Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic28.BWII


  • Please log in to reply
15 replies to this topic

#1 lsj0302

lsj0302

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 04 July 2012 - 12:33 PM

My friend is running a PC with Windows Vista Home Premium Version 6.0. The toolbar at the bottom is flashing and in the AVG Virus Vault shows two infections of Trojan horse Generic28.BWII.

Any help you can provide would be greatly appreciated. I think she does not have adequate protection on her system which is why this happened but I am not certain.

Thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 04 July 2012 - 12:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 04 July 2012 - 02:40 PM

Here is what it shows:

14:06:07.0564 5064 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:06:07.0832 5064 ============================================================
14:06:07.0832 5064 Current date / time: 2012/07/04 14:06:07.0832
14:06:07.0832 5064 SystemInfo:
14:06:07.0832 5064
14:06:07.0832 5064 OS Version: 6.0.6002 ServicePack: 2.0
14:06:07.0832 5064 Product type: Workstation
14:06:07.0832 5064 ComputerName: WILLIE-PC
14:06:07.0832 5064 UserName: Willie
14:06:07.0832 5064 Windows directory: C:\Windows
14:06:07.0832 5064 System windows directory: C:\Windows
14:06:07.0832 5064 Running under WOW64
14:06:07.0832 5064 Processor architecture: Intel x64
14:06:07.0832 5064 Number of processors: 2
14:06:07.0832 5064 Page size: 0x1000
14:06:07.0832 5064 Boot type: Normal boot
14:06:07.0832 5064 ============================================================
14:06:09.0274 5064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:09.0282 5064 ============================================================
14:06:09.0282 5064 \Device\Harddisk0\DR0:
14:06:09.0282 5064 MBR partitions:
14:06:09.0282 5064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23CCF800
14:06:09.0282 5064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23CD0000, BlocksNum 0x175D000
14:06:09.0282 5064 ============================================================
14:06:09.0305 5064 C: <-> \Device\Harddisk0\DR0\Partition0
14:06:09.0359 5064 D: <-> \Device\Harddisk0\DR0\Partition1
14:06:09.0359 5064 ============================================================
14:06:09.0359 5064 Initialize success
14:06:09.0359 5064 ============================================================
14:06:45.0877 0848 ============================================================
14:06:45.0877 0848 Scan started
14:06:45.0877 0848 Mode: Manual; TDLFS;
14:06:45.0877 0848 ============================================================
14:06:46.0646 0848 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:06:46.0649 0848 Accelerometer - ok
14:06:46.0701 0848 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:06:46.0706 0848 ACPI - ok
14:06:46.0773 0848 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:06:46.0781 0848 adp94xx - ok
14:06:46.0826 0848 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:06:46.0832 0848 adpahci - ok
14:06:46.0859 0848 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:06:46.0863 0848 adpu160m - ok
14:06:46.0903 0848 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:06:46.0913 0848 adpu320 - ok
14:06:46.0951 0848 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
14:06:46.0952 0848 AeLookupSvc - ok
14:06:47.0077 0848 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
14:06:47.0082 0848 AESTFilters - ok
14:06:47.0174 0848 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:06:47.0184 0848 AFD - ok
14:06:47.0249 0848 AgereModemAudio (734088cb57aea704ca716c1c6bc5e0e6) C:\Program Files\LSI SoftModem\agr64svc.exe
14:06:47.0252 0848 AgereModemAudio - ok
14:06:47.0357 0848 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
14:06:47.0385 0848 AgereSoftModem - ok
14:06:47.0428 0848 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:06:47.0431 0848 agp440 - ok
14:06:47.0469 0848 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:06:47.0472 0848 aic78xx - ok
14:06:47.0500 0848 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
14:06:47.0504 0848 ALG - ok
14:06:47.0530 0848 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
14:06:47.0532 0848 aliide - ok


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 14:09:46
-----------------------------
14:09:46.600 OS Version: Windows x64 6.0.6002 Service Pack 2
14:09:46.600 Number of processors: 2 586 0x170A
14:09:46.601 ComputerName: WILLIE-PC UserName: Willie
14:09:49.023 Initialize success
14:10:02.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:10:02.656 Disk 0 Vendor: TOSHIBA_MK3255GSX FG011C Size: 305245MB BusType: 3
14:10:02.696 Disk 0 MBR read successfully
14:10:02.700 Disk 0 MBR scan
14:10:02.703 Disk 0 unknown MBR code
14:10:02.712 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293279 MB offset 2048
14:10:02.738 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11962 MB offset 600637440
14:10:02.772 Disk 0 scanning C:\Windows\system32\drivers
14:10:11.381 Service scanning
14:10:35.430 Modules scanning
14:10:35.439 Disk 0 trace - called modules:
14:10:35.486 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:10:35.492 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005089790]
14:10:35.497 3 CLASSPNP.SYS[fffffa6000a57c33] -> nt!IofCallDriver -> [0xfffffa8005084660]
14:10:35.504 5 hpdskflt.sys[fffffa6001bf3189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c68060]
14:10:35.511 Scan finished successfully
14:10:52.885 Disk 0 MBR has been saved successfully to "C:\Users\Willie\Desktop\MBR.dat"
14:10:52.892 The log file has been saved successfully to "C:\Users\Willie\Desktop\aswMBR.txt"


Eset did not find any threats.

I assume that the fact that my bottom toolbox is flashing constantly is a result of the other problem?

Thank you.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 04 July 2012 - 03:29 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 04 July 2012 - 05:16 PM

There were no malicious items detected.

