Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty sure I have the Trojan.Gen.2 Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 rgris

rgris

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 December 2014 - 11:44 AM

Symantic is going nuts with the auto-protect quarantining tons of DW... temp files but it keeps coming back and is really bogging down my system.  Could really use some help getting this thing off.

 

Here is the DDS.  I attached the "attach" file.  I also attached a screenshot of the symantic log to show you what is going on.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.55.2
Run by Student at 11:30:35 on 2014-12-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4022.1600 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Student\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIIUE.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Student\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginia.edu/
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [F.lux] "C:\Users\Student\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Student\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series"
uRun: [CCleaner Monitoring] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /MONITOR
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -update plugin
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellBtrEvent] D:\Program Files (x86)\Dell\Reader 2.0\DellBtrEvent.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Student\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Student\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CERTCH~1.LNK - C:\Program Files (x86)\University of Virginia\UVa Network Setup Tool\CertChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVAITC~1.LNK - C:\Windows\Installer\{E0274560-0FB3-4928-9800-6B45AAEFB506}\_39B470E5817D54F276433B.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{D2194453-1817-4F42-9626-E649E95304FD} : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{D2194453-1817-4F42-9626-E649E95304FD}\242756E647723702960586F6E656 : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{D2194453-1817-4F42-9626-E649E95304FD}\4556162616A7161627 : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{D2194453-1817-4F42-9626-E649E95304FD}\458657E6461644F6D656 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D2194453-1817-4F42-9626-E649E95304FD}\7556C636F6D656F547F6F5556516F575962756C6563737 : DHCPNameServer = 128.143.2.7 128.143.3.7 128.143.22.119
TCP: Interfaces\{DEC84DE6-C32D-452E-99B3-1FB56BAD853C} : NameServer = 172.26.38.1 172.26.38.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\cg4lwtd6.default-1386396116969\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Student\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\cg4lwtd6.default-1386396116969\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\Student\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-28 53488]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdfltn.sys [2010-5-22 21040]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-21 50976]
R1 DVMIO;DVMIO;D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys [2009-7-21 17496]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2010-5-26 89600]
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 1039776]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 31136]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 515872]
R2 DvmMDES;DeviceVM Meta Data Export Service;D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe [2009-8-3 327680]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2014-7-19 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-7-19 135824]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-14 9216]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-22 13336]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-5-22 60928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-19 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-19 18956064]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-5-22 81408]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-1 1822296]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-20 4799760]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-8-21 1820184]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2010-5-22 26160]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-5-22 321576]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-5-22 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-5-22 172704]
R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2010-5-22 38440]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-5-22 294064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-29 142640]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-22 151936]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-19 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-19 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-1-27 49152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2012-10-13 1327104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-1 19456]
S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-5-22 61952]
S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-5-22 55808]
S3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544]
S3 SaiU1708;SaiU1708;C:\Windows\System32\drivers\SaiU1708.sys [2012-9-20 47168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\swg3kser00.sys [2013-1-2 258432]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\Windows\System32\drivers\swiwdmbx64.sys [2013-1-2 109312]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2013-1-2 297472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-1 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-28 1255736]
.
=============== Created Last 30 ================
.
2014-12-30 15:35:27    11870360    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B54F8E35-D00E-42B0-8698-6552E5C61DC1}\mpengine.dll
2014-12-30 04:45:26    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-30 04:45:26    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-10 08:04:31    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-10 08:04:30    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-10 04:34:02    3981488    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-12-09 20:51:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-12-09 20:51:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-09 20:51:40    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-12-09 20:49:59    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-12-09 20:48:55    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-09 20:48:55    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-01 22:18:46    --------    d-sh--w-    C:\Users\Student\AppData\Local\EmieBrowserModeList
.
==================== Find3M  ====================
.
2014-12-10 04:34:07    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 04:34:07    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-24 19:04:56    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-18 19:56:48    1202848    ----a-w-    C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-03 02:12:23    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-10-03 02:12:22    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 02:11:49    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2013-02-28 03:06:07    1051984    ----a-w-    C:\Program Files (x86)\uTorrent.exe
.
============= FINISH: 11:31:45.84 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 rgris

rgris
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 01 January 2015 - 09:50 AM

To close this thread out, I figured out the problem.  Although Symantec's autoprotect went nuts and bogged down my system big time saying I had the Trojan.Gen.2 virus... I really didn't and it was symantec itself that was causing the problem, or at least symantec along with something else.

 

Basically, I did a whole bunch of research and found that Symantec was creating these DW*.tmp files as part of their virus definition update process and then for some reason Symantec was flagging its own files as potentially infected.  The documentation says that this sometimes happens when another process accesses the file before it is deleted. 

 

My theory is that I accidently had windows defender on at the same time.  When I shut off windows defender the problem immediately went away.

 

I never have been a big fan of SEP anyway, so I just downloaded Microsoft Security Essentials (I'm running W7) and deinstalled SEP and life is good, the computer is totally back to normal, to include performance.

 

Bottom line, if you come across this thread because Symantec EndPoint Protection is flagging a whole bunch of DW*.tmp files as infected with the Trojan.Gen.2 virus, before you go to a lot of trouble trying to clean off the virus, check to see that you don't have SEP and some other virus protector running at the same time.  If you do, shut one off.

 

BTW, you can easily tell by running the dds logger as it tells you what is running right at the beginning of the results.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:48 PM

Posted 04 January 2015 - 10:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users