-
win32.delf.uc keeps coming back
Over the past 3 days I've done far too much to recount with various programs. Bottom line is none of the other programs I've used make this detection but Spybot consistantly shows:
--- Search result list ---
Win32.Delf.uc: [SBI $88B8013A] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
Win32.Delf.uc: [SBI $14B30E85] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\??\C:\WINDOWS\system32\winlogon.exe
/--- Search result list ---
As requested, DDS follows in hope of help to resolve this.
TIA
-Bob
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Run by Bob at 13:06:09 on 2011-12-03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.263 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PCMAGA~1\COOKIE~1\COOKIE~1.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\keyexp\KEYEXP.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
E:\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Bob\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = cookiecop:8100
uInternet Settings,ProxyOverride = 192.168;<local>
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
BHO: {69D72956-317C-44bd-B369-8E44D4EF9801} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [CookieCop] c:\progra~1\pcmaga~1\cookie~1\COOKIE~1.EXE
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [adm_tray.exe] c:\program files\acronis\drivemonitor\adm_tray.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\keyexp~1.lnk - d:\keyexp\KEYEXP.EXE
StartupFolder: c:\documents and settings\bob\start menu\programs\startup\Today.pif
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet g series\bin\hpoavn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kirbya~1.lnk - c:\program files\kirby alarm\kirbyalarm.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Convert link target to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: gamehouse.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: macys.com\www
Trusted Zone: mycheckfree.com
Trusted Zone: onlinesearches.com\publicrecords
Trusted Zone: pointspot.com\www
Trusted Zone: thdathomeservices.com\webmail
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - hxxp://ppupdates.ca.com/downloads/scanner/axscanner.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105290237593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147109959609
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{DC70D44C-CFA4-4CFB-AA8F-23E25AF64531} : DhcpNameServer = 192.168.0.1
Notify: igfxcui - igfxsrvc.dll
Notify: klartew - c:\documents and settings\networkservice\local settings\application data\klartew.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - cookiecop
FF - prefs.js: network.proxy.ftp_port - 8100
FF - prefs.js: network.proxy.gopher - cookiecop
FF - prefs.js: network.proxy.gopher_port - 8100
FF - prefs.js: network.proxy.http - cookiecop
FF - prefs.js: network.proxy.http_port - 8100
FF - prefs.js: network.proxy.socks - cookiecop
FF - prefs.js: network.proxy.socks_port - 8100
FF - prefs.js: network.proxy.ssl - cookiecop
FF - prefs.js: network.proxy.ssl_port - 8100
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{7e7165e2-0767-448c-852f-5fa8714f2c37}\components\PlainOldFavorites.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\12nouic8.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: e:\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: PlainOldFavorites: {7E7165E2-0767-448c-852F-5FA8714F2C37} - %profile%\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-11-15 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-12-2 565552]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe [2011-4-24 202296]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S1 MpKsl05b8ec11;MpKsl05b8ec11;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\mpksl05b8ec11.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf9c8df2-582e-4a0b-a51f-7e845e1cd6fd}\MpKsl05b8ec11.sys [?]
S1 MpKsl2c04e557;MpKsl2c04e557;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\mpksl2c04e557.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0bc45769-a94d-4949-a210-4e7dd42e8b5a}\MpKsl2c04e557.sys [?]
S1 MpKsl30221af3;MpKsl30221af3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksl30221af3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsl30221af3.sys [?]
S1 MpKsl3bbc9cb7;MpKsl3bbc9cb7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\mpksl3bbc9cb7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b65b421e-520c-4dc3-bb0b-e0b13ccacb29}\MpKsl3bbc9cb7.sys [?]
S1 MpKsl50c6aa21;MpKsl50c6aa21;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\mpksl50c6aa21.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8fbced0e-c906-4526-8ac0-a3e173bd644c}\MpKsl50c6aa21.sys [?]
S1 MpKsl63115aff;MpKsl63115aff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\mpksl63115aff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8f268287-023a-4ef1-8111-eed0d192dfae}\MpKsl63115aff.sys [?]
S1 MpKsl6992bf7e;MpKsl6992bf7e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\mpksl6992bf7e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{00dd543a-485e-4f5c-805e-5cccba25d24d}\MpKsl6992bf7e.sys [?]
S1 MpKsl6f4364a6;MpKsl6f4364a6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\mpksl6f4364a6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{49f1789d-f463-4ae6-9a66-747134266b78}\MpKsl6f4364a6.sys [?]
S1 MpKsl91e50612;MpKsl91e50612;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\mpksl91e50612.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7afa9519-2dc2-4f4a-bc6a-67db575ad69f}\MpKsl91e50612.sys [?]
S1 MpKsl957cbe81;MpKsl957cbe81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\mpksl957cbe81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1d7adc2b-9e7c-499b-8b4b-970056c021c5}\MpKsl957cbe81.sys [?]
S1 MpKsla44f2d84;MpKsla44f2d84;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\mpksla44f2d84.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cc380205-6e12-4e7d-93e7-85f54d3db76c}\MpKsla44f2d84.sys [?]
S1 MpKslb1eef83e;MpKslb1eef83e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\mpkslb1eef83e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec47350a-2863-4f9a-90e4-6aab11dc7f96}\MpKslb1eef83e.sys [?]
S1 MpKslbb72fb26;MpKslbb72fb26;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\mpkslbb72fb26.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02b31d1-047a-4a74-b222-564f57750561}\MpKslbb72fb26.sys [?]
S1 MpKslc6a20e02;MpKslc6a20e02;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\mpkslc6a20e02.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22038661-62e7-42f4-a3bd-bd6d7ea26198}\MpKslc6a20e02.sys [?]
S1 MpKslc86a0644;MpKslc86a0644;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\mpkslc86a0644.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f951e807-42b7-42a5-8e28-f10b74bca579}\MpKslc86a0644.sys [?]
S1 MpKslcfc4f3af;MpKslcfc4f3af;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\mpkslcfc4f3af.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c9f5f717-de2b-42a3-ad96-b15b8b26858b}\MpKslcfc4f3af.sys [?]
S1 MpKsldfa7710c;MpKsldfa7710c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\mpksldfa7710c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5d66a504-67fe-4fc0-b704-9aff011607f5}\MpKsldfa7710c.sys [?]
S1 MpKslf156ae64;MpKslf156ae64;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\mpkslf156ae64.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{021de105-dc76-4d6e-beb8-b9d47dd524a3}\MpKslf156ae64.sys [?]
S1 MpKslf9cc0160;MpKslf9cc0160;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\mpkslf9cc0160.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e84c3ea2-141b-4581-a47d-ca48b2e8c486}\MpKslf9cc0160.sys [?]
S1 MpKslfd8e6181;MpKslfd8e6181;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\mpkslfd8e6181.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{71e3c987-72e8-40b3-a256-da415b7829b5}\MpKslfd8e6181.sys [?]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys --> c:\windows\system32\drivers\pxrts.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 KirbyAlarmPro;Kirby Alarm Pro;c:\program files\kirby alarm pro\kirbyalarmpro.exe [2009-2-3 3579904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-9-28 44512]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2010-9-28 12256]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-2-3 37632]
.
=============== File Associations ===============
.
txtfile="c:\program files\jgsoft\editpadlite\EditPad.exe" "%1"
.
=============== Created Last 30 ================
.
2011-12-02 23:32:30 97961 -c--a-w- c:\windows\system32\drivers\klick.dat
2011-12-02 23:32:30 115369 -c--a-w- c:\windows\system32\drivers\klin.dat
2011-12-02 23:29:57 -------- dc----w- c:\program files\Kaspersky Lab
2011-12-02 23:29:56 -------- dc----w- c:\documents and settings\all users\application data\Kaspersky Lab
2011-12-01 19:29:31 -------- dc----w- C:\SDFix
2011-12-01 16:37:25 -------- dc----w- c:\documents and settings\bob\local settings\application data\fxnetlib
2011-11-30 23:07:51 23624 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-30 23:06:29 -------- dc----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-30 17:10:41 71880 -c--a-w- c:\windows\system32\PxSecure.dll-19202703
2011-11-15 22:34:40 28552 -c--a-w- c:\windows\system32\drivers\pavboot.sys
.
==================== Find3M ====================
.
2011-12-01 00:08:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-15 22:22:09 100 -c--a-w- c:\windows\system32\prsgrc.dll
2011-11-15 13:17:59 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:07:44.75 ===============
-
Hello and welcome to the forum.
My nickname is vict0r and I will help you with the malware issues on your computer.
Please read the following information carefully.
IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:
- Continue to respond to this thread until I I tell you that the logs are clean!
- Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
- Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
- Please follow all instructions in the order posted.
- If you have any questions or do not understand instructions, please ask before continuing.
- Please reply to this thread. Do not start a new topic.
- Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Please post the Attach.txt generated by DDS (copy and paste it into your reply, do not attach it). If necessary re-run DDS to get the log.
-
Thank you vict0r.
FYI, the system I am having an issue with is no longer connected to the network pending resolution.
It appears I did not save the file so I ran dds again with the following results:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2005 11:36:14 AM
System Uptime: 12/5/2011 7:21:29 AM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 10 GiB total, 0.951 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 0.39 GiB free.
E: is FIXED (NTFS) - 16 GiB total, 0.147 GiB free.
