- c:\programdata\Alwil Software
    2010-09-29 05:15 . 2010-09-29 05:15 -------- d-----w- c:\program files\Alwil Software
    2010-09-28 19:39 . 2010-09-28 20:02 -------- d-----w- c:\users\Armend\AppData\Local\MediaMonkey
    2010-09-28 19:39 . 2010-09-28 19:39 -------- d-----w- c:\program files\MediaMonkey
    2010-09-28 18:45 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-09-28 18:45 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-28 18:45 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-27 20:36 . 2010-09-27 20:36 273920 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\lwjgl64.dll
    2010-09-27 20:36 . 2010-09-27 20:36 195072 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\OpenAL64.dll
    2010-09-27 20:36 . 2010-09-27 20:36 108032 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
    2010-09-27 20:36 . 2010-09-27 20:36 193024 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
    2010-09-27 20:36 . 2010-09-27 20:36 65024 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\jinput-dx8_64.dll
    2010-09-27 20:36 . 2010-09-27 20:36 62464 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\jinput-raw_64.dll
    2010-09-27 20:36 . 2010-09-27 20:36 61952 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll
    2010-09-27 20:36 . 2010-09-27 20:36 59392 ----a-w- c:\users\Armend\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll
    2010-09-27 20:36 . 2010-09-27 20:37 -------- d-----w- c:\users\Armend\AppData\Roaming\.minecraft
    2010-09-27 19:51 . 2010-09-27 20:29 -------- d-----w- c:\program files\GOG.com
    2010-09-27 19:36 . 2010-09-27 19:36 2005392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DA8B1B-8429-4131-A557-2113E97DBD85}\mpavdlta.vdm
    2010-09-27 19:36 . 2010-09-27 19:36 360848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DA8B1B-8429-4131-A557-2113E97DBD85}\mpasdlta.vdm
    2010-09-27 19:36 . 2010-09-26 19:44 41722256 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DA8B1B-8429-4131-A557-2113E97DBD85}\mpavbase.vdm
    2010-09-27 19:36 . 2010-09-26 19:44 12300688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0DA8B1B-8429-4131-A557-2113E97DBD85}\mpasbase.vdm
    2010-09-27 17:10 . 2010-09-27 18:47 -------- d-----w- c:\program files\Diablo II
    2010-09-27 17:10 . 2010-09-27 17:11 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-09-26 22:21 . 2010-09-26 22:21 -------- d-----w- C:\e38615caaef2911b9621fd5d
    2010-09-26 21:53 . 2010-09-26 21:53 -------- d-----w- c:\users\Armend\AppData\Local\Microsoft Games
    2010-09-26 19:46 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-02 22:46 . 2010-09-02 22:46 -------- d-----w- c:\windows\SHELLNEW
    2010-09-02 22:36 . 2010-09-02 22:36 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-09-02 22:35 . 2010-09-27 20:42 -------- d-----w- c:\program files\Microsoft.NET
    2010-09-02 22:34 . 2010-09-02 22:34 -------- d-----w- c:\users\Armend\AppData\Local\Microsoft Help
    2010-09-02 22:34 . 2010-09-02 22:34 -------- d-----r- C:\MSOCache
    2010-09-02 22:11 . 2010-09-02 22:11 -------- d-----w- c:\program files\Common Files\Java
    2010-09-02 22:11 . 2010-09-02 22:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-02 22:10 . 2010-09-02 22:10 -------- d-----w- c:\program files\Java
    2010-09-02 01:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-09-02 01:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-09-02 01:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-09-02 01:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-09-02 01:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-09-02 00:53 . 2010-09-01 20:37 1953680 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavdlta.vdm
    2010-09-02 00:53 . 2010-09-01 20:37 438672 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasdlta.vdm
    2010-09-02 00:53 . 2010-08-31 11:47 40258960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpavbase.vdm
    2010-09-02 00:53 . 2010-08-31 11:47 12120464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpasbase.vdm
    2010-09-02 00:51 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-09-02 00:48 . 2010-09-02 00:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-09-02 00:47 . 2010-09-02 00:48 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-09-02 00:47 . 2010-09-02 22:32 -------- d-----w- c:\users\Armend\AppData\Roaming\DAEMON Tools Lite
    2010-09-02 00:47 . 2010-09-02 00:47 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2010-09-01 20:40 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-09-01 20:38 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-09-01 20:37 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-08-31 20:57 . 2010-09-26 19:36 79136 ----a-w- c:\users\Armend\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-08-31 20:53 . 2010-08-31 20:53 -------- d-----w- c:\users\Armend\AppData\Local\FSP
    2010-08-31 13:34 . 2010-08-31 13:34 -------- d-----w- c:\program files\CCleaner
    2010-08-31 12:39 . 2010-08-31 12:39 -------- d-----w- c:\users\Armend\AppData\Local\VS Revo Group
    2010-08-31 12:38 . 2009-12-30 11:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-08-31 12:38 . 2010-08-31 12:38 -------- d-----w- c:\program files\VS Revo Group
    2010-08-31 12:30 . 2010-08-31 12:30 -------- d-----w- c:\program files\uTorrent
    2010-08-31 12:29 . 2010-09-28 20:10 -------- d-----w- c:\users\Armend\AppData\Roaming\uTorrent
    2010-08-31 12:23 . 2010-09-29 08:16 -------- d-----w- c:\users\Armend\Tracing
    2010-08-31 12:22 . 2010-04-28 06:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-08-31 12:07 . 2010-08-31 12:08 -------- d-----w- c:\users\Armend\AppData\Local\Google
    2010-08-31 12:07 . 2010-08-31 12:07 -------- d-----w- c:\users\Armend\AppData\Local\Apps
    2010-08-31 12:07 . 2010-08-31 12:07 -------- d-----w- c:\users\Armend\AppData\Local\Deployment
    2010-08-31 11:51 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-08-31 11:51 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-08-31 11:48 . 2010-09-26 19:43 1946512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
    2010-08-31 11:48 . 2010-09-26 19:44 41722256 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
    2010-08-31 11:48 . 2010-09-26 19:43 297360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
    2010-08-31 11:48 . 2010-09-26 19:44 12300688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-29 04:58 . 2010-01-18 13:35 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-27 14:05 . 2010-01-21 14:01 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-02 22:35 . 2010-01-18 13:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-09-02 21:33 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
    2010-09-02 00:54 . 2010-01-21 14:16 -------- d-----w- c:\program files\Microsoft Security Essentials
    2010-08-31 14:26 . 2010-08-31 14:26 0 ----a-w- c:\users\Armend\AppData\Roaming\wklnhst.dat
    2010-08-31 12:22 . 2010-01-18 13:33 -------- d-----w- c:\program files\Windows Live
    2010-08-14 16:40 . 2010-08-14 16:40 8245424 ----a-w- c:\users\Armend\AppData\Roaming\MediaMonkey_3.2.2.1300.exe
    2010-08-14 16:40 . 2010-08-14 16:40 8245424 ----a-w- c:\users\Armend\AppData\Roaming\MediaMonkey_3.2.2.1300.exe
    2010-07-29 06:30 . 2010-09-01 20:39 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-09-01 20:39 82944 ----a-w- c:\windows\system32\iccvid.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Armend\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-31 136176]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
    "fspuip"="c:\program files\FSP\fspuip.exe" [2009-09-23 3342336]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-09-02 691696]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2009-09-22 41984]
    S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-28 638976]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job
    - c:\users\Armend\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 12:07]

