gh1959

Hijack Virus

7 posts in this topic

I use malwarebytes to delete this virus, but it keeps coming back. Please help!attach.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by JSHarmon at 11:19:21 on 2012-01-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1593 [GMT -7:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Novell\CASA\bin\micasad.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\msdtc.exe

c:\Program Files\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\WINDOWS\system32\iprntsrv.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\mnmsrvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe

C:\Program Files\PatchLink\Update Agent\GravitixService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe

C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Novell\ZENworks\Asset Management\bin\TSUsage32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\WINDOWS\system32\AccelerometerSt.Exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

c:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\PatchLink\Update Agent\pddm.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

C:\WINDOWS\system32\iprntctl.exe

C:\WINDOWS\system32\iprntlgn.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\JSHarmon\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Documents and Settings\JSHarmon\Local Settings\Application Data\Akamai\netsession_win.exe

C:\Program Files\WINZIP\WZQKPICK.EXE

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uStart Page = hxxp://cyfweb/index.html

uDefault_Page_URL = hxxp://www.msn.com

mDefault_Page_URL = hxxp://www.msn.com

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

mWinlogon: System=c:\program files\novell\zenworks\bin\preboot\ZISWIN.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\jsharmon\local settings\application data\akamai\netsession_win.exe"

uRun: [screenpresso] "c:\documents and settings\jsharmon\local settings\application data\learnpulse\screenpresso\Screenpresso.exe" -startup

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [<NO NAME>]

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe

mRun: [LogEnable] 1 (0x1)

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\symant~2\VPTray.exe

mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON

mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe

mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe

mRun: [statusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [ZenNotifyIcon] c:\program files\novell\zenworks\bin\ZenNotifyIcon.exe

mRun: [NalView] c:\program files\novell\zenworks\bin\nalview.exe

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-explorer: NoSMHelp = 1 (0x1)

uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)

uPolicies-explorer: NoSetTaskbar = 1 (0x1)

uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoThemesTab = 1 (0x1)

uPolicies-system: NoDispCPL = 1 (0x1)

uPolicies-system: NoDispBackgroundPage = 1 (0x1)

uPolicies-system: NoDispAppearancePage = 1 (0x1)

uPolicies-system: NoDispScrSavPage = 1 (0x1)

uPolicies-system: SetVisualStyle =

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: adeincorp.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxps://de202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab

DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://spssevents.webex.com/client/T26L/event/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxps://myportal.lovelace.com/portal/applets/mckntauth.ocx

TCP: DhcpNameServer = 172.30.215.30 172.31.115.40

TCP: Interfaces\{09974CCA-51EB-4E4B-8433-AB9D83D97D1C} : DhcpNameServer = 192.168.10.2 192.168.10.3

TCP: Interfaces\{DEA57107-EB21-4C63-8C27-80F464CA9829} : NameServer = 172.30.215.30,172.31.115.40

TCP: Interfaces\{DEA57107-EB21-4C63-8C27-80F464CA9829} : DhcpNameServer = 172.30.215.30 172.31.115.40

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LCredMgr - c:\program files\novell\casa\bin\lcredmgr.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

Notify: nzrNotifier - nzrNotifier.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: ZENworks Adaptive Agent: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\bin\NalShell.dll

LSA: Authentication Packages = msv1_0 nwv1_0

LSA: Notification Packages = scecli iPrntWinCredMan

Hosts: 72.13.7.43 cyfd_demo.adeincorp.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jsharmon\application data\mozilla\firefox\profiles\yxx7flfc.default\

FF - prefs.js: browser.startup.homepage - hxxp://cyfweb/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\npnipp.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-6-12 41344]

R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-12-19 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-12-19 54968]

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-3-24 202400]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]

R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-10-24 443752]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2011-12-30 53248]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-4 652872]

R2 Novell Identity Store;Novell Identity Store;c:\program files\novell\casa\bin\micasad.exe [2009-10-14 245760]

R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\novell\zenworks\bin\ZenworksWindowsService.exe [2010-6-30 28672]

R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\novell\zenworks\bin\nzrWinVNC.exe [2010-6-30 2383872]

R2 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2006-6-15 115952]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\novell\zenworks\asset management\bin\CClientSvc.exe [2010-1-28 49152]

R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2010-1-28 9176]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-21 193840]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-6-9 31896]

R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2008-10-24 20736]

R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2008-10-24 18816]

R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-6-17 20992]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-4 20464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-6 40776]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090720.006\naveng.sys [2009-7-21 87888]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090720.006\navex15.sys [2009-7-21 875728]

S1 MpKsl1c2499cb;MpKsl1c2499cb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642d8f-e081-4dc6-b627-7bbb508bfcf0}\mpksl1c2499cb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a642d8f-e081-4dc6-b627-7bbb508bfcf0}\MpKsl1c2499cb.sys [?]

S1 MpKsl423052c9;MpKsl423052c9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{831074d3-3597-4ef8-ae72-7f8107a1b07d}\mpksl423052c9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{831074d3-3597-4ef8-ae72-7f8107a1b07d}\MpKsl423052c9.sys [?]

S1 MpKsle95d4aa6;MpKsle95d4aa6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2721445-6584-43a0-b8ec-926c96947cd4}\mpksle95d4aa6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2721445-6584-43a0-b8ec-926c96947cd4}\MpKsle95d4aa6.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]

S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2010-4-30 188416]

.

=============== Created Last 30 ================

.

2012-01-06 16:14:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-30 15:38:10 53248 ----a-w- c:\windows\system32\iprntsrv.exe

2011-12-30 15:38:10 40960 ----a-w- c:\windows\system32\iprntWinCredMan.dll

.

==================== Find3M ====================

.

2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2009-10-15 01:37:42 114688 ----a-w- c:\program files\ad_ff.dll

.

============= FINISH: 11:21:27.35 ===============

dds.txt

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

Hello,

I've completed another scan on my computer, after I updated it. My computer seems to be running ok. But, I can't get on our network here at my office, and was wondering if this was the problem.

Here are the results:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.09.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

JSHarmon :: CYFDCNU9172D8J [administrator]

Protection: Enabled

01/09/2012 9:00:32 AM

mbam-log-2012-01-09 (09-00-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259905

Time elapsed: 15 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispCPL (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispBackgroundPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispAppearancePage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites
But, I can't get on our network here at my office, and was wondering if this was the problem.
Do you have an IT department or some who setup this pc?

Share this post


Link to post
Share on other sites

Yes we have an IT department, but I was wondering why I'm getting the same viruses over and over again. They're going to re-install my Novell client on my computer.

Share this post


Link to post
Share on other sites
Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispCPL (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispBackgroundPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispAppearancePage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

All those were set by Group Policies, that your IT department set.

They are not infections.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.