Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help please - Worm w32.VBNA.b


  • Please log in to reply
17 replies to this topic

#1 ellrigg

ellrigg

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 07 January 2014 - 08:24 PM

Hey there, I recently accidently downloaded a file I shouldn't have and now I'm paying the price, I've been infected with "Worm w32.VBNA.b" which keeps popping up from Norton anti-virus, but on Norton it says it's high risk but no further action taken?

I've even just got the notorious blue screen of death for the first time in years (also playing on a fairly new computer)

I've took to Norton community forums and someone kindly referred me here, I've tried using a Malwarebytes program but that hasn't worked, neither has super anti-spyware professional (And also Norton obviously)

So I'm seeking help, please. As all I want to do is get back to gaming but I'm a bit scared to in case of blue screen etc..

Any help is much appreciated, thanks a lot.


Also, I'm using windows 7 64-bit operating system



 


Edited by ellrigg, 07 January 2014 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 08 January 2014 - 11:16 AM

Welcome elrigg

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2
Link 3Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator
  • .
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
  • -- If you cannot run this tool in normal mode, then try using it in "safe mode".


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 08 January 2014 - 05:23 PM

Hi, im at work on nights at the minute, will do what youve said in the morning and post results!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 08 January 2014 - 09:03 PM

No problem. Real Life Comes First.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 10:20 AM

Result from mini toolbox:

MiniToolBox by Farbar  Version: 18-12-2013
Ran by UKGC (administrator) on 09-01-2014 at 15:15:25
Running from "C:\Users\UKGC\Documents"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : UKGC-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : AC-22-0B-C6-14-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7cb5:ef34:b7c:3ab0%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.83(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 09 January 2014 15:11:09
   Lease Expires . . . . . . . . . . : 10 January 2014 15:11:08
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 246161931
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-E9-9D-53-AC-22-0B-C6-14-04
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:302e:1fd7:a97e:99f4(Preferred)
   Link-local IPv6 Address . . . . . : fe80::302e:1fd7:a97e:99f4%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  BThomehub.home
Address:  192.168.1.254

Name:    google.com
Addresses:  2a00:1450:4009:805::1002
   173.194.34.163
   173.194.34.162
   173.194.34.161
   173.194.34.169
   173.194.34.164
   173.194.34.167
   173.194.34.168
   173.194.34.160
   173.194.34.174
   173.194.34.165
   173.194.34.166

Pinging google.com [173.194.34.161] with 32 bytes of data:
Reply from 173.194.34.161: bytes=32 time=25ms TTL=52
Reply from 173.194.34.161: bytes=32 time=24ms TTL=52

Ping statistics for 173.194.34.161:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server:  BThomehub.home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=207ms TTL=44
Reply from 98.138.253.109: bytes=32 time=195ms TTL=44

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 195ms, Maximum = 207ms, Average = 201ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 6ms, Average = 3ms
===========================================================================
Interface List
 11...ac 22 0b c6 14 04 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.83     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.83    276
     192.168.1.83  255.255.255.255         On-link      192.168.1.83    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.83    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.83    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.83    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:5ef5:79fb:302e:1fd7:a97e:99f4/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::302e:1fd7:a97e:99f4/128
                                    On-link
 11    276 fe80::7cb5:ef34:b7c:3ab0/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/09/2014 03:12:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 10:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 09:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 08:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 07:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 06:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 05:05:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 04:04:11 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 03:04:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi

Error: (01/08/2014 02:05:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/08/2014 00:08:39 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (01/08/2014 00:07:34 AM) (Source: BugCheck) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa800a84fb30, 0xfffffa800a84fe10, 0xfffff800031c47b0)C:\Windows\MEMORY.DMP010814-37627-01

Error: (01/08/2014 00:07:29 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 00:05:28 on ?08/?01/?2014 was unexpected.

Error: (01/07/2014 11:53:27 PM) (Source: DCOM) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (01/06/2014 08:35:19 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Error: (01/06/2014 06:23:44 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Error: (01/06/2014 05:23:36 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Error: (01/06/2014 05:11:04 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Error: (01/06/2014 04:40:25 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Error: (01/04/2014 00:28:28 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer SHANNON-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{BC40D4AF-FF65-42DB-8AC8-1F85A196EB98}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (01/09/2014 03:12:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 10:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 09:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 08:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 07:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 06:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 05:05:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2014 04:04:11 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 03:04:00 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.3\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/08/2014 02:05:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.16.2.0)
Battlefield 4™ (Version: 1.0.0.1)
Battlelog Web Plugins (Version: 2.3.2)
BitTorrent (Version: 7.8.2.30332)
Curse Client (Version: 5.1.1.792)
Easy Auto Clicker (Version: V2.0)
EpicBot
EpicBotOS
ESN Sonar (Version: 0.70.4)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.23.0)
Intel® Management Engine Components (Version: 9.0.0.1323)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 2.5.0.19)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Norton Internet Security (Version: 21.1.0.18)
Norton PC Checkup (Version: 2.0.18.16)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3182)
NVIDIA Update 10.11.15 (Version: 10.11.15)
NVIDIA Update Core (Version: 10.11.15)
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19)
Origin (Version: 9.3.11.2762)
PunkBuster Services (Version: 0.993)
Realtek Ethernet Controller Driver (Version: 7.67.1226.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6782)
SharpKeys (Version: 3.5.0000)
SHIELD Streaming (Version: 1.6.85)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.7.1016)
SwiftKit
System Requirements Lab CYRI (Version: 6.0.8.0)
The Sims 2
Thunder Master v1.9 (Version: 1.9.5.0)
TornTV (Version: 2.1 Build 26473)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 8128.24 MB
Available physical RAM: 5448.27 MB
Total Pagefile: 16254.66 MB
Available Pagefile: 13092.1 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.62 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:363.27 GB) NTFS
2 Drive d: (Sims2_1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\UKGC-PC

Administrator            Guest                    UKGC                    

**** End of log ****



#6 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 10:47 AM

Kaspersky virus removal tool has just finished and there were no threats detected, I just checked the report and there was nothing highlighted with the red exclamation point.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 09 January 2014 - 11:15 AM

Did your last SUPERAntiSpyware run clean also..

we can run ESET too to be sure its gone.

ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 09 January 2014 - 11:16 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 11:33 AM

Yeah my SUPERAntiSpyware was also clean, Once again I'm heading to work on nights so I'll try that again when I'm back, thanks for your patience!



#9 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 11:35 AM

In fact I may be able to try this in half an hour or so, just after I've got ready. If I can I'll post results



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 09 January 2014 - 11:52 AM

Ok, if you can...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 12:24 PM

I'm running the eset online scanner now, it's found 1 threat so far but I start work at 6pm gmt (in half an hour) so I've got to set off now, I'll come out around 12am on my cigarette break and list the threats etc here then :)



#12 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 09 January 2014 - 07:14 PM

ESETscan result



C:\Users\All Users\SwiftKit\ChromeCache\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\background.js Win32/BrowseFox.B application 
C:\Users\All Users\SwiftKit\ChromeCache\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\content.js Win32/BrowseFox.B application 
C:\Program Files (x86)\EpicBot\epicbot.jar multiple threats cleaned by deleting - quarantined
C:\Program Files (x86)\TornTV.com\torntvIE.exe multiple threats cleaned by deleting - quarantined
C:\Program Files (x86)\TornTV.com\trtextsetup.exe multiple threats cleaned by deleting - quarantined
C:\ProgramData\SwiftKit\ChromeCache\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\background.js Win32/BrowseFox.B application cleaned by deleting - quarantined
C:\ProgramData\SwiftKit\ChromeCache\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\content.js Win32/BrowseFox.B application cleaned by deleting - quarantined
C:\Users\UKGC\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll Win32/Toolbar.Linkury.D application cleaned by deleting - quarantined
C:\Users\UKGC\AppData\Local\Temp\tbWhit.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Users\UKGC\AppData\Local\Temp\9836A4C6-BAB0-7891-A2E0-8408DDB39646\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\UKGC\AppData\Local\Temp\is1275519350\559591_stp\whilokii_is.exe Win32/BrowseFox.C application cleaned by deleting - quarantined
C:\Users\UKGC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4ccdb94-627a6447 a variant of Java/TrojanDownloader.Agent.NHA trojan cleaned by deleting - quarantined
C:\Users\UKGC\AppData\Roaming\EpicBot\Cache\update.jar multiple threats cleaned by deleting - quarantined
C:\Users\UKGC\Downloads\IE10_setup.exe Win32/InstallCore.DP application cleaned by deleting - quarantined
C:\Users\UKGC\wfspb\54158.vbs VBS/Runner.NBS trojan cleaned by deleting - quarantined
Operating memory Win32/Ainslot.AB worm 
 



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 09 January 2014 - 09:03 PM

Good we killed another worm
This worm can make changes to your PC's security settings and contact a remote host for further instructions.
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. I f you used one it needs to be cleaned.


To force a scan of a removable drive:

1.
Open Windows Explorer (Windows 7 and earlier).

2.
Rick-click or tap and hold on the removable drive.

3.
Click Scan or Scan with <Your security software's name>.


To always scan removable drives when you do a full scan:

1.
Open your Microsoft security software.

2.
Go to the Settings tab.

3.
In the Advanced section, select the Scan removable drives check box.

4.
Click or tap Save changes. Whenever you do a full scan, all removable drives will also be scanned.
 
Due to the abilities of the worms,we should check for rootkits and others.
 
 
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 ellrigg

ellrigg
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 10 January 2014 - 11:31 AM

I never used a flash-disk or usb etc so I didn't scan anything like that, here's the result from the aswMBR scan:
 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-10 16:20:30
-----------------------------
16:20:30.266    OS Version: Windows x64 6.1.7601 Service Pack 1
16:20:30.266    Number of processors: 4 586 0x3C03
16:20:30.266    ComputerName: UKGC-PC  UserName: UKGC
16:20:31.514    Initialize success
16:22:11.184    AVAST engine defs: 14010701
16:22:16.708    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
16:22:16.708    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
16:22:16.817    Disk 0 MBR read successfully
16:22:16.817    Disk 0 MBR scan
16:22:16.833    Disk 0 Windows 7 default MBR code
16:22:16.833    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:22:16.833    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
16:22:16.849    Disk 0 scanning C:\Windows\system32\drivers
16:22:24.357    Service scanning
16:22:27.497    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys **LOCKED** 5
16:22:30.783    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSvia64.sys **LOCKED** 5
16:22:33.222    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\ENG64.SYS **LOCKED** 5
16:22:33.315    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\EX64.SYS **LOCKED** 5
16:22:41.889    Modules scanning
16:22:41.889    Disk 0 trace - called modules:
16:22:41.905    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:22:41.905    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077c2060]
16:22:41.905    3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007518680]
16:22:42.388    AVAST engine scan C:\Windows
16:22:43.875    AVAST engine scan C:\Windows\system32
16:24:38.963    AVAST engine scan C:\Windows\system32\drivers
16:24:51.301    AVAST engine scan C:\Users\UKGC
16:29:01.251    AVAST engine scan C:\ProgramData
16:29:54.413    Scan finished successfully
16:30:34.454    Disk 0 MBR has been saved successfully to "C:\Users\UKGC\Desktop\MBR.dat"
16:30:34.454    The log file has been saved successfully to "C:\Users\UKGC\Desktop\aswMBR.txt"

 


 



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:46 PM

Posted 10 January 2014 - 11:40 AM

Ok, you look good to go !!

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

Edited by boopme, 10 January 2014 - 11:41 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users