Jump to content

Possible virus, shut downs and blue screens


shelx

Recommended Posts

Hi there. First time posting here so I hope I'm doing this right. We have been getting a blue screen with a Microsoft update for some time. We've been simply reverting to an earlier time and denying updates since but sometimes the computer will update automatically and then the blue screen starts again until we revert.

In the past two days, that has changed and now we are getting blue screens (of every variety) and random shut downs (firefox, adobe pdf, etc.) Rkill finds nothing. TDSS (is that right?) finding nothing. Malwarebytes finds random threats at various times and Microsoft security essentials finds nothing. Now in the past two days, I can't run any of it without a blue screen.

I ran DDS. Here is the log... And I'll try to attach the other.

Thanks,

Shelley

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Mom and Dad at 15:29:54 on 2011-11-16

.

============== Running Processes ===============

.

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Documents and Settings\Mom and Dad\Desktop\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll

TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1308032314000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{08F8B06B-D0F2-44BD-9E6C-EFA7164C561E} : DhcpNameServer = 192.168.0.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mom and dad\application data\mozilla\firefox\profiles\ggcpniny.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\mom and dad\application data\mozilla\firefox\profiles\ggcpniny.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\mom and dad\application data\mozilla\firefox\profiles\ggcpniny.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll

FF - component: c:\documents and settings\mom and dad\application data\mozilla\firefox\profiles\ggcpniny.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R? BTCFilterService;USB Networking Driver Filter Service

R? cpuz134;cpuz134

R? MBAMSwissArmy;MBAMSwissArmy

R? motccgp;Motorola USB Composite Device Driver

R? motccgpfl;MotCcgpFlService

R? Motousbnet;Motorola USB Networking Driver Service

R? motusbdevice;Motorola USB Dev Driver

R? MpKsl0c895509;MpKsl0c895509

R? MpKsl11e2deb7;MpKsl11e2deb7

R? MpKsl1cf19edf;MpKsl1cf19edf

R? MpKsl22e21f27;MpKsl22e21f27

R? MpKsl26bad12f;MpKsl26bad12f

R? MpKsl2ffbf872;MpKsl2ffbf872

R? MpKsl362b4b45;MpKsl362b4b45

R? MpKsl3a7b2803;MpKsl3a7b2803

R? MpKsl48757506;MpKsl48757506

R? MpKsl5e2a67ee;MpKsl5e2a67ee

R? MpKsl62369e21;MpKsl62369e21

R? MpKsl67ee1112;MpKsl67ee1112

R? MpKsl6d32849f;MpKsl6d32849f

R? MpKsl70bb0cc0;MpKsl70bb0cc0

R? MpKsl7191aa27;MpKsl7191aa27

R? MpKsl8e46d220;MpKsl8e46d220

R? MpKsl94236aff;MpKsl94236aff

R? MpKsl9fbcf595;MpKsl9fbcf595

R? MpKsla8cceacb;MpKsla8cceacb

R? MpKslab7c1251;MpKslab7c1251

R? MpKslb12298f1;MpKslb12298f1

R? MpKslb37003f6;MpKslb37003f6

R? MpKslb467201d;MpKslb467201d

R? MpKslb9c644e1;MpKslb9c644e1

R? MpKslc1a2f3b7;MpKslc1a2f3b7

R? MpKslc7a11f60;MpKslc7a11f60

R? MpKslc9d1d37e;MpKslc9d1d37e

R? MpKslcc3afb81;MpKslcc3afb81

R? MpKslcfa3c2dc;MpKslcfa3c2dc

R? MpKsld287ec3b;MpKsld287ec3b

R? MpKsle0fbbc2f;MpKsle0fbbc2f

R? MpKsle125f116;MpKsle125f116

R? MpKsle3a9fd38;MpKsle3a9fd38

R? MpKsle87a566b;MpKsle87a566b

R? MpKslea6c7258;MpKslea6c7258

R? MpKsleceabb84;MpKsleceabb84

R? MpKslecf79068;MpKslecf79068

R? MpKsledef84c0;MpKsledef84c0

R? MpKslee657261;MpKslee657261

R? MpKslf2bf3572;MpKslf2bf3572

R? MpKslf53c0f10;MpKslf53c0f10

R? MpKslff45f924;MpKslff45f924

R? rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver

S? McrdSvc;Media Center Extender Service

S? MpFilter;Microsoft Malware Protection Driver

S? MpKsl099cdcaa;MpKsl099cdcaa

S? MpKsl0f59d5ff;MpKsl0f59d5ff

S? MpKsl13990b87;MpKsl13990b87

S? MpKsl8832332c;MpKsl8832332c

S? sxuptp;SXUPTP Driver

.

=============== Created Last 30 ================

.

