Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Worm/VB.8.AB & Trojan Horse Generic20.CGNE


  • This topic is locked This topic is locked
5 replies to this topic

#1 George852

George852

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 01 February 2011 - 08:54 AM

Hello


PC Specs:
AMD Athlon 64 processor 3200+ 1.99Ghz
704Mb of Ram
Windows XP Pro Service pack 3
AVG 2011 free



PC I have seems to have picked up an infection ever since 'a friend' put in a USB stick.
AVG ran scan and picked up virus Worm/VB.8.AB.

This was found but was inaccessible to remove.
When found ran scan and found this:
"";"C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WSXZI6I5\softupdate8_2260[2].exe";"Corrupted executable file";"Moved to Virus Vault"

now getting AVG Resident Shield alerts
Trojan Horse Generic20.CGNE along with others:

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Object is inaccessible.";"01/02/2011, 12:53:54";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Moved to Virus Vault";"01/02/2011, 12:20:27";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 10:41:29";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 09:51:47";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 08:26:36";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 07:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 06:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 05:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 04:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 03:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 02:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 01:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"01/02/2011, 00:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 23:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 22:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 21:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 20:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 19:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 18:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 17:26:35";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 17:21:03";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Object is inaccessible.";"31/01/2011, 14:32:42";"file";"C:\WINDOWS\system32\msiexec.exe"
Trojan horse Generic20.CGNE;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP74\A0015627.exe";"Infected";"31/01/2011, 14:27:30";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Moved to Virus Vault";"31/01/2011, 14:08:14";"file";"C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Infected";"31/01/2011, 13:50:25";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Infected";"31/01/2011, 13:49:53";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Infected";"31/01/2011, 13:43:00";"file";"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Trojan horse Generic20.CGNE;"c:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe";"Infected";"31/01/2011, 13:39:13";"file";"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
Found registry key that prevents file avgrsx.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:27";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgui.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:24";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgtray.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:24";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgcsrvx.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgnsx.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgwdsvc.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgdumpx.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgcmgr.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgscanx.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file avgsrmax.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Found registry key that prevents file fixcfg.exe from running;"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe\\Debugger";"Potentially dangerous object";"31/01/2011, 12:29:22";"registry key";"C:\Documents and Settings\All Users\Application Data\7c870f\SI7c8_2260.exe"
Virus identified Worm/VB.8.AB;"e:\jobsearch.exe";"Infected";"26/01/2011, 10:43:04";"file";"C:\WINDOWS\system32\rundll32.exe"
Trojan horse FakeAV.FXX;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP47\A0012249.exe";"Moved to Virus Vault";"01/12/2010, 12:51:46";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse FakeAV.FXX;"c:\System Volume Information\_restore{08750AB4-DECC-4F60-9768-8A8A98623014}\RP47\A0012244.exe";"Moved to Virus Vault";"30/11/2010, 15:58:11";"file";"C:\WINDOWS\system32\svchost.exe"


DDS.txt log

DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 11:53:27.10 on 01/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.702.134 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Smart Internet Protection 2011 *Enabled/Updated* {7A1AF9BD-1C30-48EF-8149-F12E11A2CA80}
FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\M7WNPSN2\Defogger[1].exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4TVCYJ28\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-1 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-30 517448]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2011-02-01 11:08:54 -------- d-----w- c:\program files\CCleaner
2011-02-01 09:40:47 -------- d-----w- c:\docume~1\user\locals~1\applic~1\PCHealth
2011-01-31 14:25:30 -------- d-----w- c:\windows\system32\XPSViewer
2011-01-31 14:24:20 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-01-31 14:23:27 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-01-31 14:23:27 117760 ------w- c:\windows\system32\prntvpt.dll
2011-01-31 14:23:26 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-01-31 14:23:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-01-31 14:23:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-01-31 14:23:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-01-31 14:23:23 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-01-31 14:23:23 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-01-31 14:23:23 -------- d-----w- C:\9583644a2ce3242cab798694a082
2011-01-31 14:07:25 -------- d-----w- c:\docume~1\user\applic~1\Windows Desktop Search
2011-01-31 14:05:38 -------- d-----w- c:\program files\Windows Desktop Search
2011-01-31 14:05:36 -------- d-----w- c:\windows\system32\GroupPolicy
2011-01-31 14:05:09 -------- d-----w- c:\program files\VS Revo Group
2011-01-31 14:03:09 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-01-31 14:03:09 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-01-31 14:03:07 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-01-31 14:01:39 -------- d-----w- c:\program files\Windows Media Connect 2
2011-01-31 13:57:26 -------- d-----w- c:\windows\system32\LogFiles
2011-01-31 13:54:53 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-31 13:41:27 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-01-31 13:41:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 13:41:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 13:37:23 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2011-01-31 13:33:42 -------- d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2011-01-31 13:33:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-01-31 13:32:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 12:30:25 0 ----a-w- c:\documents and settings\user\TempWmicBatchFile.bat
2011-01-31 11:56:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SIOWICGGOCP
2011-01-31 11:55:36 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\7c870f
2011-01-25 13:01:02 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-01-25 13:01:02 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-01-25 13:01:02 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-01-25 13:01:02 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-01-25 13:01:02 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-01-25 13:01:02 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-01-25 13:01:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-01-25 13:01:01 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-01-25 13:00:53 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-01-25 13:00:53 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-01-25 13:00:51 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-01-25 13:00:51 6144 ----a-w- c:\windows\system32\kbd106.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 11:54:14.60 ===============
Attached File  Attach - george852.txt   10.98KB   2 downloads
Any help please will be appreciated.
I work evenings so wont be able to reply then.

Regards
George

BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 05 February 2011 - 07:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 George852

George852
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 05 February 2011 - 11:57 AM

will do when back home (Monday) :thumbup2:

#4 George852

George852
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 10 February 2011 - 08:58 AM

PC displays constant BSOD with different error messages each time it is booted up.
Tried removing hard drive and other hardware physically and replace with the other (known) working parts - same result.
Please close as the PC is going to be scrapped, thanks for the offer of help though. :thumbup2:

Edited by George852, 10 February 2011 - 08:59 AM.


#5 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 AM

Posted 10 February 2011 - 09:03 AM

I understand totally. A new one will be nice.

Thanks for getting back to me. :thumbup2:

DR

BTW, did you try swapping or reseating the RAM?

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:51 AM

Posted 10 February 2011 - 01:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users