Here is what came through with the minitoolbox. I had to mail this to myself from her computer because for some reason I could not reply on hers to you.

Thank you.



MiniToolBox by Farbar Version: 25-06-2012
Ran by Willie (administrator) on 04-07-2012 at 18:09:08
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11b/g WLAN = Wireless Network Connection (Connected)
Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Willie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-21-00-F3-91-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::60fd:20d5:296b:7a1b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 04, 2012 1:16:26 PM
Lease Expires . . . . . . . . . . : Thursday, July 05, 2012 1:16:26 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889472
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-D1-2A-C3-00-21-00-F3-91-4E
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-23-5A-AB-D0-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2B229B33-BDD6-4553-BE75-89AC57B401DA}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0E3EDABA-EBF6-4C99-A89F-0A267EBA761A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c15:cf2:3f57:fef1(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c15:cf2:3f57:fef1%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:802::1005
74.125.228.96
74.125.228.97
74.125.228.98
74.125.228.99
74.125.228.100
74.125.228.101
74.125.228.102
74.125.228.103
74.125.228.104
74.125.228.105
74.125.228.110



Pinging google.com [74.125.228.39] with 32 bytes of data:

Reply from 74.125.228.39: bytes=32 time=33ms TTL=52

Reply from 74.125.228.39: bytes=32 time=31ms TTL=52



Ping statistics for 74.125.228.39:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 33ms, Average = 32ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=68ms TTL=50

Reply from 209.191.122.70: bytes=32 time=68ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 68ms, Average = 68ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 00 f3 91 4e ...... Broadcom 802.11b/g WLAN
10 ...00 23 5a ab d0 69 ...... Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.{2B229B33-BDD6-4553-BE75-89AC57B401DA}
13 ...00 00 00 00 00 00 00 e0 isatap.{0E3EDABA-EBF6-4C99-A89F-0A267EBA761A}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.14 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.14 281
192.168.1.14 255.255.255.255 On-link 192.168.1.14 281
192.168.1.255 255.255.255.255 On-link 192.168.1.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.14 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:4137:9e76:1c15:cf2:3f57:fef1/128
On-link
11 281 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::1c15:cf2:3f57:fef1/128
On-link
11 281 fe80::60fd:20d5:296b:7a1b/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/04/2012 04:58:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:58:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:58:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:58:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:57:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:57:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 04:57:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2012 02:11:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (07/04/2012 02:11:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (07/04/2012 01:17:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/04/2012 01:21:03 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal.

Error: (07/04/2012 01:21:03 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal.

Error: (07/04/2012 01:21:03 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal.

Error: (07/04/2012 01:21:03 PM) (Source: PlugPlayManager) (User: )
Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal.

Error: (07/04/2012 01:18:41 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (07/04/2012 10:54:24 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (07/04/2012 10:40:48 AM) (Source: Service Control Manager) (User: )
Description: AvgLdx64
AvgMfx64
spldr
Wanarpv6

Error: (07/04/2012 10:40:48 AM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (07/04/2012 10:40:01 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/04/2012 10:39:48 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv64.dll21


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 2.2.0)
Agere Systems HDA Modem
Alps Touch Pad Driver
Broadcom 802.11 Wireless LAN Adapter (Version: 5.10.79.5)
ENE CIR Receiver Driver (12/30/2008 2.7.2.0) (Version: 12/30/2008 2.7.2.0)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP MediaSmart SmartMenu (Version: 2.1.10)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 10.0 (Version: 10.0)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
Shop for HP Supplies (Version: 10.0)

========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 3998.02 MB
Available physical RAM: 1556.3 MB
Total Pagefile: 8209.31 MB
Available Pagefile: 5534.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.62 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:286.41 GB) (Free:205.23 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.9 GB) NTFS

========================= Users: ========================================

User accounts for \\WILLIE-PC

Administrator Guest Willie


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 04 July 2012 - 06:14 PM

The toolbar at the bottom is flashing and in the AVG Virus Vault shows two infections of Trojan horse Generic28.BWII.

Can you check what is the escat location it points to?

#7 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 04 July 2012 - 06:28 PM

It says the infection is in C:\Users\Willie\Downloads\setup.exe
and C:\Users|Willie|Downloads|setup(1).exe

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 04 July 2012 - 07:23 PM

C:\Users\Willie\Downloads\setup.exe
and C:\Users|Willie|Downloads|setup(1).exe


Manually delete both the files

#9 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 05 July 2012 - 05:59 AM

Even when I show Hidden files and folders I cannot find them to delete.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 05 July 2012 - 06:07 AM

AVG has quarantined them.Clean them from Virus vault.Let me know if you have any current issues

#11 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 05 July 2012 - 06:12 AM

Sorry to say but the task bar at the bottom of the screen is still constantly fluttering.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 05 July 2012 - 06:15 AM

when did this issue start?

#13 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 05 July 2012 - 09:09 AM

According to my friend, she turned on her laptop about three weeks ago. There was a message that a Trojan had been detected and she ran the recommended scan. She wasn't sure what else to do at that point. The flickering started then.

Thank you.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:45 AM

Posted 05 July 2012 - 01:28 PM

Can you uninstall AVG and see if flickering stops or Can you try a system restore to point before the issue start?

#15 lsj0302

lsj0302
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 06 July 2012 - 11:11 AM

I did these things and the problem continues. Brought it to someone at my office today and we both think it is the screen which is the problem, not the software. So thank you for your assistance and patience .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users