F: is CDROM ()
G: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Acronis Drive Monitor
ACT! 2000
Adobe Acrobat 7.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AI RoboForm (All Users)
AOL Instant Messenger
AOL Instant Messenger (SM)
ASAP Utilities
AutoScan5.4
Avery® Wizard 2.1 for Microsoft® Office Word 2003
BitPim 1.0.4
BlueSoleil
BookSmart® 2.9.1 2.9.1
Broadcom 440x 10/100 Integrated Controller
CCleaner
CDBurnerXP
cGPSmapper Shareware 0087
CmdHere Powertoy For Windows XP
Compatibility Pack for the 2007 Office system
Complete Cleanup Trial
CookieCop® 2
Dell ResourceCD
dfg BackUp XP 2005
dfg BackUp XP 2005 (C:\Program Files\DFG\BackUp3\)
DriveImage XML
EASEUS Data Recovery Wizard Free Edition 5.5.1
EasyCleaner
ERUNT 1.1j
Eudora
Excel VBA Code Cleaner 4.4
Excel VBA Code Documentor 4.0
FileNote (Remove Only)
Free CD to MP3 Converter
Garmin City Navigator North America 2008
Garmin City Navigator North America 2009
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
GmapTool 0.6.0
Google Earth
Google Gmail Notifier
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
hp officejet g series
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
Jalbum
Java Auto Updater
Java(TM) 6 Update 20
Just Great Software EditPad Lite 6.6.3
jv16 PowerTools 2005
Kaspersky Anti-Virus 2012
Kirby Alarm Pro v4.45
Kirby Alarm v2.11
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation)
Macrium Reflect - Free Edition
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia FreeHand MXa
MapSource
MapSource - City Select North America v7
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliType Pro 5.2
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft PowerPoint 97
Microsoft Tool Web Package : GETMAC.EXE
Microsoft Visual C++ 2005 Redistributable
MozBackup 1.4.7
Mozilla Firefox (3.6.23)
MSXML 6 Service Pack 2 (KB973686)
MySoftware Fonts
Nero Suite
Netflix Movie Viewer
Norton PartitionMagic
Norton PartitionMagic 8.0
Norton WMI Update
NTREGOPT 1.1j
OSM map
Panda ActiveScan 2.0
PandoraRecovery (Remove Only)
PC Authorize
Pidgin
POP Peeper
Postage $aver
PVR Plus
QuickBooks Pro 99
QuickTime Alternative 3.2.2
Real Alternative 1.42
SafeCast Shared Components
Seagate*DiscWizard
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Smart Defrag 1.0
Smart Indenter v3.5 for Office 2000-2003
Snapshot Viewer
SoundMAX
Spybot - Search & Destroy
Startup Cop 1.1
Stuff Organizer
Suite Specific
SyncBack
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnjiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnjiper
TurboTax 2009 wnyiper
TurboTax 2009 wrapper
TurboTax 2010 wneiper
TurboTax 2010 wnjiper
TurboTax 2010 wnyiper
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
USB Modem Driver
Volumouse
WebFldrs XP
WexTech AnswerWorks
Windows Defender Signatures
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinDriver6.22 USB Driver
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xteq Systems X-Setup 6.2
.
==== Event Viewer Messages From Past Week ========
.
12/2/2011 9:29:45 AM, error: Microsoft Antimalware [2001] -
12/1/2011 5:03:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde pxrts pxscan
12/1/2011 5:01:03 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
12/1/2011 4:15:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pxrts pxscan
12/1/2011 4:15:17 PM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
12/1/2011 2:51:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter NetworkX OMCI pavboot pxrts pxscan
12/1/2011 2:35:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT NetworkX OMCI pavboot pxrts pxscan RasAcd Rdbss Tcpip Tcpip6
12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2011 2:35:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
12/1/2011 2:34:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2011 2:26:02 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%6" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding
11/30/2011 7:10:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/30/2011 6:52:57 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/30/2011 6:08:03 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/30/2011 3:02:44 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
11/30/2011 3:02:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
11/30/2011 3:02:33 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
Hello, spybob.
Unfortunately, we do not work on company computers. Please refer to this post:
http://forums.spybot.info/showpost.p...12&postcount=5
-
I would appear I have given you a false impression. This is not a company computer, it is a home network for myself and my wife. I took the offending computer off the network so it will not infect my wife's and so I don't risk identity theft when doing banking etc.
Respectfully submitted
Bob
-
Hi,
Please explain why you have these business related programs installed on this computer:
- ACT! 2000
- AutoScan5.4
- Avery® Wizard 2.1 for Microsoft® Office Word 2003
- MetaFrame Presentation Server Web Client for Win32
- PC Authorize
- Postage $aver
- WexTech AnswerWorks
Using the same method and computer you already have transfered files to and from the infected computer:
MGADiag
- Please download this tool from Microsoft. Save it to your desktop.
- Double click on MGADiag.exeto run it.
- Click Continue.
- The program will run. It takes a while to finish the diagnosis, please be patient.
- Once done, click on Copy.
- Open Notepad and paste the contents in the window.
- Save this file and copy/paste it in your next reply.
CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!
- Double-click on the CKScanner.exe icon... then click the Search For Files button.
- When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
A text file will be created on your desktop named "ckfiles.txt" - Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
- Please copy/paste the contents of ckfiles.txt in your next reply.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules