gh1959 Posted January 6, 2012 ID:514210 Share Posted January 6, 2012 I use malwarebytes to delete this virus, but it keeps coming back. Please help!attach.txt.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by JSHarmon at 11:19:21 on 2012-01-06Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1593 [GMT -7:00].AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Client Firewall *Enabled* .============== Running Processes ===============.C:\Program Files\Novell\CASA\bin\micasad.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\Program Files\DisplayLink Core Software\DisplayLinkService.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k eapsvcsC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k dot3svcC:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\msdtc.exec:\Program Files\ActivIdentity\ActivClient\accoca.exeC:\WINDOWS\system32\agrsmsvc.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\WINDOWS\system32\iprntsrv.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\mnmsrvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exeC:\Program Files\PatchLink\Update Agent\GravitixService.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exeC:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\WINDOWS\System32\alg.exec:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\DisplayLink Core Software\DisplayLinkManager.exeC:\WINDOWS\Explorer.EXEC:\Program Files\DisplayLink Core Software\DisplayLinkUI.exeC:\WINDOWS\system32\AccelerometerSt.ExeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\ActivIdentity\ActivClient\accrdsub.exec:\Program Files\ActivIdentity\ActivClient\acevents.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\dpmw32.exeC:\WINDOWS\system32\NWTRAY.EXEC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Program Files\PatchLink\Update Agent\pddm.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\WINDOWS\system32\iprntctl.exeC:\WINDOWS\system32\iprntlgn.exeC:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exeC:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Ask.com\Updater\Updater.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\JSHarmon\Local Settings\Application Data\Akamai\netsession_win.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Documents and Settings\JSHarmon\Local Settings\Application Data\Akamai\netsession_win.exeC:\Program Files\WINZIP\WZQKPICK.EXEC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\TechSmith\Snagit 10\TSCHelp.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\WINDOWS\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, optimized for Bing and MSNuStart Page = hxxp://cyfweb/index.htmluDefault_Page_URL = hxxp://www.msn.commDefault_Page_URL = hxxp://www.msn.commStart Page = hxxp://www.msn.comuInternet Settings,ProxyOverride = <local>uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dllmWinlogon: System=c:\program files\novell\zenworks\bin\preboot\ZISWIN.exeBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Akamai NetSession Interface] "c:\documents and settings\jsharmon\local settings\application data\akamai\netsession_win.exe"uRun: [screenpresso] "c:\documents and settings\jsharmon\local settings\application data\learnpulse\screenpresso\Screenpresso.exe" -startupmRun: [MsmqIntCert] regsvr32 /s mqrt.dllmRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.ExemRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /StartmRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exemRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNCmRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNCmRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMENamemRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /traymRun: [NDPS] c:\windows\system32\dpmw32.exemRun: [NWTRAY] NWTRAY.EXEmRun: [PDDM] c:\program files\patchlink\update agent\pddm.exemRun: [LogEnable] 1 (0x1)mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exemRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICONmRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exemRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exemRun: [statusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /automRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exemRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [ZenNotifyIcon] c:\program files\novell\zenworks\bin\ZenNotifyIcon.exemRun: [NalView] c:\program files\novell\zenworks\bin\nalview.exemRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonmRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tdRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXEuPolicies-explorer: NoSMHelp = 1 (0x1)uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)uPolicies-explorer: NoSetTaskbar = 1 (0x1)uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)uPolicies-explorer: NoThemesTab = 1 (0x1)uPolicies-system: NoDispCPL = 1 (0x1)uPolicies-system: NoDispBackgroundPage = 1 (0x1)uPolicies-system: NoDispAppearancePage = 1 (0x1)uPolicies-system: NoDispScrSavPage = 1 (0x1)uPolicies-system: SetVisualStyle = mPolicies-system: CompatibleRUPSecurity = 1 (0x1)IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLTrusted Zone: adeincorp.comDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://de202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cabDPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://spssevents.webex.com/client/T26L/event/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxps://myportal.lovelace.com/portal/applets/mckntauth.ocxTCP: DhcpNameServer = 172.30.215.30 172.31.115.40TCP: Interfaces\{09974CCA-51EB-4E4B-8433-AB9D83D97D1C} : DhcpNameServer = 192.168.10.2 192.168.10.3TCP: Interfaces\{DEA57107-EB21-4C63-8C27-80F464CA9829} : NameServer = 172.30.215.30,172.31.115.40TCP: Interfaces\{DEA57107-EB21-4C63-8C27-80F464CA9829} : DhcpNameServer = 172.30.215.30 172.31.115.40Notify: ackpbsc - c:\windows\system32\ackpbsc.dllNotify: acunlock - c:\program files\actividentity\activclient\acunlock.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: LCredMgr - c:\program files\novell\casa\bin\lcredmgr.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllNotify: nzrNotifier - nzrNotifier.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: ZENworks Adaptive Agent: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\bin\NalShell.dllLSA: Authentication Packages = msv1_0 nwv1_0LSA: Notification Packages = scecli iPrntWinCredManHosts: 72.13.7.43 cyfd_demo.adeincorp.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\jsharmon\application data\mozilla\firefox\profiles\yxx7flfc.default\FF - prefs.js: browser.startup.homepage - hxxp://cyfweb/FF - prefs.js: network.proxy.type - 0FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\windows\system32\npnipp.dllFF - plugin: c:\windows\system32\npptools.dll.============= SERVICES / DRIVERS ===============.R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-6-12 41344]R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-12-19 337592]R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-12-19 54968]R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-3-24 202400]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-10-24 443752]R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]R2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2011-12-30 53248]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-4 652872]R2 Novell Identity Store;Novell Identity Store;c:\program files\novell\casa\bin\micasad.exe [2009-10-14 245760]R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\novell\zenworks\bin\ZenworksWindowsService.exe [2010-6-30 28672]R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\novell\zenworks\bin\nzrWinVNC.exe [2010-6-30 2383872]R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-6-15 115952]R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2010-1-28 49152]R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2010-1-28 9176]R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-21 193840]R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-6-9 31896]R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2008-10-24 20736]R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2008-10-24 18816]R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-6-17 20992]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-4 20464]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-6 40776]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090720.006\naveng.sys [2009-7-21 87888]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090720.006\navex15.sys [2009-7-21 875728]S1 MpKsl1c2499cb;MpKsl1c2499cb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642d8f-e081-4dc6-b627-7bbb508bfcf0}\mpksl1c2499cb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642d8f-e081-4dc6-b627-7bbb508bfcf0}\MpKsl1c2499cb.sys [?]S1 MpKsl423052c9;MpKsl423052c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{831074d3-3597-4ef8-ae72-7f8107a1b07d}\mpksl423052c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{831074d3-3597-4ef8-ae72-7f8107a1b07d}\MpKsl423052c9.sys [?]S1 MpKsle95d4aa6;MpKsle95d4aa6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2721445-6584-43a0-b8ec-926c96947cd4}\mpksle95d4aa6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2721445-6584-43a0-b8ec-926c96947cd4}\MpKsle95d4aa6.sys [?]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2010-4-30 188416].=============== Created Last 30 ================.2012-01-06 16:14:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-12-30 15:38:10 53248 ----a-w- c:\windows\system32\iprntsrv.exe2011-12-30 15:38:10 40960 ----a-w- c:\windows\system32\iprntWinCredMan.dll.==================== Find3M ====================.2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2009-10-15 01:37:42 114688 ----a-w- c:\program files\ad_ff.dll.============= FINISH: 11:21:27.35 ===============dds.txt Link to post Share on other sites More sharing options...
LDTate Posted January 9, 2012 ID:515281 Share Posted January 9, 2012 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Please run a new MBAM scan being sure to update before scanning.Post the scan resultsAlso please describe how your computer behaves at the moment.Please don't attach the scans / logs, use "copy/paste". Link to post Share on other sites More sharing options...
gh1959 Posted January 9, 2012 Author ID:515339 Share Posted January 9, 2012 Hello,I've completed another scan on my computer, after I updated it. My computer seems to be running ok. But, I can't get on our network here at my office, and was wondering if this was the problem.Here are the results:Malwarebytes Anti-Malware (Trial) 1.60.0.1800www.malwarebytes.orgDatabase version: v2012.01.09.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702JSHarmon :: CYFDCNU9172D8J [administrator]Protection: Enabled01/09/2012 9:00:32 AMmbam-log-2012-01-09 (09-00-32).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 259905Time elapsed: 15 minute(s), 55 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.Registry Data Items Detected: 7HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispCPL (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispBackgroundPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispAppearancePage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Please run a new MBAM scan being sure to update before scanning.Post the scan resultsAlso please describe how your computer behaves at the moment.Please don't attach the scans / logs, use "copy/paste". Link to post Share on other sites More sharing options...
LDTate Posted January 9, 2012 ID:515353 Share Posted January 9, 2012 But, I can't get on our network here at my office, and was wondering if this was the problem.Do you have an IT department or some who setup this pc? Link to post Share on other sites More sharing options...
gh1959 Posted January 9, 2012 Author ID:515381 Share Posted January 9, 2012 Yes we have an IT department, but I was wondering why I'm getting the same viruses over and over again. They're going to re-install my Novell client on my computer. Link to post Share on other sites More sharing options...
LDTate Posted January 9, 2012 ID:515383 Share Posted January 9, 2012 Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.Registry Data Items Detected: 7HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispCPL (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispBackgroundPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispAppearancePage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.All those were set by Group Policies, that your IT department set.They are not infections. Link to post Share on other sites More sharing options...
LDTate Posted January 14, 2012 ID:516833 Share Posted January 14, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts