Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: win32.delf.uc keeps coming back

  1. #1
    Junior Member
    Join Date
    Dec 2011
    Posts
    18

    Default win32.delf.uc keeps coming back

    Over the past 3 days I've done far too much to recount with various programs. Bottom line is none of the other programs I've used make this detection but Spybot consistantly shows:

    --- Search result list ---
    Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe

    Win32.Delf.uc: [SBI $14B30E85] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
    /--- Search result list ---

    As requested, DDS follows in hope of help to resolve this.
    TIA
    -Bob

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Run by Bob at 13:06:09 on 2011-12-03
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.263 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    svchost.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Macrium\Reflect\ReflectService.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Volumouse\volumouse.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    D:\keyexp\KEYEXP.EXE
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    E:\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
    C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = cookiecop:8100
    uInternet Settings,ProxyOverride = 192.168;<local>
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
    BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
    uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
    uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [CookieCop] c:\progra~1\pcmaga~1\cookie~1\COOKIE~1.EXE
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
    mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\bob\startm~1\programs\startup\keyexp~1.lnk - d:\keyexp\KEYEXP.EXE
    StartupFolder: c:\documents and settings\bob\start menu\programs\startup\Today.pif
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kirbya~1.lnk - c:\program files\kirby alarm\kirbyalarm.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    IE: Convert link target to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: gamehouse.com\www
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: macys.com\www
    Trusted Zone: mycheckfree.com
    Trusted Zone: onlinesearches.com\publicrecords
    Trusted Zone: pointspot.com\www
    Trusted Zone: thdathomeservices.com\webmail
    Trusted Zone: turbotax.com
    DPF: Microsoft XML Parser for Java
    DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
    DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105290237593
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147109959609
    DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : NameServer = 208.67.220.220,208.67.222.222
    TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : DhcpNameServer = 192.168.0.1
    Notify: igfxcui - igfxsrvc.dll
    Notify: klartew - c:\documents and settings\networkservice\local settings\application data\klartew.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.ftp - cookiecop
    FF - prefs.js: network.proxy.ftp_port - 8100
    FF - prefs.js: network.proxy.gopher - cookiecop
    FF - prefs.js: network.proxy.gopher_port - 8100
    FF - prefs.js: network.proxy.http - cookiecop
    FF - prefs.js: network.proxy.http_port - 8100
    FF - prefs.js: network.proxy.socks - cookiecop
    FF - prefs.js: network.proxy.socks_port - 8100
    FF - prefs.js: network.proxy.ssl - cookiecop
    FF - prefs.js: network.proxy.ssl_port - 8100
    FF - prefs.js: network.proxy.type - 1
    FF - component: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: e:\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
    FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-11-15 28552]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-12-2 565552]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
    R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
    S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
    S1 MpKsl05b8ec11;MpKsl05b8ec11;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\mpksl05b8ec11.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\MpKsl05b8ec11.sys [?]
    S1 MpKsl2c04e557;MpKsl2c04e557;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\mpksl2c04e557.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\MpKsl2c04e557.sys [?]
    S1 MpKsl30221af3;MpKsl30221af3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksl30221af3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsl30221af3.sys [?]
    S1 MpKsl3bbc9cb7;MpKsl3bbc9cb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\mpksl3bbc9cb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\MpKsl3bbc9cb7.sys [?]
    S1 MpKsl50c6aa21;MpKsl50c6aa21;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\mpksl50c6aa21.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\MpKsl50c6aa21.sys [?]
    S1 MpKsl63115aff;MpKsl63115aff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\mpksl63115aff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\MpKsl63115aff.sys [?]
    S1 MpKsl6992bf7e;MpKsl6992bf7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\mpksl6992bf7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\MpKsl6992bf7e.sys [?]
    S1 MpKsl6f4364a6;MpKsl6f4364a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\mpksl6f4364a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\MpKsl6f4364a6.sys [?]
    S1 MpKsl91e50612;MpKsl91e50612;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\mpksl91e50612.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\MpKsl91e50612.sys [?]
    S1 MpKsl957cbe81;MpKsl957cbe81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\mpksl957cbe81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\MpKsl957cbe81.sys [?]
    S1 MpKsla44f2d84;MpKsla44f2d84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksla44f2d84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsla44f2d84.sys [?]
    S1 MpKslb1eef83e;MpKslb1eef83e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\mpkslb1eef83e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\MpKslb1eef83e.sys [?]
    S1 MpKslbb72fb26;MpKslbb72fb26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\mpkslbb72fb26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\MpKslbb72fb26.sys [?]
    S1 MpKslc6a20e02;MpKslc6a20e02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\mpkslc6a20e02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\MpKslc6a20e02.sys [?]
    S1 MpKslc86a0644;MpKslc86a0644;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\mpkslc86a0644.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\MpKslc86a0644.sys [?]
    S1 MpKslcfc4f3af;MpKslcfc4f3af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\mpkslcfc4f3af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\MpKslcfc4f3af.sys [?]
    S1 MpKsldfa7710c;MpKsldfa7710c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\mpksldfa7710c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\MpKsldfa7710c.sys [?]
    S1 MpKslf156ae64;MpKslf156ae64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\mpkslf156ae64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\MpKslf156ae64.sys [?]
    S1 MpKslf9cc0160;MpKslf9cc0160;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\mpkslf9cc0160.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\MpKslf9cc0160.sys [?]
    S1 MpKslfd8e6181;MpKslfd8e6181;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\mpkslfd8e6181.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\MpKslfd8e6181.sys [?]
    S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys --> c:\windows\system32\drivers\pxrts.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S2 KirbyAlarmPro;Kirby Alarm Pro;c:\program files\kirby alarm pro\kirbyalarmpro.exe [2009-2-3 3579904]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
    S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-9-28 44512]
    S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-9-28 12256]
    S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
    S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-2-3 37632]
    .
    =============== File Associations ===============
    .
    txtfile="c:\program files\jgsoft\editpadlite\EditPad.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2011-12-02 23:32:30 97961 -c--a-w- c:\windows\system32\drivers\klick.dat
    2011-12-02 23:32:30 115369 -c--a-w- c:\windows\system32\drivers\klin.dat
    2011-12-02 23:29:57 -------- dc----w- c:\program files\Kaspersky Lab
    2011-12-02 23:29:56 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2011-12-01 19:29:31 -------- dc----w- C:\SDFix
    2011-12-01 16:37:25 -------- dc----w- c:\documents and settings\bob\local settings\application data\fxnetlib
    2011-11-30 23:07:51 23624 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-11-30 23:06:29 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
    2011-11-30 17:10:41 71880 -c--a-w- c:\windows\system32\PxSecure.dll-19202703
    2011-11-15 22:34:40 28552 -c--a-w- c:\windows\system32\drivers\pavboot.sys
    .
    ==================== Find3M ====================
    .
    2011-12-01 00:08:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-11-15 22:22:09 100 -c--a-w- c:\windows\system32\prsgrc.dll
    2011-11-15 13:17:59 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 13:07:44.75 ===============

