Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PWS:Win32/Zbot.gen!Y and Blue Screen


  • This topic is locked This topic is locked
4 replies to this topic

#1 IAJHK

IAJHK

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 October 2012 - 11:11 AM

Hello all,

My computer has been very slow. Microsoft outlook crashes frequently. I have seen PWS:Win32/Zbot.gen!Y pop up in m virus software a few times, but not regularly. A few times a da, my computer goes blue with a "Kernel Data Inpage Error." I am also unable to run GMER for some reason. EAch time I do, my computer crashes with a blue screen. Sorry, no GMER log.

Thanks in advance for your kind help!

DDS:

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by 15306 at 23:09:00 on 2012-10-26
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.1843 [GMT 8:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ================
.
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CxAudMsg32.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Forefront TMG Client\FwcAgent.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\ITS\Onelog\Client\ClientSessionService.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\SAsrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\WINDOWS\system32\Dwm.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Access Connections\ACWLIcon.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\ITS\Onelog\Client\LoginApplication.exe
C:\Program Files\RightFax\Client\FAXCTRL.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\\Misc\Bginfo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Forefront TMG Client\FwcMgmt.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOClientu.exe
C:\Program Files\Equitrac\Professional\Client\EQToolTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\EMC IRM\Common\autoofflineprocess.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\15306\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k regsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.hk/ig?hl=en&source=iglk
uSearch Bar = Preserve
uProxyServer = proxyhk..net:8080
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: ForceToolbarDisplay.ToolbarDisplay: {9FF546E8-F396-4700-997B-C8D83D14EEB3} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Onelog: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [{637170D9-8247-7D57-8525-C1436A8C3327}] c:\users\15306\appdata\roaming\vaam\ogucnu.exe
uRun: [Cisco Unified Personal Communicator] "c:\program files\cisco systems\unified personal communicator\CUPC.exe"
uRun: [Google Update] "c:\users\15306\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Application Restart #4] c:\users\15306\appdata\local\google\chrome\application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- http://www.keepeek.com/Digital-Asset-Management/oecd/governance/the-criminalisation-of-bribery-in-asia-and-the-pacific_9789264097445-en
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [ACWLIcon] c:\program files\lenovo\access connections\ACWLIcon.exe
mRun: [ACTray] c:\program files\lenovo\access connections\ACTray.exe
mRun: [IME14 CHT Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [IME14 CHS Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /CHS /Log
mRun: [OnelogNotifier] c:\program files\its\onelog\client\LoginApplication.exe
mRun: [RightFAX Print-to-Fax Driver] c:\program files\rightfax\client\faxctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BGInfo] "c:\program files\\misc\bginfo.exe" "c:\program files\\misc\GDCInfo.bgi" /NOLICPROMPT /taskbar
mRun: [ForteConfig] c:\program files\conexant\forteconfig\fmapp.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Boingo Wi-Finder] "c:\program files\boingo\boingo wi-finder\Boingo.lnk"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized
dRun: [Cisco Unified Personal Communicator] "c:\program files\cisco systems\unified personal communicator\CUPC.exe"
StartupFolder: c:\users\15306\appdata\roaming\micros~1\windows\startm~1\programs\startup\irmoff~1.lnk - c:\program files\emc irm\common\autoofflineprocess.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forefr~1.lnk - c:\program files\forefront tmg client\FwcMgmt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\backup exec\dlo\DLOClientu.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\userse~1.lnk - c:\windows\installer\{bb16757d-e1e8-4346-958c-645f5dd9e9f3}\NewShortcut1_E6C1EE72EC1341AFB8C240E83A3EA291.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: disablecad = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\program files\forefront tmg client\FwcWsp.dll
Trusted Zone: adiclient.com
Trusted Zone: alsrc01
Trusted Zone: alsrc01dev
Trusted Zone: bna.com