    2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job
    - c:\users\Armend\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 12:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://fl.iamwired.net/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3184)
    c:\program files\MediaMonkey\DeskPlayer.dll
    .
    Completion time: 2010-09-29 09:49:48
    ComboFix-quarantined-files.txt 2010-09-29 08:49

    Pre-Run: 228,093,575,168 bytes free
    Post-Run: 228,047,216,640 bytes free

    - - End Of File - - C6AA51112041E957E76E9C3A97E75D3B
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    you have 2 active antivirus on this one

    MSE & Avast

    decide which you want & uninstall the other

    For a netbook, I would go with MSE which tends to be lighter on resources than Avast

    see if taht cures chroem, otherwise uninstall chrome & reinstall it as a corrupt install or profile can cause that

    I think it is more likely to be MSE & Avast both checking webpages at the same time & making chrome fall over
     
  4. armendvisoka

    armendvisoka Thread Starter

    Joined:
    Jun 4, 2007
    Messages:
    102
    I'm still getting the error, I uninstalled avast, restarted and still got it. I then reinstalled Chrome, but I'm still getting it. Any other ideas?

    I installed Avast because I was getting this error by the way because of virus', so It's not Avast' fault.

    EDIT: The homepage on IE and Google Chrome got changed to something called "fl.iamwired.com" and also something got installed on my netbook called flvtube player, I uninstalled it though.
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    I can't see anything
    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites

    http://www.eset.com/online-scanner
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
     
  6. armendvisoka

    armendvisoka Thread Starter

    Joined:
    Jun 4, 2007
    Messages:
    102
    The scan didn't pick anything up and Chrome is loading fine now, thanks for the help anyway, I really appreciate it! :)
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    chrome has a silent autoupdate mechanism, so it is very posible that there was an update that was faulty & a new update cured it

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/953123