Mxbn0
2010-08-30, 04:16
Hi there,
I've managed to salvage my laptop safely to safe mode after I left it only to come back to it constantly restarting and when I logged in, it would load up the desktop, then anything I tried to run would create an error, and then shutdown again. I booted it in safe mode and ran spybot, and malwarebytes anti-malware, and removed quite a few nasty things (not sure where to find a log of the deleted files). There are still a few remaining issues though, where a normal boot up and login will yield an infinite loop of crashing explorer.exe's.
Attached is the DDS report running from safe mode. I can try it from a normal boot if needed.
Any help would be much appreciated :)
Max
DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Max at 11:53:39.98 on Mon 08/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1363 [GMT 10:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Max\AppData\Local\Temp\Rar$EX00.099\shexview.exe
E:\Downloads\Firefox Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uRun: [DU Meter] e:\program files (x86)\du meter\DUMeter.exe
StartupFolder: c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - e:\program files (x86)\magicdisc\MagicDisc.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261877981737
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {72C20496-303E-48E8-AA2E-6A10BFD00898} = 202.136.43.240 202.136.43.241
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\max\appdata\roaming\mozilla\firefox\profiles\kigjxkb8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files (x86)\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll
FF - component: c:\users\max\appdata\roaming\mozilla\firefox\profiles\kigjxkb8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\users\max\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\max\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\max\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: e:\program files (x86)\videolan\vlc\npvlc.dll
============= SERVICES / DRIVERS ===============
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-5-13 89320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S2 DUMeterSvc;DU Meter Service;e:\program files (x86)\du meter\DUMeterSvc.exe [2009-12-28 1391136]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-2 135664]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [2010-3-22 113664]
S3 dvblinkcap;DVBLink Capture #1;c:\windows\system32\drivers\dvblinkcap.sys [2009-7-25 18608]
S3 dvblinkcap2;DVBLink Capture #2;c:\windows\system32\drivers\dvblinkcap2.sys [2009-7-25 18608]
S3 dvblinkcap3;DVBLink Capture #3;c:\windows\system32\drivers\dvblinkcap3.sys [2009-7-25 18608]
S3 dvblinkcap4;DVBLink Capture #4;c:\windows\system32\drivers\dvblinkcap4.sys [2009-7-25 18608]
S3 dvblinktun;DVBLink Tuner #1;c:\windows\system32\drivers\dvblinktun.sys [2009-7-25 20784]
S3 dvblinktun2;DVBLink Tuner #2;c:\windows\system32\drivers\dvblinktun2.sys [2009-7-25 20784]
S3 dvblinktun3;DVBLink Tuner #3;c:\windows\system32\drivers\dvblinktun3.sys [2009-7-25 20784]
S3 dvblinktun4;DVBLink Tuner #4;c:\windows\system32\drivers\dvblinktun4.sys [2009-7-25 20784]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-28 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-28 9096]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-8 216576]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys [2009-10-7 67992]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3C74.tmp [2010-6-29 6144]
S3 pbfilter;pbfilter;e:\program files\peerblock\pbfilter.sys [2010-1-28 19544]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 SteamWatch;SteamWatch;e:\program files (x86)\steamwatch\SteamWatch.exe [2010-5-15 18944]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [2009-12-27 86016]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-13 1038088]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-12-28 1153368]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
=============== Created Last 30 ================
2010-08-29 11:07:37 223 ----a-w- c:\windows\wininit.ini
2010-08-29 03:15:23 19456 ----a-w- c:\windows\syswow64\msippsth.dll
2010-08-29 03:15:15 5 ----a-w- C:\zrpt.xml
2010-08-29 03:14:51 30000 ----a-w- c:\windows\syswow64\iqg3np.dll
2010-08-28 11:18:09 0 d-----w- c:\users\max\appdata\roaming\Locktime
2010-08-28 11:16:05 0 d-----w- c:\programdata\Locktime
2010-08-28 11:15:51 0 d-----w- c:\program files\NetLimiter 2 Pro
2010-08-27 00:52:50 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-27 00:52:50 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-25 09:26:53 0 d-----w- C:\BraCa Soft
2010-08-25 01:37:29 1357966420 ----a-w- C:\She's_Out_of_My_League_(2010)_DVDRip_XviD-MAXSPEED-She's_Out_of_My_League_(2010)_DVDRip_XviD-MAXSPEED_www.torentz.3xforum.ro.avi
2010-08-25 00:50:45 1348903042 ----a-w- C:\The_Book_of_Eli_(2010)_DVDRip_XviD-MAXSPEED-The_Book_of_Eli_(2010)_DVDRip_XviD-MAXSPEED_www.torentz.3xforum.ro.avi
2010-08-25 00:16:34 1500947390 ----a-w- C:\The.Lives.of.Others[2006]720p.XviD.AC3.6Chn.Cody'sBRrip-The.Lives.of.Others[2006]720p.XviD.AC3.6Chn.Cody'sBRrip.avi
2010-08-20 01:57:00 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-20 01:57:00 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-20 01:57:00 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-20 01:57:00 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-20 01:57:00 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-20 01:57:00 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-20 01:57:00 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-20 01:57:00 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-20 01:57:00 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-20 01:57:00 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-20 01:45:39 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-20 01:45:31 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-20 01:45:31 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-20 01:44:54 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-14 08:14:10 32768 ----a-w- c:\windows\syswow64\LogLCD.dll
2010-08-14 08:14:10 140096 ----a-w- c:\windows\syswow64\COMDLG32.OCX