2011-11-16 23:18:53 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab1f1aa5-5169-47cd-a946-6c3620cbbaef}\MpKsl0f59d5ff.sys

2011-11-16 23:18:29 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab1f1aa5-5169-47cd-a946-6c3620cbbaef}\offreg.dll

2011-11-16 23:18:27 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab1f1aa5-5169-47cd-a946-6c3620cbbaef}\mpengine.dll

2011-11-16 22:39:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-16 22:39:03 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-11-16 22:39:03 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-11-16 22:39:03 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-11-16 22:39:03 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-11-16 22:39:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-11-16 22:39:02 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-11-16 22:39:02 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-11-16 14:25:07 -------- dc----w- C:\spoolerlogs

2011-11-15 21:58:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-15 18:56:20 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-11-15 18:56:20 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-08 00:02:55 -------- dc----w- C:\cfb5b9787731629df5c38036aab12449

2011-11-05 22:21:30 -------- dc----w- C:\ea144872f830ac825f05f5

2011-11-05 22:11:27 -------- dc----w- C:\89dcb646efa67ac6f735

2011-11-05 19:31:09 -------- dc----w- C:\8dd4ea2c94f809fb1efb5ec94c54

2011-11-05 09:43:01 -------- dc----w- C:\c4d3b994e2c78d717310eae8c4

2011-10-27 03:08:19 -------- dc----w- C:\70f4a7c5e9672aa0bd

2011-10-26 22:32:12 -------- dc----w- C:\e738c8fdcf0f9cde6ed99338b023bf65

2011-10-26 22:27:31 -------- dc----w- C:\2775f81df71cd045821b1e9124adc531

2011-10-26 18:38:38 -------- dc----w- C:\e4d175ff2004b5884e1c2447ef

2011-10-26 14:25:10 -------- dc----w- C:\ac2be2a1f0f2ff9ab6217f74c7

2011-10-26 10:00:26 -------- dc----w- C:\7a2e56ea1034e4fb1ea399

2011-10-24 15:50:36 -------- dc----w- C:\8cc4d6722adf9b2a8c0b91c709

2011-10-24 14:59:26 -------- dc----w- C:\5adc2983e004356b201b44

2011-10-24 10:00:29 -------- dc----w- C:\d4317275c7c98987237496ee1b

2011-10-23 17:49:58 -------- dc----w- C:\3621b35cadd7d9b8fa69e334c19fbd

2011-10-23 16:34:15 -------- dc----w- C:\f510278bf088dbd446554174e095

2011-10-23 16:29:05 -------- dc----w- C:\124deabae608172baa2cd8

2011-10-23 16:22:51 -------- dc----w- C:\b345271afa0f984a8604fdc3

2011-10-23 16:16:34 -------- dc----w- C:\9cd220db678207e230fc0f7192

2011-10-23 16:10:55 -------- dc----w- C:\ad8b15c9ee68f407fbff96d3b972

2011-10-23 16:05:01 -------- dc----w- C:\47209d3a972a4bfcd0f26554248e7722

2011-10-23 10:00:19 -------- dc----w- C:\dc1dcfe03790b9422b8e95f37d

2011-10-22 18:55:36 -------- d-----w- c:\documents and settings\mom and dad\local settings\application data\PCHealth

2011-10-22 14:08:16 -------- dc----w- C:\59d4e02ea6d94df2dfc0

2011-10-22 03:25:19 -------- d-----w- c:\documents and settings\mom and dad\Tracing

2011-10-21 12:58:15 -------- dc----w- C:\f884bca57f0923eaff

2011-10-20 19:16:39 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-10-20 19:16:39 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

2011-10-20 19:16:02 -------- d-----w- c:\documents and settings\all users\application data\Applications

2011-10-19 14:27:40 -------- dc----w- C:\669f9687d744a47040f62e86985640

2011-10-19 10:00:20 -------- dc----w- C:\98a6f0ecc59b83518a

2011-10-18 13:55:02 -------- dc----w- C:\5c190060087700d770101b0f35

2011-10-18 10:06:57 -------- dc----w- C:\bb7cf6a42379b7f22d31b825

.

==================== Find3M ====================

.

2011-11-15 18:39:24 90112 ----a-w- c:\windows\DUMP3a69.tmp

2011-10-28 17:37:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\SET5.tmp

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\SET3.tmp

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\SET4.tmp

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(3)(3).dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(2).dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(2)(3).dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k(2)(3).sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3)(2).dll

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(2)(2).dll

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-24 00:48:56 11081728 ----a-w- c:\windows\system32\ieframe(2)(3).dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet(2)(3).dll

2011-08-22 23:48:55 1212416 ----a-w- c:\windows\system32\urlmon(2)(3).dll

2011-08-22 23:48:55 105984 ----a-w- c:\windows\system32\url(2)(3).dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 2000384 ----a-w- c:\windows\system32\iertutil(2)(3).dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 15:36:31.35 ===============

Nevermind... I see the Vuze and maybe other file sharing programs. I knew that one of our teens was downloading last year but I thought all that stuff was gone off the computer. After I've removed whatever I can find, I'll repost if there is still a problem. Sorry.

attach.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.