  2. #2
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Hello and welcome to the forum.

    My nickname is vict0r and I will help you with the malware issues on your computer.

    Please read the following information carefully.

    IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

    To make cleaning this machine easier:

    • Continue to respond to this thread until I I tell you that the logs are clean!
    • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
    • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
    • Please follow all instructions in the order posted.
    • If you have any questions or do not understand instructions, please ask before continuing.
    • Please reply to this thread. Do not start a new topic.
    • Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


    Please post the Attach.txt generated by DDS (copy and paste it into your reply, do not attach it). If necessary re-run DDS to get the log.

  3. #3
    Junior Member
    Join Date
    Dec 2011
    Posts
    18

    Default

    Thank you vict0r.
    FYI, the system I am having an issue with is no longer connected to the network pending resolution.

    It appears I did not save the file so I ran dds again with the following results:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/9/2005 11:36:14 AM
    System Uptime: 12/5/2011 7:21:29 AM (8 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0C2425
    Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 10 GiB total, 0.951 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 0.39 GiB free.
    E: is FIXED (NTFS) - 16 GiB total, 0.147 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Acronis Drive Monitor
    ACT! 2000
    Adobe Acrobat 7.0 Professional
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Creative Suite 2
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe GoLive CS2
    Adobe Help Center 1.0
    Adobe Illustrator CS2
    Adobe InDesign CS2
    Adobe Photoshop CS2
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe SVG Viewer 3.0
    Adobe Version Cue CS2
    AI RoboForm (All Users)
    AOL Instant Messenger
    AOL Instant Messenger (SM)
    ASAP Utilities
    AutoScan5.4
    Avery® Wizard 2.1 for Microsoft® Office Word 2003
    BitPim 1.0.4
    BlueSoleil
    BookSmart® 2.9.1 2.9.1
    Broadcom 440x 10/100 Integrated Controller
    CCleaner
    CDBurnerXP
    cGPSmapper Shareware 0087
    CmdHere Powertoy For Windows XP
    Compatibility Pack for the 2007 Office system
    Complete Cleanup Trial
    CookieCop® 2
    Dell ResourceCD
    dfg BackUp XP 2005
    dfg BackUp XP 2005 (C:\Program Files\DFG\BackUp3\)
    DriveImage XML
    EASEUS Data Recovery Wizard Free Edition 5.5.1
    EasyCleaner
    ERUNT 1.1j
    Eudora
    Excel VBA Code Cleaner 4.4
    Excel VBA Code Documentor 4.0
    FileNote (Remove Only)
    Free CD to MP3 Converter
    Garmin City Navigator North America 2008
    Garmin City Navigator North America 2009
    Garmin Communicator Plugin
    Garmin MapSource
    Garmin USB Drivers
    Garmin WebUpdater
    GmapTool 0.6.0
    Google Earth
    Google Gmail Notifier
    Google Update Helper
    Google Updater
    GTK+ Runtime 2.14.7 rev a (remove only)
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    hp officejet g series
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics Driver
    IrfanView (remove only)
    Jalbum
    Java Auto Updater
    Java(TM) 6 Update 20
    Just Great Software EditPad Lite 6.6.3
    jv16 PowerTools 2005
    Kaspersky Anti-Virus 2012
    Kirby Alarm Pro v4.45
    Kirby Alarm v2.11
    Lernout & Hauspie TruVoice American English TTS Engine
    LiveReg (Symantec Corporation)
    Macrium Reflect - Free Edition
    Macromedia Dreamweaver MX 2004
    Macromedia Extension Manager
    Macromedia Fireworks MX 2004
    Macromedia FreeHand MXa
    MapSource
    MapSource - City Select North America v7
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft IntelliType Pro 5.2
    Microsoft Office Basic Edition 2003
    Microsoft Office File Validation Add-In
    Microsoft PowerPoint 97
    Microsoft Tool Web Package : GETMAC.EXE
    Microsoft Visual C++ 2005 Redistributable
    MozBackup 1.4.7
    Mozilla Firefox (3.6.23)
    MSXML 6 Service Pack 2 (KB973686)
    MySoftware Fonts
    Nero Suite
    Netflix Movie Viewer
    Norton PartitionMagic
    Norton PartitionMagic 8.0
    Norton WMI Update
    NTREGOPT 1.1j
    OSM map
    Panda ActiveScan 2.0
    PandoraRecovery (Remove Only)
    PC Authorize
    Pidgin
    POP Peeper
    Postage $aver
    PVR Plus
    QuickBooks Pro 99
    QuickTime Alternative 3.2.2
    Real Alternative 1.42
    SafeCast Shared Components
    Seagate*DiscWizard
    Secunia PSI
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Smart Defrag 1.0
    Smart Indenter v3.5 for Office 2000-2003
    Snapshot Viewer
    SoundMAX
    Spybot - Search & Destroy
    Startup Cop 1.1
    Stuff Organizer
    Suite Specific
    SyncBack
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wnjiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wnjiper
    TurboTax 2009 wnyiper
    TurboTax 2009 wrapper
    TurboTax 2010 wneiper
    TurboTax 2010 wnjiper
    TurboTax 2010 wnyiper
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    USB Modem Driver
    Volumouse
    WebFldrs XP
    WexTech AnswerWorks
    Windows Defender Signatures
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Vista Upgrade Advisor
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    WinDriver6.22 USB Driver
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    Xteq Systems X-Setup 6.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/2/2011 9:29:45 AM, error: Microsoft Antimalware [2001] -
    12/1/2011 5:03:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde pxrts pxscan
    12/1/2011 5:01:03 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
    12/1/2011 4:15:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pxrts pxscan
    12/1/2011 4:15:17 PM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
    12/1/2011 2:51:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter NetworkX OMCI pavboot pxrts pxscan
    12/1/2011 2:35:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT NetworkX OMCI pavboot pxrts pxscan RasAcd Rdbss Tcpip Tcpip6
    12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    12/1/2011 2:34:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/1/2011 2:26:02 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%6" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
    11/30/2011 7:10:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    11/30/2011 6:52:57 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    11/30/2011 6:08:03 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    11/30/2011 3:02:44 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
    11/30/2011 3:02:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    11/30/2011 3:02:33 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

  4. #4
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Hello, spybob.

    Unfortunately, we do not work on company computers. Please refer to this post:

    http://forums.spybot.info/showpost.p...12&postcount=5

  5. #5
    Junior Member
    Join Date
    Dec 2011
    Posts
    18

    Default

    I would appear I have given you a false impression. This is not a company computer, it is a home network for myself and my wife. I took the offending computer off the network so it will not infect my wife's and so I don't risk identity theft when doing banking etc.

    Respectfully submitted

    Bob

  6. #6
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Hi,

    Please explain why you have these business related programs installed on this computer:
    • ACT! 2000
    • AutoScan5.4
    • Avery® Wizard 2.1 for Microsoft® Office Word 2003
    • MetaFrame Presentation Server Web Client for Win32
    • PC Authorize
    • Postage $aver
    • WexTech AnswerWorks



    Using the same method and computer you already have transfered files to and from the infected computer:

    MGADiag

    • Please download this tool from Microsoft. Save it to your desktop.
    • Double click on MGADiag.exeto run it.
    • Click Continue.
    • The program will run. It takes a while to finish the diagnosis, please be patient.
    • Once done, click on Copy.
    • Open Notepad and paste the contents in the window.
    • Save this file and copy/paste it in your next reply.



    CKScanner

    Please download CKScanner ... Save it to your desktop.
    This program should only be run once!
    Make sure that CKScanner.exe is on the your desktop before running the application!

    1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
    2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
      A text file will be created on your desktop named "ckfiles.txt"
    3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
    4. Please copy/paste the contents of ckfiles.txt in your next reply.

  7. #7
    Junior Member
    Join Date
    Dec 2011
    Posts
    18

    Default

    I can appreciate the questions now that I understand why you thought it was a business.

    ACT! 2000 11 year old contact database program. I used to sell merchant services.

    AutoScan5.4 To download data from my CPAP so I can monitor my sleep apnea. It is not a current application if you check it's about 4 or 5 years old and won't work with newer CPAP machines.

    Avery® Wizard 2.1 for Microsoft® Office Word 2003 - no idea. My wife probably loaded it at some point.

    MetaFrame Presentation Server Web Client for Win32 - dont know what it is or used for.

    PC Authorize - I used to sell merchant services and this demo allowed me to become familiar with the product.

    Postage $aver - installed when I investigated using this for a fund raising mailing list for our volunteer rescue squad. It is not a valid program since it was never purchased or registered with the vendor.

    WexTech AnswerWorks - don't know what this is associated with but think I installed it when trying to get a mapping program to work with my garmin.

    I'm more than willing to wipe out all but the autoscan 5.4 since I don't use any of the others. I'm sure if you saw the dates on the data for these you would see they are not current. Is there anything else I can provide to assure you it is not a business computer?

    -Bob

  8. #8
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    Quote Originally Posted by spybob View Post
    Is there anything else I can provide to assure you it is not a business computer?
    Please post the logs from MGADiag and CKScanner as described in my previous post.

  9. #9
    Junior Member
    Join Date
    Dec 2011
    Posts
    18

    Default

    I'm sorry vict0r, I didn't finish reading before I responded.

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
    Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
    Windows Product ID: 55277-OEM-2111907-00102
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010300.2.0.hom
    ID: {5F5C1FF9-F108-4C2E-98A0-4A2CDE359056}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Basic Edition 2003 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-8009_E2AD56EA-766-2ee7_E2AD56EA-148-80004005_16E0B333-89-80004005_B4D0AA8B-1029-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{5F5C1FF9-F108-4C2E-98A0-4A2CDE359056}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>55277-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-117609710-602609370-839522115</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2400 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20031202000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>F4CC344F01842062</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91130409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Basic Edition 2003</Name><Ver>11</Ver><Val>A0D98D99A01070E</Val><Hash>ZzKuB55t4Pi9K0gH55XtBhji+8c=</Hash><Pid>73102-OEM-5690357-78318</Pid><PidType>6</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1B285:Dell Inc|1B285:Microsoft Corporation
    Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

    OEM Activation 2.0 Data-->
    N/A




    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.OOAPUN
    ----- EOF -----

  10. #10
    Malware Team-Emeritus
    Join Date
    May 2010
    Posts
    212

    Default

    C: is FIXED (NTFS) - 10 GiB total, 0.951 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 0.39 GiB free.
    E: is FIXED (NTFS) - 16 GiB total, 0.147 GiB free.
    No restore point in system.
    You need to free up some space. Please uninstall these programs:
    • ACT! 2000
    • Avery® Wizard 2.1 for Microsoft® Office Word 2003
    • MetaFrame Presentation Server Web Client for Win32
    • PC Authorize
    • Postage $aver
    • WexTech AnswerWorks


    Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. Please uninstall Java(TM) 6 Update 20

    To uninstall programs:

    • Click on Start > Run.
    • In the open text box write appwiz.cpl Then click Ok.
    • Wait for the list of programs in the Add/Remove control panel to appear.
    • You can now uninstall the programs.


    Using the same method and computer you already have transferred files to and from the infected computer:


    OTL

    Please download OTL by Old Timer and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Please save all work and close all open program windows.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •