locked
Problem with BSOD w/ malware report RRS feed

  • Question

  • Hey I was playing a game the other day and began getting BSODs frequently. I had only gotten one in the past week and then all of the sudden I got several. It was the IRQL_not_or_less_equal shabang. Which I'm sure has been answered several times but I decided to do a malwarebytes quick scan and now I am worried. I got this report:
    an options disabled: P2P
    Objects scanned: 243314
    Time elapsed: 6 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
    HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> No action taken.
    HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
    HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken.
    HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken.
    HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> No action taken.
    HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE} (PUP.Optional.Adpeak) -> No action taken.
    HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken.
    HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> No action taken.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> No action taken.

    Registry Values Detected: 4
    HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: MYSTART -> No action taken.
    HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {39B87C3E-3154-11E3-BE7F-6817294D1E34} -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName (PUP.Optional.Adpeak) -> Data: Level Quality Watcher -> No action taken.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {39B87C3E-3154-11E3-BE7F-6817294D1E34} -> No action taken.

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN28884128042791397&UM=2&ctid=CT3317127) Good: (http://www.google.com) -> No action taken.

    Folders Detected: 5
    C:\Program Files (x86)\Level Quality Watcher (PUP.Optional.Adpeak) -> No action taken.
    C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.
    C:\ProgramData\Conduit\IE\CT3317127 (PUP.Optional.Conduit.A) -> No action taken.
    C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> No action taken.

    Files Detected: 15
    C:\Users\Zach\Downloads\Hamachi_Setup (1).exe (PUP.Optional.iBryte) -> No action taken.
    C:\Users\Zach\Downloads\Hamachi_Setup.exe (PUP.Optional.iBryte) -> No action taken.
    C:\Users\Zach\Downloads\jre-7u7-windows-x64-aoc-jd.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\Zach\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.
    C:\Users\Zach\Local Settings\Temporary Internet Files\IE\LKI9ULKQ\PFStaticIP3Offers_8008[1].exe (PUP.Optional.InstallMonetizer.A) -> No action taken.
    C:\Windows\Installer\11e51fd.msi (PUP.Optional.Adpeak) -> No action taken.
    C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe (PUP.Optional.Adpeak) -> No action taken.
    C:\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe (PUP.Optional.Adpeak) -> No action taken.
    C:\ProgramData\Conduit\IE\CT3317127\UninstallerUI.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\SysWOW64\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
    C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> No action taken.

    (end)
    I dont know what to do about any of this as I am not too savvy with computers but some help would be GREATLY appreciated. Also, some files were making me nervous in my task manager. I have several service host: locals up at one time which I dont understand and something named dmwu with some sort of incredibar?.. I dont know. 

    Help please.
    Thanks so much
    Zach
    Wednesday, December 4, 2013 2:48 AM

Answers

All replies

  • ZS

    I believe you ran Malwarebytes in scan only mode so no action was taken.  Suggest you re-run it in scan & "repair" (unsure of their terminology) mode.

    After it has fixed all it can re-run it to see if there is anything left and if so you may need some additional software to eliminate the really nasty stuff.

    Whatever you were using for malware didn't work, or perhaps it was where you were going.


    Wanikiya and Dyami--Team Zigzag


    • Edited by ZigZag3143x Wednesday, December 4, 2013 3:00 AM
    Wednesday, December 4, 2013 3:00 AM
  • I do not believe it is possible to run in repair mode in malwarebytes. At least the version I have. Would you have any suggestions on what to use instead?

    Thanks for replying!
    Wednesday, December 4, 2013 3:14 AM
  • Hi Zach,

    I wouldn't worry too much, the report doesn't show anything malicious. Everything detected is marked as PUP (potentially unwanted program) and was most likely bundled with various applications that have been installed on your PC. These are usually junk toolbars and other such nonsense.

    Here's a link to the Malwarebytes support article on PUP detections and how to remove them:

    https://helpdesk.malwarebytes.org/entries/23482988-What-are-the-PUP-detections-are-they-threats-and-should-they-be-deleted-

    Also, just to be safe, it couldn't hurt to run an online virus scan either:

    http://housecall.trendmicro.com/


    Don't retire TechNet! - (Don't give up yet - 12,420+ strong and growing)

    • Marked as answer by Zach Stacy Thursday, December 5, 2013 2:18 AM
    Wednesday, December 4, 2013 3:46 AM
  • thanks a lot!
    One last thing, my system has slow down exponentially from just a few days ago.

    I think a contributing factor is my task manager processes.

    I'm going to be honest here and tell you I don't particularly know how to show you what processes are running, but one problem is that i have about three 'service host: local' going at one time. Along with some other unknown processes. 

    sevice host windows image acquisition

    service host remote procedure call (2)

    service host network service (4)

    service host micrsoft software shadow copy provider

    service host local service (no impersonation) (4)

    service host local service (network restricted) (7)
    service host local service DCOM server process launcher (6)

    The numbers in parentheses were how many apps were in the drop down. There is a total of 58 background processes. I don't know why this is worrying me so much, but there has to be some problem because it has slowed down tremendously. Thanks for the help so far, 

    Zach

    Wednesday, December 4, 2013 4:12 AM
  • Oh! I also forgot that everytime I try to shut down or restart a message comes up saying that there is an app preventing shut down and its with some icon that is with a plain program (dont know what to call it, its like the basic program icon that screams virus) and my computer doesnt actually give a name for it. but it shuts down anyway. just wondering what that was
    Wednesday, December 4, 2013 4:17 AM
  • Oh god and now I've gotten two messages so far after I restarted saying that malwarebytes has successfully blocked a malicious site with some random ip
    Wednesday, December 4, 2013 4:18 AM
  • Zach

    Have you restarted in safe mode and run Malwarebytes?  You may be at a point where the only safe option is to format the drive and do a reset (or clean install)


    Wanikiya and Dyami--Team Zigzag

    • Marked as answer by Zach Stacy Thursday, December 5, 2013 2:17 AM
    Wednesday, December 4, 2013 8:51 AM
  • :( I hoped i wouldn't have to do that. Oh well. Thanks for the help I suppose.
    Thursday, December 5, 2013 2:17 AM