Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC has Malware, each day or after multiple reboots EXE associations lost


  • This topic is locked This topic is locked
4 replies to this topic

#1 hedrinjt

hedrinjt

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 10 June 2011 - 12:40 PM

Hello, I need some help with a malware problem. I have a computer that had some malware on it that I had believed to be been removed by Malwarebytes but there is still some issue here. Each day or what seems like every other reboot, the pc loses its exe file association and my programs won't run. I run a .reg file that I found on the web and the association comes back until I wait a day or reboot a few times.

Here is a DDS log.

dds.txt

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Athfeed2 at 11:59:12 on 2011-06-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.917 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\mstsc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.heartlandcooperativeservices.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ArcSoft Video Helper: {4e18e9a4-95b3-4f8b-ae3b-ab7478de92ee} - C:\PROGRA~2\ArcSoft\TOTALM~2\Codec\ARCIEV~1.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{CC9CE558-FC2C-48B0-9929-BE47733E8A04} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ArcSoft Video Helper: {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~2\ArcSoft\TOTALM~2\Codec\ARCIEV~1.DLL
BHO-X64: ArcIEVideoUp - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-06-10 13:35:55 -------- d-----w- C:\Windows\System32\SPReview
2011-06-10 13:34:58 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-10 13:29:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-10 13:29:24 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-10 13:29:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-10 13:27:58 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-06-10 13:26:59 378880 ----a-w- C:\Windows\System32\msinfo32.exe
2011-06-10 13:25:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl
2011-06-10 13:24:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-06-10 13:23:59 9728 ----a-w- C:\Windows\System32\spwmp.dll
2011-06-10 13:22:21 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-06-10 13:22:21 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-06-10 13:16:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-10 12:36:10 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-10 12:36:10 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-10 12:36:10 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-10 12:36:10 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-10 12:36:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-06-10 12:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-06-10 12:36:07 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-06-10 12:36:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-06-10 12:36:06 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-06-10 03:33:00 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-10 03:32:59 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-10 00:12:40 -------- d-----w- C:\Windows\Panther
2011-06-10 00:10:49 -------- d-----w- C:\Program Files\Microsoft Games
2011-06-09 23:58:33 -------- d--h--w- C:\$WINDOWS.~Q
2011-06-09 23:56:02 -------- d--h--w- C:\$INPLACE.~TR
2011-06-09 22:38:25 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-06-09 22:38:25 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-06-09 22:37:53 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-09 22:37:48 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-09 22:37:47 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-09 22:36:38 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-06-09 22:36:38 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-06-09 22:34:31 2871808 ----a-w- C:\Windows\explorer.exe
2011-06-09 22:34:30 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-06-09 22:34:17 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-06-09 22:34:17 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-06-09 22:34:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-06-09 22:34:16 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-06-09 22:34:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-06-09 22:34:16 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-06-09 22:34:16 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-06-09 22:34:15 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-06-09 22:33:49 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-06-09 22:33:49 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-06-09 22:33:40 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-06-09 22:33:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-06-09 22:33:27 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-06-09 22:26:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-09 22:26:08 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-09 22:26:08 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-09 22:26:07 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-09 21:16:28 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-06-09 21:16:28 -------- d-----w- C:\Program Files\Realtek
2011-06-09 21:16:03 -------- d-sh--w- C:\Windows\Installer
2011-06-09 21:14:35 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-06-09 19:45:29 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-06-09 19:44:57 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-06-09 19:44:15 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\DAEMON Tools Lite
2011-06-09 19:44:15 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-06-09 18:26:25 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-09 17:34:55 -------- d--h--w- C:\ProgramData\.syncID
2011-06-09 17:34:29 -------- d--h--w- C:\ProgramData\.Syncables
2011-06-09 17:32:13 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\SUPERAntiSpyware.com
2011-06-09 17:32:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-09 17:31:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-01 13:33:10 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\Malwarebytes
2011-05-31 20:18:28 -------- d-----w- C:\Program Files (x86)\Seagate
.
==================== Find3M ====================
.
2011-06-10 14:12:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-10 14:12:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-04 09:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-12 16:45:34 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
.
============= FINISH: 12:01:23.74 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2011 5:01:28 PM
System Uptime: 6/10/2011 9:34:25 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | EB1012P
Processor: Intel® Atom™ CPU D510 @ 1.66GHz | BGA 473 | 1666/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 189.186 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 6/10/2011 8:35:33 AM - Windows 7 Service Pack 1
RP7: 6/10/2011 11:57:24 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
ArcSoft TotalMedia Center
ArcSoft TotalMedia Theatre 3
ASUS Easy Update
ASUS VIBE
ASUS WebStorage
ASUSUpdate
Atheros Client Installation Program
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726)
ebi.BookReader3J
Internet Radio
InternetRadioHelper
Java Auto Updater
Java™ 6 Update 26
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
MSXML 4.0 SP3 Parser (KB973685)
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
syncables desktop SE
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 5:19:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
6/9/2011 5:18:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/9/2011 5:03:31 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
6/9/2011 4:52:57 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.
6/9/2011 4:42:35 PM, Error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.
6/9/2011 4:39:05 PM, Error: Service Control Manager [7030] - The uvnc_service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/9/2011 4:39:05 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/9/2011 4:14:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/9/2011 2:19:48 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/9/2011 1:38:25 PM, Error: SRTSPL [11] - Unable to allocate open file data.
6/9/2011 1:38:25 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
6/9/2011 1:38:25 PM, Error: SRTSP [4] - Error loading virus definitions.
6/9/2011 1:38:25 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.
6/9/2011 1:38:25 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.
6/9/2011 1:22:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
6/10/2011 9:39:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422).
6/10/2011 3:26:43 AM, Error: Service Control Manager [7023] -
6/10/2011 3:22:49 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================


Thank you for any help you can provide.

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:10:24 PM

Posted 18 June 2011 - 09:25 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 hedrinjt

hedrinjt
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 21 June 2011 - 10:28 AM

PC has malware on it, after using malwarebytes and symantec endpoint to clean up infections, the pc loses its exe file association each day.

Thank you very much for your reply,

Here is the dds log, no gmer log because it is a 64bit windows 7 machine.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Athfeed2 at 10:21:27 on 2011-06-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.1123 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\mstsc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.heartlandcooperativeservices.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ArcSoft Video Helper: {4e18e9a4-95b3-4f8b-ae3b-ab7478de92ee} - C:\PROGRA~2\ArcSoft\TOTALM~2\Codec\ARCIEV~1.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{CC9CE558-FC2C-48B0-9929-BE47733E8A04} : NameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ArcSoft Video Helper: {4E18E9A4-95B3-4F8B-AE3B-AB7478DE92EE} - C:\PROGRA~2\ArcSoft\TOTALM~2\Codec\ARCIEV~1.DLL
BHO-X64: ArcIEVideoUp - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-4-12 1793976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-14 136824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-06-15 09:07:28 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-15 09:07:28 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 09:07:25 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 09:07:24 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 09:07:24 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 09:07:22 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-15 09:07:10 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 09:07:09 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 09:07:09 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 09:06:33 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 09:06:33 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 09:06:31 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 09:06:30 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-14 12:57:54 225328 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2011-06-14 12:56:02 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-06-14 12:55:41 -------- d-----w- C:\Program Files\Symantec
2011-06-14 12:52:59 503808 ----a-w- C:\Windows\SysWow64\MSVCP71.DLL
2011-06-14 12:52:59 348160 ----a-w- C:\Windows\SysWow64\MSVCR71.DLL
2011-06-14 12:52:46 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-06-14 07:16:55 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8A286FFA-1B48-4A45-9718-8D7998814AE9}\mpengine.dll
2011-06-13 12:55:50 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-13 12:55:45 8718160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-06-10 18:35:09 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\ASUS WebStorage
2011-06-10 13:35:55 -------- d-----w- C:\Windows\System32\SPReview
2011-06-10 13:34:58 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-10 13:29:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-10 13:29:24 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-10 13:29:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-10 13:27:58 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-06-10 13:26:59 378880 ----a-w- C:\Windows\System32\msinfo32.exe
2011-06-10 13:25:59 905216 ----a-w- C:\Windows\SysWow64\mmsys.cpl
2011-06-10 13:24:59 91648 ----a-w- C:\Windows\System32\mapistub.dll
2011-06-10 13:23:59 9728 ----a-w- C:\Windows\System32\spwmp.dll
2011-06-10 13:22:21 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-06-10 13:22:21 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-06-10 13:16:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-10 12:36:10 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-10 12:36:10 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-10 12:36:10 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-10 12:36:10 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-10 12:36:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-06-10 12:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-06-10 12:36:07 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-06-10 12:36:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-06-10 12:36:06 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-06-10 03:33:00 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-10 03:32:59 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-10 00:12:40 -------- d-----w- C:\Windows\Panther
2011-06-10 00:10:49 -------- d-----w- C:\Program Files\Microsoft Games
2011-06-09 23:58:33 -------- d--h--w- C:\$WINDOWS.~Q
2011-06-09 23:56:02 -------- d--h--w- C:\$INPLACE.~TR
2011-06-09 22:38:25 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-06-09 22:38:25 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-06-09 22:37:53 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-09 22:37:48 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-09 22:37:47 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-09 22:36:38 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-06-09 22:36:38 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-06-09 22:34:31 2871808 ----a-w- C:\Windows\explorer.exe
2011-06-09 22:34:30 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-06-09 22:34:17 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-06-09 22:34:17 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-06-09 22:34:17 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-06-09 22:34:16 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-06-09 22:34:16 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-06-09 22:34:16 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-06-09 22:34:16 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-06-09 22:34:15 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-06-09 22:33:49 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-06-09 22:33:49 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-06-09 22:33:40 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-06-09 22:33:28 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-06-09 22:33:27 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-06-09 22:26:07 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-06-09 21:16:28 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-06-09 21:16:28 -------- d-----w- C:\Program Files\Realtek
2011-06-09 21:16:03 -------- d-sh--w- C:\Windows\Installer
2011-06-09 21:14:35 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-06-09 19:44:15 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\DAEMON Tools Lite
2011-06-09 19:44:15 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-06-09 18:26:25 -------- d-----w- C:\ProgramData\!SASCORE
2011-06-09 17:34:55 -------- d--h--w- C:\ProgramData\.syncID
2011-06-09 17:32:13 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-06-09 17:31:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-01 13:33:10 -------- d-----w- C:\Users\Athfeed2\AppData\Roaming\Malwarebytes
2011-05-31 20:18:28 -------- d-----w- C:\Program Files (x86)\Seagate
.
==================== Find3M ====================
.
2011-06-10 14:12:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-10 14:12:37 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-25 00:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 09:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:22:49.30 ===============.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2011 5:01:28 PM
System Uptime: 6/17/2011 1:51:04 PM (93 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | EB1012P
Processor: Intel® Atom™ CPU D510 @ 1.66GHz | BGA 473 | 1666/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 182.092 GiB free.
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP6: 6/10/2011 8:35:33 AM - Windows 7 Service Pack 1
RP7: 6/10/2011 11:57:24 AM - Windows Update
RP8: 6/10/2011 1:09:01 PM - Removed Internet Radio
RP9: 6/10/2011 1:09:56 PM - Removed ebi.BookReader3J
RP10: 6/10/2011 1:13:18 PM - Removed syncables desktop SE.
RP11: 6/10/2011 1:20:01 PM - Removed InternetRadioHelper
RP12: 6/13/2011 7:43:59 AM - Removed Symantec Endpoint Protection.
RP13: 6/14/2011 2:16:28 AM - Windows Update
RP14: 6/14/2011 7:51:48 AM - Installed Symantec Endpoint Protection.
RP15: 6/15/2011 8:41:52 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
ArcSoft TotalMedia Center
ArcSoft TotalMedia Theatre 3
ASUS Easy Update
ASUSUpdate
Atheros Client Installation Program
Definition update for Microsoft Office 2010 (KB982726)
Java Auto Updater
Java™ 6 Update 26
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
MSXML 4.0 SP3 Parser (KB973685)
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
.
==== Event Viewer Messages From Past Week ========
.
6/17/2011 2:02:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HEARTLAND2003 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC9CE558-FC2C-48B0-9929-BE47733E8A04}. The master browser is stopping or an election is being forced.
6/17/2011 1:52:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/14/2011 7:56:27 AM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:24 AM

Posted 28 June 2011 - 04:58 AM

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:24 AM

Posted 06 July 2011 - 01:16 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users