Jump to content

Occasional BSOD caused by possible malware


Recommended Posts

Having installed the new version of Malwarebytes, I have been experiencing the Blue Screen Of Death for the first time in a year or two. I was advised the clean malwarebytes off my computer then reinstall it. I did so and i thought everything was fixed. then the BSOD happened again. as days passed, it just happened every now and then. It also happened as i was typing this post while GMER Rootkit was scanning (thankfully firefox was friendly and managed to save all my text). I've also experienced another problem.

at random times, something causes a command freeze. nothing is able to load. It is an infinite hang where you can't open anything (not even task manager). trying to put you computer in sleep mode will make the screen go black, but not succeed in putting the computer in sleep mode. start menu also won't load. it causes me to have to hold the power button to shut down since there's no way of getting out of it. so far i believe this has happened 4 times since updating Malwarebytes.

Yesterday i walked away from my computer for around 10 minutes. upon returning, the only thing i saw was my background. no start bar, no desktop icons, and no commands were working such as right click, CTRL+ALT+DEL or CTRL+ALT+SHIFT. this is another thing that caused me to have to hold the power button down since nothing else works. this has only happened once.

I experience random program crashes and errors at times as well. I have been unable to make a full scan with both Malwarebytes and MSE for it causes the computer to freeze during the middle of the full scan for either program. I have the required info attached along with the DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20

Run by Jonny at 14:30:11 on 2011-10-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.1628 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe

C:\Windows\System32\snmp.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\taskhost.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Yamicsoft\Windows 7 Manager\FreeMemory.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\IObit\Advanced SystemCare 4\Asc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title =

mSearch Bar = hxxp://www.Google.com/

mSearchMigratedDefaultURL = hxxp://www.Google.com/

mSearchURL = hxxp://www.Google.com/

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 4\Suo10_SmartRAM.exe" /m

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{15533D75-0AF7-467F-B52B-97B03E45E2BD} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C56E0A85-8A7A-4CA2-9B2D-EB8867F3C7B4} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C56E0A85-8A7A-4CA2-9B2D-EB8867F3C7B4}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C56E0A85-8A7A-4CA2-9B2D-EB8867F3C7B4}\8315F4A523 : DhcpNameServer = 192.168.1.1 71.243.0.12

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\1lpbvj38.default\

FF - prefs.js: browser.startup.homepage - hxxp://nintendo3dscommunity.com/

FF - prefs.js: network.proxy.http - 212.93.193.90

FF - prefs.js: network.proxy.http_port - 443

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\1lpbvj38.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

.

---- FIREFOX POLICIES ----

// Turn on timer-based reflow management

FF - user.js: content.notify.ontimer - true

.

// Sets the allowed time between reflows in microseconds

FF - user.js: content.notify.interval - 750000

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.switch.threshold - 750000

.

// Set the number of reflows to do before waiting for the rest of the page to arrive

FF - user.js: content.notify.backoffcount - 5

.

// Turn initial paint delay to

FF - user.js: nglayout.initialpaint.delay - 500

.

// Set Maximum Connections Per Server

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

user_pref(network.http.max-persistent-connections-per-proxy,16);

FF - user.js: network.http.max-persistent-connections-per-server - 8

============= SERVICES / DRIVERS ===============

.

R0 uodin86;uodin86;c:\windows\system32\drivers\uodin86.sys [2010-8-30 25776]

R1 is-688EBdrv;is-688EBdrv;c:\windows\system32\drivers\06574797.sys [2009-1-7 148496]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 MpKslc70a7b07;MpKslc70a7b07;c:\programdata\microsoft\microsoft antimalware\definition updates\{8c66ad90-a111-44c2-bab1-5b74e62d703c}\MpKslc70a7b07.sys [2011-10-3 28752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-29 353168]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-9-8 291840]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-7-18 89376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-28 366152]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2010-1-12 33792]

R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]

R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-11-6 4867952]

R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]

R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-11-6 414576]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-10-2 37944]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-28 22216]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-14 171520]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 130320]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2011-7-13 16640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-31 29472]

S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-1-30 29184]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-18 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-18 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-18 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-18 40552]

S3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-3-18 12096]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-10-8 31888]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-7-27 17792]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-6 16240]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-23 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S3 XIRLINK;eVision 123 digital camera;c:\windows\system32\drivers\ucdnt.sys [2011-2-17 880008]

S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 30192]

S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-7-7 954368]

S4 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]

S4 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2008-2-27 94208]

S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

.

=============== Created Last 30 ================

.

2011-10-03 18:25:05 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c66ad90-a111-44c2-bab1-5b74e62d703c}\MpKslc70a7b07.sys

2011-10-03 18:24:43 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c66ad90-a111-44c2-bab1-5b74e62d703c}\offreg.dll

2011-10-03 18:24:33 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8c66ad90-a111-44c2-bab1-5b74e62d703c}\mpengine.dll

2011-10-03 11:20:06 -------- d-sh--w- C:\found.000

2011-10-02 23:38:39 -------- d-----w- c:\users\jonny\appdata\local\AMD

2011-10-02 23:38:29 -------- d-----w- c:\program files\AMD APP

2011-10-02 23:37:58 -------- d-----w- c:\programdata\AMD

2011-10-02 23:37:48 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys

2011-09-29 18:41:20 -------- d-----w- c:\program files\Sandboxie - Copy

2011-09-28 19:01:11 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes

2011-09-28 19:00:56 -------- d-----w- c:\programdata\Malwarebytes

2011-09-28 19:00:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-28 19:00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-24 18:07:18 -------- d-----w- C:\srcds

2011-09-18 21:29:38 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP

2011-09-18 19:48:08 -------- d-----w- c:\program files\Ffmpeg For Audacity

2011-09-14 15:47:40 53760 ----a-w- c:\windows\system32\OVDecode.dll

2011-09-14 15:47:18 43520 ----a-w- c:\windows\system32\OpenCL.dll

2011-09-14 15:46:58 13625856 ----a-w- c:\windows\system32\amdocl.dll

2011-09-14 15:38:28 37376 ----a-w- c:\windows\system32\amdoclcl.dll

2011-09-07 23:14:09 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6f6e227f-7f6a-450c-9d1b-19d5a3f06df0}\gapaengine.dll

.

==================== Find3M ====================

.

2011-09-25 17:26:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 15:14:42 89376 ----a-w- c:\windows\system32\drivers\idmwfp.sys

.

============= FINISH: 14:30:45.26 ===============

attachment.zip

Link to post
Share on other sites

post-32477-1261866970.gif

This may not be an infection causing this

Logs will be closed if you haven't replied within 3 days

Is there a reason you installed a proxy server with FireFox?

FF - prefs.js: network.proxy.http_port - 443

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Actually i forget the reason i installed a proxy. i have no need for it. I'll search later as to how to remove it.

During the last two days of following the the instructions in the "i'm infected - what do i do now?" topic and then posting about my problem, i have kept malwarebytes protection module off and i haven't had any issues since disabling it. This makes me believe that some file that malwarebytes detects causes the BSOD. Unsure as to why, but i haven't had any issues since turning it off two days ago. the scan results given are from a quick scan for the computer freezes in the middle of a full scan no matter what i do.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7888

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

10/6/2011 5:07:16 PM

mbam-log-2011-10-06 (17-07-16).txt

Scan type: Quick scan

Objects scanned: 195793

Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Link to post
Share on other sites

While we're at it lets do this

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e3357427fe3a544c9abd38248ef10bd3

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-07 01:10:52

# local_time=2011-10-06 09:10:52 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1029 16777214 0 1 53140270 53140270 0 0

# compatibility_mode=5893 16776574 100 94 18529828 69480651 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=435484

# found=0

# cleaned=0

# scan_time=13990

Link to post
Share on other sites

Please do the following to see if it resolves the issue: Post back and let us know please


  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

I'll follow these instructions, but before i do i would like to alert you that i have done this twice already before posting about my BSOD problem in the malware forum. it seemed like it fixed the problem at first but then it happened again.

Oh and as of 5 minutes ago, i got the BSOD when opening Windows Update. this was WITHOUT Malwarebytes protection module opened. After the computer restarted from the crash i opened windows update again and it loaded without a problem.

Now i'm terribly confused where the cause of the problem is... Do you have anything to add or should i proceed with your instructions?

Link to post
Share on other sites

1. Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:

Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

2. Type the following command, and then press ENTER:

sfc /scannow <--Note the space, it needs to be there

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Link to post
Share on other sites

unfortunately BSODs still occur. one happened only a few moments ago as i had firefox opened while reading a guide for a game. it was working fine but when i went to switch tabs the program was unresponsive for an unknown reason (no pages were loading or anything. i never even managed to click the tab.). i ended the process of firefox since it wouldn't respond after 5 minutes and reopened it. when the firefox window came up, the BSOD occured.

Malwarebytes was running and so was MSE. is there a small chance that MSE might be causing the problem? I know it isn't conflicting with Malwarebytes in any way for i have MSE set to ignore the processes and folder of malwarebytes and vice versa with Malwarebytes to MSE.

Link to post
Share on other sites

http://news.cnet.com/8301-13880_3-10081925-68.html

To disable all of Firefox's add-ons, you have to open the browser in its Safe Mode (no relation to Windows' own Safe Mode) by clicking Start > All Programs > Mozilla Firefox > Mozilla Firefox (Safe Mode). A quicker way is to press the Windows key (in XP, follow this by pressing R), type Firefox -safe-mode, and press Enter.

Link to post
Share on other sites

i can run firefox in safe mode which disables all addons but i'm 100% sure that firefox isn't the problem. i haven't installed an addon in a while anyway. i fear this problem may be unidentifiable, i hope not.

When i said maybe MSE is causing the problem, i didn't mean Malwarebytes was involved with MSE to make it occur. I wonder if i did a clean uninstall of MSE then reinstalled it. is it worth a shot?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.