Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UDS.DangerousObject.Multi.Generic


  • This topic is locked This topic is locked
3 replies to this topic

#1 tomsmom

tomsmom

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 01 June 2013 - 11:56 PM

I am running Windows XP, and 2 days ago, my Kaspersky Internet Security 13 notified me of malware.  

 

The name of it is UDS.DangerousObject.Multi.Generic. The ONLY options under "Fix" are:

 
1. add to exclusions
2. ignore
3. open the original location folder
4. threat description
 
It is located here:
 
C:\Documents and Settings\Milly\Local Settings\Application Data\Sun\Java\Development\cache\6.0\59\

 

When the computer boots, the Found New Hardware Wizard box appears, and the system tray show a message that the Desktop Cleanup Wizard is available to help clean up the desktop--"Click balloon to start the wizard". Also on boot up, there is a message in the System Tray that says "searching for new drivers". I did not touch any of these things, just ignored all to check my email. There is no new hardware, and I did nothing to bring up the cleanup wizard message, which I have never seen before. The Kaspersky program is updating and scanning as usual. I have just been ignoring the wizard and messages in the System Tray, just leaving the wizard on the desktop and working around it. Other than these issues, I have not noticed that anything obvious has changed. I tried starting in Safe Mode, and the hardware wizard popped up there right away, too. I have run Malwarebytes and it found nothing, with the latest definitions. I  have not turned off System Restore yet.

 

I would really appreciate your help with this.

 

Thank you.

 

 

 
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2006 9:23:05 PM
System Uptime: 6/1/2013 10:58:48 PM (1 hours ago)
.
Motherboard: Dell Inc.           |  | 0WG855
Processor: Intel® Core™2 CPU          6300  @ 1.86GHz | Microprocessor | 1861/1066mhz
Processor: Intel® Core™2 CPU          6300  @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 170 GiB total, 138.001 GiB free.
D: is FIXED (NTFS) - 58 GiB total, 58.024 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP170: 3/3/2013 8:06:53 PM - System Checkpoint
RP171: 3/4/2013 8:09:08 PM - System Checkpoint
RP172: 3/6/2013 1:46:40 AM - System Checkpoint
RP173: 3/7/2013 11:29:52 AM - System Checkpoint
RP174: 3/8/2013 2:07:16 PM - System Checkpoint
RP175: 3/9/2013 2:54:35 PM - System Checkpoint
RP176: 3/10/2013 4:40:56 PM - System Checkpoint
RP177: 3/11/2013 5:40:23 PM - System Checkpoint
RP178: 3/12/2013 5:40:57 PM - System Checkpoint
RP179: 3/13/2013 6:04:20 PM - System Checkpoint
RP180: 3/14/2013 7:08:11 PM - System Checkpoint
RP181: 3/15/2013 7:16:16 PM - System Checkpoint
RP182: 3/16/2013 7:51:44 PM - System Checkpoint
RP183: 3/17/2013 9:05:39 PM - System Checkpoint
RP184: 3/18/2013 9:16:52 PM - System Checkpoint
RP185: 3/19/2013 9:20:20 PM - System Checkpoint
RP186: 3/20/2013 9:26:36 PM - System Checkpoint
RP187: 3/22/2013 11:48:01 AM - System Checkpoint
RP188: 3/23/2013 12:00:54 PM - System Checkpoint
RP189: 3/23/2013 4:19:10 PM - Pre Safari
RP190: 3/23/2013 4:40:21 PM - Installed Safari
RP191: 3/25/2013 12:33:55 PM - System Checkpoint
RP192: 3/26/2013 2:19:12 PM - System Checkpoint
RP193: 3/27/2013 2:39:10 PM - System Checkpoint
RP194: 3/28/2013 3:31:54 PM - System Checkpoint
RP195: 3/29/2013 4:00:54 PM - System Checkpoint
RP196: 3/30/2013 5:02:49 PM - System Checkpoint
RP197: 3/31/2013 5:03:48 PM - System Checkpoint
RP198: 4/1/2013 6:01:14 PM - System Checkpoint
RP199: 4/2/2013 6:56:24 PM - System Checkpoint
RP200: 4/3/2013 7:34:59 PM - System Checkpoint
RP201: 4/4/2013 7:35:55 PM - System Checkpoint
RP202: 4/5/2013 7:36:51 PM - System Checkpoint
RP203: 4/6/2013 8:14:14 PM - System Checkpoint
RP204: 4/8/2013 11:21:51 AM - System Checkpoint
RP205: 4/10/2013 1:35:32 PM - System Checkpoint
RP206: 4/11/2013 6:20:42 PM - System Checkpoint
RP207: 4/12/2013 6:49:22 PM - System Checkpoint
RP208: 4/13/2013 7:07:40 PM - System Checkpoint
RP209: 4/14/2013 7:39:40 PM - System Checkpoint
RP210: 4/15/2013 8:15:33 PM - System Checkpoint
RP211: 4/16/2013 8:58:07 PM - System Checkpoint
RP212: 4/18/2013 11:27:06 AM - System Checkpoint
RP213: 4/19/2013 11:29:48 AM - System Checkpoint
RP214: 4/20/2013 2:39:30 PM - System Checkpoint
RP215: 4/21/2013 2:41:09 PM - System Checkpoint
RP216: 4/22/2013 5:30:41 PM - System Checkpoint
RP217: 4/23/2013 5:31:30 PM - System Checkpoint
RP218: 4/24/2013 5:40:56 PM - System Checkpoint
RP219: 4/25/2013 7:41:23 PM - System Checkpoint
RP220: 4/26/2013 8:11:39 PM - System Checkpoint
RP221: 4/27/2013 8:53:27 PM - System Checkpoint
RP222: 4/29/2013 11:11:20 AM - System Checkpoint
RP223: 4/30/2013 11:31:23 AM - System Checkpoint
RP224: 5/1/2013 11:39:25 AM - System Checkpoint
RP225: 5/2/2013 11:40:10 AM - System Checkpoint
RP226: 5/3/2013 11:44:54 AM - System Checkpoint
RP227: 5/4/2013 11:58:00 AM - System Checkpoint
RP228: 5/5/2013 12:47:02 PM - System Checkpoint
RP229: 5/6/2013 1:31:20 PM - System Checkpoint
RP230: 5/7/2013 1:52:13 PM - System Checkpoint
RP231: 5/8/2013 4:51:43 PM - System Checkpoint
RP232: 5/9/2013 6:05:19 PM - System Checkpoint
RP233: 5/10/2013 6:21:24 PM - System Checkpoint
RP234: 5/11/2013 7:00:45 PM - System Checkpoint
RP235: 5/12/2013 7:18:20 PM - System Checkpoint
RP236: 5/13/2013 7:34:49 PM - System Checkpoint
RP237: 5/14/2013 7:50:01 PM - System Checkpoint
RP238: 5/15/2013 8:31:20 PM - System Checkpoint
RP239: 5/17/2013 11:47:12 AM - System Checkpoint
RP240: 5/18/2013 2:29:35 PM - System Checkpoint
RP241: 5/19/2013 2:48:14 PM - System Checkpoint
RP242: 5/20/2013 4:37:18 PM - System Checkpoint
RP243: 5/21/2013 4:50:16 PM - System Checkpoint
RP244: 5/22/2013 5:57:00 PM - System Checkpoint
RP245: 5/23/2013 6:30:14 PM - System Checkpoint
RP246: 5/24/2013 6:57:05 PM - System Checkpoint
RP247: 5/25/2013 7:27:05 PM - System Checkpoint
RP248: 5/26/2013 8:21:26 PM - System Checkpoint
RP249: 5/27/2013 8:34:03 PM - System Checkpoint
RP250: 5/29/2013 11:34:35 AM - System Checkpoint
RP251: 5/30/2013 12:36:06 PM - System Checkpoint
RP252: 5/31/2013 6:00:38 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 11 Plugin
Adobe Reader 6.0.1
Andrea VoiceCenter
AOLIcon
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
calibre
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Coupon Printer for Windows
CreataCard Plus 3
Creative Audio Pack
Creative MediaSource 5
Dell CinePlayer
Dell DataSafe
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.2
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
EducateU
ESPNMotion
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Greeting Card Factory Deluxe 6.0
Hallmark Card Studio 2006 Deluxe
Hallmark Card Studio 2009 Deluxe
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB921411)
HP Deskjet 9800
HP Deskjet 9800 Series
HP Imaging Device Functions 7.0
HPPhotoSmartExpress
InstantShareDevicesMFC
Intel® Matrix Storage Manager
Intel® PRO Network Connections
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
Invoke Solutions Participant 6.2.0.1450
Java 7 Update 13
Java Auto Updater
Kaspersky Internet Security 2013
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
Modem Helper
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NetWaiting
Opera 11.61
Otto
PanoStandAlone
PDF-Viewer
Picaboo X
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Samsung ML-1630 Series
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960714)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Status
TrayApp
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Music Jukebox
.
==== Event Viewer Messages From Past Week ========
.
5/31/2013 12:10:38 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/31/2013 10:44:23 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm KLIF kneps
5/31/2013 10:43:12 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2013 10:18:32 AM, error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
5/27/2013 10:18:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
.
==== End Of File ===========================
 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.2180  BrowserJavaVersion: 10.13.2
Run by Milly at 23:22:12 on 2013-06-01
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1358 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Enabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milly\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061028
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: AutorunsDisabled - <orphaned>
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} - hxxp://online.invokesolutions.com/events/bin/comptest/4.1.0.34000/MILiveCompTest.ocx
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by128fd.bay128.hotmail.msn.com/activex/HMAtchmt.ocx
TCP: NameServer = 192.168.0.1 216.250.190.144
TCP: Interfaces\{8949CE91-BAC6-4C4A-9CBE-6DB717E68BCD} : DHCPNameServer = 192.168.0.1 216.250.190.144
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milly\application data\mozilla\firefox\profiles\989qq65g.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\milly\application data\mozilla\firefox\profiles\989qq65g.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\milly\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_13.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
.
============= SERVICES / DRIVERS ===============
.
R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-2-4 591968]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 44432]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145040]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2013-2-4 30192]
S4 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-30 19:29:44 2514 --sha-w- c:\windows\system32\KGyGaAvL.sys
2013-05-13 22:29:47 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-04-23 14:11:50 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-04-23 14:11:49 44432 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-23 14:11:48 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-02-05 03:19:06 23749680 ----a-w- c:\program files\SUPERAntiSpyware.exe
2012-09-08 03:34:55 10652120 ----a-w- c:\program files\mbam-setup-1.62.0.1300.exe
2012-09-06 19:33:08 999456 ----a-w- c:\program files\install_flashplayer11x32_chrd_aih.exe
2012-09-06 19:14:46 894952 ----a-w- c:\program files\jre-7u7-windows-i586-iftw.exe
.
============= FINISH: 23:23:02.54 ===============
 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 tomsmom

tomsmom
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 03 June 2013 - 11:02 AM

Resolved

 

My issue with the new hardware prompt turned out to be a separate thing, but poor timing to say the least! I found a couple of "unknown" devices in Hardware Device Manager, which were remnants of a program that did not totally uninstall. Fixed that by a complete uninstall.

 

The issue with the UDS.DangerousObject.Multi.Generic has also been fixed. I searched a few Kaspersky forums, and tried emptying the Java cache, (this is where the infected file was found). I also cleared out all temp files, deleted the threat, scanned again with latest definitions, and it was gone. I've read some things about this particular threat being a possible false positive, don't know if it is or not, but I'm glad to have it gone.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 07 June 2013 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/496700 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:13 PM

Posted 07 June 2013 - 03:00 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users