Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD caused by malware


  • Please log in to reply

#1
makihara

makihara

    Member

  • Member
  • PipPipPip
  • 139 posts
Hello,

I've been getting BSODs randomly after potentially getting infected from a streaming website. The malware has caused some redirection problems n chrome and general computer laggyness has ensued.

I know i brought this on myself but hopefully you can help me out anyway you can. and thanks in advance

oh and i have a Dell laptop running windows 7

Logs:

AVG is bringing up errors so i posted a log of the virus database
I ran Malwarebytes and got a log.
i ran HJT and got a log


Thank you for any help!
James


AVG log>>>>>>>>>>>>>>>>>>>>

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:38:29";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\Windows\Temp\0.40466008136094633.exe";"Infect ed";"26/09/2010, 16:38:29";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\hotfix.exe";"Infected";"26/09/2010, 16:38:27";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:36:27";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\Windows\Temp\0.40466008136094633.exe";"Infect ed";"26/09/2010, 16:35:11";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\google.exe";"Infected";"26/09/2010, 16:34:58";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WPX";"c:\Users\Amy\AppData\Local\Temp\mIRmxfbFgU.exe";"Infected"; "26/09/2010, 16:34:58";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:34:57";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\hotfix.exe";"Infected";"26/09/2010, 16:31:59";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.VQW";"c:\Users\Amy\AppData\Roaming\Woup\ciub.exe";"Infected";"22/09/2010, 10:29:03";"file";"C:\Windows\Explorer.EXE"
"Trojan horse FakeAlert.UE";"c:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPH281XA\setup[1].exe";"Infected";"19/09/2010, 22:21:17";"file";"C:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe"
"Adware Generic4.ANSL";"c:\Users\Amy\Downloads\unconfirmed 33842.download";"Potentially dangerous object";"18/09/2010, 22:36:49";"file";"C:\Windows\system32\SearchProtocolHost.exe"




Malware BYtes>>>>>>>>>>>>


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4698

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/09/2010 16:37:51
mbam-log-2010-09-26 (16-37-51).txt

Scan type: Quick scan
Objects scanned: 138417
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\KBDxia.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhoqix (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxezuxox (Trojan.Hiloti) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\KBDxia.dll (Trojan.Hiloti) -> No action taken.
C:\hotfix.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\RpBNmNlFNb.exe (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\B52A.tmp (Rootkit.TDSS) -> No action taken.
C:\Windows\Temp\0.40466008136094633.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe (Trojan.Dropper) -> No action taken.
C:\Windows\Temp\hgksfg.bat (Malware.Trace) -> No action taken.




HJT>>>>>>>>>>>>>>>>>>



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:45, on 26/09/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Airytec\Switch Off\swoff.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Airytec Switch Off] "C:\Program Files\Airytec\Switch Off\swoff.exe" -auto
O4 - HKCU\..\Run: [Wxezuxox] rundll32.exe "C:\Users\Amy\AppData\Local\KBDxia.dll",Startup
O4 - HKCU\..\Run: [Mhoqix] rundll32.exe "C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Users\Amy\Music\Limewire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8092 bytes
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP