I've been getting BSODs randomly after potentially getting infected from a streaming website. The malware has caused some redirection problems n chrome and general computer laggyness has ensued.
I know i brought this on myself but hopefully you can help me out anyway you can. and thanks in advance
oh and i have a Dell laptop running windows 7
Logs:
AVG is bringing up errors so i posted a log of the virus database
I ran Malwarebytes and got a log.
i ran HJT and got a log
Thank you for any help!
James
AVG log>>>>>>>>>>>>>>>>>>>>
Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:38:29";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\Windows\Temp\0.40466008136094633.exe";"Infect ed";"26/09/2010, 16:38:29";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\hotfix.exe";"Infected";"26/09/2010, 16:38:27";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:36:27";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\Windows\Temp\0.40466008136094633.exe";"Infect ed";"26/09/2010, 16:35:11";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\google.exe";"Infected";"26/09/2010, 16:34:58";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WPX";"c:\Users\Amy\AppData\Local\Temp\mIRmxfbFgU.exe";"Infected"; "26/09/2010, 16:34:58";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.WSL";"c:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe";"In fected";"26/09/2010, 16:34:57";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Downloader.Generic10.UOG";"c:\hotfix.exe";"Infected";"26/09/2010, 16:31:59";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
"Trojan horse Generic19.VQW";"c:\Users\Amy\AppData\Roaming\Woup\ciub.exe";"Infected";"22/09/2010, 10:29:03";"file";"C:\Windows\Explorer.EXE"
"Trojan horse FakeAlert.UE";"c:\Users\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPH281XA\setup[1].exe";"Infected";"19/09/2010, 22:21:17";"file";"C:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe"
"Adware Generic4.ANSL";"c:\Users\Amy\Downloads\unconfirmed 33842.download";"Potentially dangerous object";"18/09/2010, 22:36:49";"file";"C:\Windows\system32\SearchProtocolHost.exe"
Malware BYtes>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4698
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26/09/2010 16:37:51
mbam-log-2010-09-26 (16-37-51).txt
Scan type: Quick scan
Objects scanned: 138417
Time elapsed: 6 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\KBDxia.dll (Trojan.Hiloti) -> No action taken.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhoqix (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxezuxox (Trojan.Hiloti) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\KBDxia.dll (Trojan.Hiloti) -> No action taken.
C:\hotfix.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\RpBNmNlFNb.exe (Trojan.Hiloti) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\B52A.tmp (Rootkit.TDSS) -> No action taken.
C:\Windows\Temp\0.40466008136094633.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Amy\AppData\Local\Temp\0.5418503881717701.exe (Trojan.Dropper) -> No action taken.
C:\Windows\Temp\hgksfg.bat (Malware.Trace) -> No action taken.
HJT>>>>>>>>>>>>>>>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:45, on 26/09/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Airytec\Switch Off\swoff.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Amy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Airytec Switch Off] "C:\Program Files\Airytec\Switch Off\swoff.exe" -auto
O4 - HKCU\..\Run: [Wxezuxox] rundll32.exe "C:\Users\Amy\AppData\Local\KBDxia.dll",Startup
O4 - HKCU\..\Run: [Mhoqix] rundll32.exe "C:\Users\Amy\AppData\Local\ivamuxudipotafa.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Users\Amy\Music\Limewire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8092 bytes