Trusted Zone: bna.com
Trusted Zone: cch.com
Trusted Zone: cch.com
Trusted Zone: ceb.com
Trusted Zone: ceb.com
Trusted Zone: compensationstandards.com
Trusted Zone: compensationstandards.com
Trusted Zone: competitionpolicyinternational.com
Trusted Zone: competitionpolicyinternational.com
Trusted Zone: complianceweek.com
Trusted Zone: complianceweek.com
Trusted Zone: cq.com
Trusted Zone: cq.com
Trusted Zone: deallawyers.com
Trusted Zone: deallawyers.com
Trusted Zone: eedaily.com
Trusted Zone: eedaily.com
Trusted Zone: eenews.net
Trusted Zone: eenews.net
Trusted Zone: firstam.com
Trusted Zone: firstam.com
Trusted Zone:
Trusted Zone: gettingthedealthrough.com
Trusted Zone: gettingthedealthrough.com
Trusted Zone: globalarbitrationreview.com
Trusted Zone: globalarbitrationreview.com
Trusted Zone: globalcompetitionreview.com
Trusted Zone: globalcompetitionreview.com
Trusted Zone: greenwire.com
Trusted Zone: greenwire.com
Trusted Zone: heinonline.org
Trusted Zone: heinonline.org
Trusted Zone: ignites.com
Trusted Zone: ignites.com
Trusted Zone: knowledgemosaic.com
Trusted Zone: knowledgemosaic.com
Trusted Zone: lacba.org
Trusted Zone: lacba.org
Trusted Zone: lasrc01
Trusted Zone: lasrc01dev
Trusted Zone: law360.com
Trusted Zone: law360.com
Trusted Zone: lawjournalpress.com
Trusted Zone: lawjournalpress.com
Trusted Zone: lexis-nexis.com
Trusted Zone: lexis-nexis.com
Trusted Zone: lexis.com
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: lexisone.com
Trusted Zone: lexisone.com
Trusted Zone: livedgar.com
Trusted Zone: livedgar.com
Trusted Zone: mainjustice.com
Trusted Zone: mainjustice.com
Trusted Zone: martindale.com
Trusted Zone: martindale.com
Trusted Zone: mealeysonline.com
Trusted Zone: mealeysonline.com
Trusted Zone: money-media.com
Trusted Zone: money-media.com
Trusted Zone: nexis.com
Trusted Zone: nexis.com
Trusted Zone: practicallaw.com
Trusted Zone: practicallaw.com
Trusted Zone: pwcomperio.com
Trusted Zone: pwcomperio.com
Trusted Zone: reed-elsevier.com
Trusted Zone: reed-elsevier.com
Trusted Zone: riag.com
Trusted Zone: riag.com
Trusted Zone: rmmlf-library.org
Trusted Zone: rmmlf-library.org
Trusted Zone: taxadmin.org
Trusted Zone: taxadmin.org
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: adiclient.com
Trusted Zone: adiclient.com
Trusted Zone: alsrc01
Trusted Zone: alsrc01dev
Trusted Zone: bna.com
Trusted Zone: bna.com
Trusted Zone: cch.com
Trusted Zone: cch.com
Trusted Zone: ceb.com
Trusted Zone: ceb.com
Trusted Zone: compensationstandards.com
Trusted Zone: compensationstandards.com
Trusted Zone: competitionpolicyinternational.com
Trusted Zone: competitionpolicyinternational.com
Trusted Zone: complianceweek.com
Trusted Zone: complianceweek.com
Trusted Zone: cq.com
Trusted Zone: cq.com
Trusted Zone: deallawyers.com
Trusted Zone: deallawyers.com
Trusted Zone: eedaily.com
Trusted Zone: eedaily.com
Trusted Zone: eenews.net
Trusted Zone: eenews.net
Trusted Zone: firstam.com
Trusted Zone: firstam.com
Trusted Zone:
Trusted Zone: gettingthedealthrough.com
Trusted Zone: gettingthedealthrough.com
Trusted Zone: globalarbitrationreview.com
Trusted Zone: globalarbitrationreview.com
Trusted Zone: globalcompetitionreview.com
Trusted Zone: globalcompetitionreview.com
Trusted Zone: greenwire.com
Trusted Zone: greenwire.com
Trusted Zone: heinonline.org
Trusted Zone: heinonline.org
Trusted Zone: ignites.com
Trusted Zone: ignites.com
Trusted Zone: knowledgemosaic.com
Trusted Zone: knowledgemosaic.com
Trusted Zone: lacba.org
Trusted Zone: lacba.org
Trusted Zone: lasrc01
Trusted Zone: lasrc01dev
Trusted Zone: law360.com
Trusted Zone: law360.com
Trusted Zone: lawjournalpress.com
Trusted Zone: lawjournalpress.com
Trusted Zone: lexis-nexis.com
Trusted Zone: lexis-nexis.com
Trusted Zone: lexis.com
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: lexisone.com
Trusted Zone: lexisone.com
Trusted Zone: livedgar.com
Trusted Zone: livedgar.com
Trusted Zone: mainjustice.com
Trusted Zone: mainjustice.com
Trusted Zone: martindale.com
Trusted Zone: martindale.com
Trusted Zone: mealeysonline.com
Trusted Zone: mealeysonline.com
Trusted Zone: money-media.com
Trusted Zone: money-media.com
Trusted Zone: nexis.com
Trusted Zone: nexis.com
Trusted Zone: practicallaw.com
Trusted Zone: practicallaw.com
Trusted Zone: pwcomperio.com
Trusted Zone: pwcomperio.com
Trusted Zone: reed-elsevier.com
Trusted Zone: reed-elsevier.com
Trusted Zone: riag.com
Trusted Zone: riag.com
Trusted Zone: rmmlf-library.org
Trusted Zone: rmmlf-library.org
Trusted Zone: taxadmin.org
Trusted Zone: taxadmin.org
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {18350088-453C-4407-87ED-361E70FD3285} - hxxps://hkereview.ey.com/Relativity/ActiveX/webclientmanager.cab
DPF: {3F777025-3835-4117-B9FA-5E5230669310} - hxxp://www.encorediscovery.com/FYI/dataflight_fyi.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.8.1
TCP: Interfaces\{19D94497-567D-46CC-96BF-694A5C293B09} : DHCPNameServer = 10.168.80.5 10.144.80.5
TCP: Interfaces\{212757A6-19B4-41D7-8CAE-806CE83C240C} : DHCPNameServer = 192.168.8.1
TCP: Interfaces\{212757A6-19B4-41D7-8CAE-806CE83C240C}\F46666963656 : DHCPNameServer = 10.168.80.5 10.144.80.5
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina
mASetup: >>Workshare Professional - c:\program files\workshare\modules\WmConfigAssistant.exe /userinit
mASetup: >>Workshare Protect Client - c:\program files\workshare\modules\Workshare.Protect.UserInit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-4-14 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-14 20592]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-4-14 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2012-2-6 190592]
R2 DLOChangeJournalSvc;Symantec Backup Exec Desktop Agent Change Journal Reader;c:\program files\symantec\backup exec\dlo\DLOChangeLogSvcu.exe [2010-7-2 472440]
R2 EQSharedEngine;EQ Shared Engine;c:\program files\equitrac\professional\client\EQSharedEngine.exe [2010-10-22 2491752]
R2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-10-20 59760]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-4-14 109728]
R2 ITS Onelog Client;ITS Onelog Client;c:\program files\its\onelog\client\ClientSessionService.exe [2010-6-25 155648]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-4-14 45496]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-4-14 93032]
R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [2012-2-6 24216]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-7-19 76288]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2012-2-6 446592]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-4-14 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-4-14 64440]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-7-19 2656280]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2012-6-7 478712]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-7-19 132096]
R3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2012-6-7 87976]
R3 acwebsecagent;Cisco AnyConnect Web Security Agent;c:\program files\cisco\cisco anyconnect secure mobility client\acwebsecagent.exe [2012-6-7 856056]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2011-4-14 38608]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-4-14 292200]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-4-14 262824]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-7-19 269824]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-7-19 41088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-22 7434240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-4-14 223960]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-17 40776]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-4-14 79208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-4-14 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-4-14 38912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-1 1343400]
.
=============== File Associations ===============
.
ShellExec: SolidConverterSDKExe.exe: open="c:\program files\workshare\pdfconverter\scpdf\"
.
=============== Created Last 30 ================
.
2012-10-26 11:26:30 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ee1ffbb-0455-4e10-916a-44bbbb88d745}\mpengine.dll
2012-10-17 01:56:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-17 01:56:46 -------- d-----w- c:\users\15306\appdata\roaming\Malwarebytes
2012-10-17 01:56:22 -------- d-----w- c:\programdata\Malwarebytes
2012-09-28 02:12:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 02:12:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-10-10 16:29:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 16:29:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 23:11:07.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 26 October 2012 - 12:55 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 IAJHK

IAJHK
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 30 October 2012 - 01:52 AM

Thank you very much for your willingness to help. I received some assistance from a friend and my computer seems to be working. Thanks again for your kind service.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 30 October 2012 - 05:14 PM

ok, thanks for letting me know, if you find you still need assistance in a few days, then send me a PM and we can re-open the topic

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:54 AM

Posted 30 October 2012 - 05:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users