Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible virus

  • Please log in to reply
No replies to this topic

#1 Raprider


  • Members
  • 42 posts
  • Gender:Male
  • Location:NJ, USA, Earth
  • Local time:12:32 AM

Posted 17 November 2010 - 09:01 PM

Having some problems with my Dell laptop.
Currently running WinXP Pro version 5.1.2600 Service Pack 2 Build 2600.
At bootup, I get the following:
RUNDLL Error: Error loading C:\WINDOWS\iowiocs.dll. The specified module could not be found.

Some apps such as Word do not open, and having intermittent problems with Internet Explorer v8.0.

I ran Malwarebyte and the log is below.
Thanks in advance,

Malwarebytes' Anti-Malware 1.46

Database version: 5140

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11/17/2010 8:49:47 PM
mbam-log-2010-11-17 (20-49-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 235420
Time elapsed: 56 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{f52ba30c-a8f4-2c92-93b8-943915b333b4} (Trojan.ZbotR.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\blayne\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Files Infected:
C:\Documents and Settings\blayne\Local Settings\Temp\0.3953556060356106.exe (Trojan.Dropper.Gen) -> No action taken.
C:\Documents and Settings\blayne\Local Settings\Temp\0.5210514721609714.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Documents and Settings\blayne\Local Settings\Temp\pdfupd.exe (Trojan.Dropper.Gen) -> No action taken.
C:\WINDOWS\Temp\F.tmp (Trojan.Zbot) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\Documents and Settings\blayne\Application Data\Microsoft\stor.cfg (Malware.Trace) -> No action taken.
C:\Documents and Settings\blayne\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\blayne\Local Settings\Temp\0.9766990380986464.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\blayne\Local Settings\Temp\WINDOWS_SECURITY_CENTER.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\blayne\Application Data\Ypyg\ubfe.exe (Trojan.ZbotR.Gen) -> No action taken.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users