2010-08-14 08:14:10 109248 ----a-w- c:\windows\syswow64\MSWINSCK.OCX
2010-08-14 08:13:08 0 d-----w- c:\programdata\LogiShrd
2010-08-14 08:05:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-08-14 08:05:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-08-14 08:04:22 0 d-----w- c:\programdata\Logitech
2010-08-14 08:04:22 0 d-----w- c:\program files\Logitech
2010-08-13 03:40:42 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-13 03:40:42 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-08-13 03:36:05 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 03:36:05 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-13 03:35:48 144384 ----a-w- c:\windows\system32\cdd.dll
2010-08-13 03:35:45 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 03:35:45 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-13 03:35:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-08-13 03:35:38 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-08-13 03:35:38 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-08-13 03:35:38 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-08-13 03:35:06 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-08 21:51:48 0 d-----w- c:\programdata\TrackMania
2010-08-02 06:18:41 0 d-----w- C:\Downloads
==================== Find3M ====================
2010-08-29 13:07:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-15 09:26:57 214864 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-29 09:29:37 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-07-29 09:08:09 550815505 ----a-w- C:\BF2142_Update_1.50.exe
2010-07-29 05:20:20 286720 ------w- c:\windows\Setup1.exe
2010-07-29 05:20:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-07 07:33:38 49016 ----a-w- c:\windows\syswow64\sirenacm.dll
2010-06-07 07:21:08 258142 ----a-w- c:\windows\system32\nvcoproc.bin
2010-06-07 07:21:02 751720 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-06-07 07:21:02 624744 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2010-06-07 07:21:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 07:21:02 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
2010-06-07 07:21:02 276584 ----a-w- c:\windows\system32\nvhotkey.dll
2010-06-07 07:21:02 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 07:21:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 07:21:02 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 07:21:02 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-07 07:21:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-05-29 16:06:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-29 16:06:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-29 16:06:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-05-29 11:39:44 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-09 04:29:22 80 --sh--r- c:\windows\syswow64\12F6DBBE8F.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll
2010-02-10 16:00:45 16384 --sha-w- c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:54:38.83 ===============
Here's a copy of the Malwarebyte log incase you needed it :)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4447
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
8/29/2010 9:07:32 PM
mbam-log-2010-08-29 (21-07-32).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 424786
Time elapsed: 1 hour(s), 4 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 48
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a06e611-f839-4774-9ce3-f0b6e137e6cb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a4a2411-1201-4e7f-9d76-9481f502c180} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ae426e-2e31-4652-8f87-f1f0da651c80} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5575b89-c0ba-489c-b4c9-662923bae952} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2nvtu0 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Administrator\AppData\Local\Temp\ui15cr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\KBDFCp.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\1475891380.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\2692453063.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\3544732270.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\avp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\c7j9mwedzav9g.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\h14kj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\jugvg5xuf0s3lji4.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\mevxcqrwz8.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\nvsvc32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\por3ddo0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\xjoqojgw.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\xo4naxf.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\drweb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\win.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\mmduch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\mmx.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\ivhpw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\System32\lexq.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\System32\wmoj.dll (LSP.Hijacker) -> Delete on reboot.
C:\Windows\System32\xqjfkw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ivhpw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\lexq.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wmoj.dll (LSP.Hijacker) -> Delete on reboot.
C:\Windows\SysWOW64\xqjfkw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Max\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
I've managed to salvage my laptop safely to safe mode after I left it only to come back to it constantly restarting and when I logged in, it would load up the desktop, then anything I tried to run would create an error, and then shutdown again. I booted it in safe mode and ran spybot, and malwarebytes anti-malware, and removed quite a few nasty things (not sure where to find a log of the deleted files). There are still a few remaining issues though, where a normal boot up and login will yield an infinite loop of crashing explorer.exe's.
Attached is the DDS report running from safe mode. I can try it from a normal boot if needed.
Any help would be much appreciated :)
Max
DDS (Ver_10-03-17.01) - NTFSX64 NETWORK
Run by Max at 11:53:39.98 on Mon 08/30/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1363 [GMT 10:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Max\AppData\Local\Temp\Rar$EX00.099\shexview.exe
E:\Downloads\Firefox Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uRun: [DU Meter] e:\program files (x86)\du meter\DUMeter.exe
StartupFolder: c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - e:\program files (x86)\magicdisc\MagicDisc.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1261877981737
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {72C20496-303E-48E8-AA2E-6A10BFD00898} = 202.136.43.240 202.136.43.241
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\max\appdata\roaming\mozilla\firefox\profiles\kigjxkb8.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ig
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files (x86)\microsoft\search enhancement pack\default manager\dmextension\components\FFGlobalExtension.dll
FF - component: c:\users\max\appdata\roaming\mozilla\firefox\profiles\kigjxkb8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files (x86)\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\users\max\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\max\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\max\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: e:\program files (x86)\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: e:\program files (x86)\videolan\vlc\npvlc.dll
============= SERVICES / DRIVERS ===============
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-5-13 89320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S2 DUMeterSvc;DU Meter Service;e:\program files (x86)\du meter\DUMeterSvc.exe [2009-12-28 1391136]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-2 135664]
S2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [2010-3-22 113664]
S3 dvblinkcap;DVBLink Capture #1;c:\windows\system32\drivers\dvblinkcap.sys [2009-7-25 18608]
S3 dvblinkcap2;DVBLink Capture #2;c:\windows\system32\drivers\dvblinkcap2.sys [2009-7-25 18608]
S3 dvblinkcap3;DVBLink Capture #3;c:\windows\system32\drivers\dvblinkcap3.sys [2009-7-25 18608]
S3 dvblinkcap4;DVBLink Capture #4;c:\windows\system32\drivers\dvblinkcap4.sys [2009-7-25 18608]
S3 dvblinktun;DVBLink Tuner #1;c:\windows\system32\drivers\dvblinktun.sys [2009-7-25 20784]
S3 dvblinktun2;DVBLink Tuner #2;c:\windows\system32\drivers\dvblinktun2.sys [2009-7-25 20784]
S3 dvblinktun3;DVBLink Tuner #3;c:\windows\system32\drivers\dvblinktun3.sys [2009-7-25 20784]
S3 dvblinktun4;DVBLink Tuner #4;c:\windows\system32\drivers\dvblinktun4.sys [2009-7-25 20784]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-12-28 16776]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-12-28 9096]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-5-8 216576]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\drivers\lvsels64.sys [2009-10-7 67992]
S3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\3C74.tmp [2010-6-29 6144]
S3 pbfilter;pbfilter;e:\program files\peerblock\pbfilter.sys [2010-1-28 19544]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 SteamWatch;SteamWatch;e:\program files (x86)\steamwatch\SteamWatch.exe [2010-5-15 18944]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 17920]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AESTSr64.exe [2009-12-27 86016]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-13 1038088]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-12-28 1153368]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
=============== Created Last 30 ================
2010-08-29 11:07:37 223 ----a-w- c:\windows\wininit.ini
2010-08-29 03:15:23 19456 ----a-w- c:\windows\syswow64\msippsth.dll
2010-08-29 03:15:15 5 ----a-w- C:\zrpt.xml
2010-08-29 03:14:51 30000 ----a-w- c:\windows\syswow64\iqg3np.dll
2010-08-28 11:18:09 0 d-----w- c:\users\max\appdata\roaming\Locktime
2010-08-28 11:16:05 0 d-----w- c:\programdata\Locktime
2010-08-28 11:15:51 0 d-----w- c:\program files\NetLimiter 2 Pro
2010-08-27 00:52:50 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-27 00:52:50 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-25 09:26:53 0 d-----w- C:\BraCa Soft
2010-08-25 01:37:29 1357966420 ----a-w- C:\She's_Out_of_My_League_(2010)_DVDRip_XviD-MAXSPEED-She's_Out_of_My_League_(2010)_DVDRip_XviD-MAXSPEED_www.torentz.3xforum.ro.avi
2010-08-25 00:50:45 1348903042 ----a-w- C:\The_Book_of_Eli_(2010)_DVDRip_XviD-MAXSPEED-The_Book_of_Eli_(2010)_DVDRip_XviD-MAXSPEED_www.torentz.3xforum.ro.avi
2010-08-25 00:16:34 1500947390 ----a-w- C:\The.Lives.of.Others[2006]720p.XviD.AC3.6Chn.Cody'sBRrip-The.Lives.of.Others[2006]720p.XviD.AC3.6Chn.Cody'sBRrip.avi
2010-08-20 01:57:00 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-08-20 01:57:00 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-08-20 01:57:00 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-20 01:57:00 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-08-20 01:57:00 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-20 01:57:00 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-08-20 01:57:00 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-08-20 01:57:00 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-08-20 01:57:00 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-08-20 01:57:00 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-20 01:45:39 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-20 01:45:31 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-20 01:45:31 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-20 01:44:54 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-14 08:14:10 32768 ----a-w- c:\windows\syswow64\LogLCD.dll
2010-08-14 08:14:10 140096 ----a-w- c:\windows\syswow64\COMDLG32.OCX
2010-08-14 08:14:10 109248 ----a-w- c:\windows\syswow64\MSWINSCK.OCX
2010-08-14 08:13:08 0 d-----w- c:\programdata\LogiShrd
2010-08-14 08:05:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-08-14 08:05:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-08-14 08:04:22 0 d-----w- c:\programdata\Logitech
2010-08-14 08:04:22 0 d-----w- c:\program files\Logitech
2010-08-13 03:40:42 84992 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-13 03:40:42 67584 ----a-w- c:\windows\syswow64\asycfilt.dll
2010-08-13 03:36:05 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 03:36:05 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-13 03:35:48 144384 ----a-w- c:\windows\system32\cdd.dll
2010-08-13 03:35:45 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 03:35:45 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-13 03:35:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-08-13 03:35:38 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-08-13 03:35:38 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-08-13 03:35:38 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-08-13 03:35:06 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-08 21:51:48 0 d-----w- c:\programdata\TrackMania
2010-08-02 06:18:41 0 d-----w- C:\Downloads
==================== Find3M ====================
2010-08-29 13:07:18 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-15 09:26:57 214864 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-29 09:29:37 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe
2010-07-29 09:08:09 550815505 ----a-w- C:\BF2142_Update_1.50.exe
2010-07-29 05:20:20 286720 ------w- c:\windows\Setup1.exe
2010-07-29 05:20:19 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-07 07:33:38 49016 ----a-w- c:\windows\syswow64\sirenacm.dll
2010-06-07 07:21:08 258142 ----a-w- c:\windows\system32\nvcoproc.bin
2010-06-07 07:21:02 751720 ----a-w- c:\windows\system32\nv3dappshext.dll
2010-06-07 07:21:02 624744 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2010-06-07 07:21:02 61032 ----a-w- c:\windows\system32\nvshext.dll
2010-06-07 07:21:02 53864 ----a-w- c:\windows\system32\nv3dappshextr.dll
2010-06-07 07:21:02 276584 ----a-w- c:\windows\system32\nvhotkey.dll
2010-06-07 07:21:02 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 07:21:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 07:21:02 15282280 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 07:21:02 1448040 ----a-w- c:\windows\system32\nvsvc64.dll
2010-06-07 07:21:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-05-29 16:06:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-05-29 16:06:57 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-05-29 16:06:57 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-05-29 11:39:44 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-09 04:29:22 80 --sh--r- c:\windows\syswow64\12F6DBBE8F.dll
2006-05-03 10:06:54 163328 --sh--r- c:\windows\syswow64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\syswow64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\syswow64\nbDX.dll
2010-02-10 16:00:45 16384 --sha-w- c:\windows\syswow64\%appdata%\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:54:38.83 ===============
Here's a copy of the Malwarebyte log incase you needed it :)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4447
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
8/29/2010 9:07:32 PM
mbam-log-2010-08-29 (21-07-32).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 424786
Time elapsed: 1 hour(s), 4 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 48
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4a06e611-f839-4774-9ce3-f0b6e137e6cb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a4a2411-1201-4e7f-9d76-9481f502c180} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ae426e-2e31-4652-8f87-f1f0da651c80} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5575b89-c0ba-489c-b4c9-662923bae952} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\2nvtu0 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Administrator\AppData\Local\Temp\ui15cr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\KBDFCp.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\1475891380.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\2692453063.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\3544732270.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\avp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\c7j9mwedzav9g.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\h14kj.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\hexdump.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\iexplorer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\install.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\jugvg5xuf0s3lji4.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\mdm.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\mevxcqrwz8.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\nvsvc32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\por3ddo0.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\system.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\taskmgr.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\xjoqojgw.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Local\Temp\xo4naxf.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\cmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\drweb.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\login.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\smss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\spoolsv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\win.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\wininst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\mmduch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\mmx.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\ivhpw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\System32\lexq.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\System32\wmoj.dll (LSP.Hijacker) -> Delete on reboot.
C:\Windows\System32\xqjfkw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\ivhpw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\lexq.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\wmoj.dll (LSP.Hijacker) -> Delete on reboot.
C:\Windows\SysWOW64\xqjfkw.dll (LSP.Hijacker) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Max\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.