I had posted on this forum a few days ago, and got a response from a helper, but since I was away from home, I couldnt respond in time.
As per instructions, I am reposting a gist of my problem, and the appropriate logs.
Background:
I have a PC running Windows 7 and have Symantec End Point Protection for Small Businesses (SEPP) installed on it.
In my previous post on this forum, the helper asked if I was using this machine for business purposes - my answer is no. I use this PC at home, and the only reason I have the Business package of Symantec End Point Protection is - coz I own my business, and had some spare licenses left over from my office, and thought I could use it at home, instead of purchasing some other software for the same purpose.
Having said that, I was earlier getting a lot of pop-ups from SEPP - which basically hinted at some malware attempting to send mass emails from my PC.
In the last couple of days, I've had a chance to run some cleaning softwares, which I *thought* would help me get rid of the problem - but alas - it seems I've managed to botch things up further.
I am now getting 2 new error messages from SEPP:
The first is: Traffic has been blocked from this application: svchost.exe
The second is: Traffic has been blocked from this application: link layer topology responder driver ndis 6 (rspndr.sys)
I tried to run DDS - but once again - it stalled. This time I disabled SEPP and ran DDS again - with success.
As suggested, I am pasting DDS logs here, with a request for help. As always, volunteered help is always appreciated.
Thanks again,
Arcodiac
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by silver at 2:42:48.49 on Tue 04/26/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3317.1886 [GMT 5.5:30]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ccxgui\ccXservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NetWorx\networx.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEKP.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\conhost.exe
C:\Users\silver\AppData\Local\Temp\D250.tmp\MBR.DAT
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
H:\Installable Software\ANTIVIRUS RELATED\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [EPSON TX600FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiekp.exe /fu "c:\windows\temp\E_S6C13.tmp" /EF "HKCU"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 networx;networx;c:\windows\system32\drivers\networx.sys [2011-4-17 51640]
R2 ccXgui;ccXgui;c:\program files\ccxgui\ccXservice.exe [2004-4-24 173568]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2011-1-2 24576]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-4-22 1768376]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-14 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-29 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\drivers\StkCMini.sys [2011-1-2 1260032]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-27 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-25 14:21:08 -------- d-----w- c:\program files\ccxgui
2011-04-25 06:32:27 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-04-25 06:31:41 -------- d-----w- c:\progra~2\Hitman Pro
2011-04-24 17:32:06 -------- d-----w- c:\users\silver\appdata\roaming\Malwarebytes
2011-04-24 17:31:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-24 17:20:54 -------- d-----w- c:\progra~2\Norton
2011-04-24 17:20:52 -------- d-----w- c:\users\silver\appdata\local\NPE
2011-04-23 06:10:54 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-04-17 19:06:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-17 19:06:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-17 18:15:07 51640 ----a-w- c:\windows\system32\drivers\networx.sys
2011-04-17 18:15:07 -------- d-----w- c:\program files\NetWorx
2011-04-17 18:15:07 -------- d-----w- c:\progra~2\SoftPerfect
2011-04-16 19:34:34 -------- d-----w- c:\windows\pss
2011-04-16 16:37:25 -------- d-----w- c:\users\silver\appdata\local\PackageAware
2011-04-13 22:09:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-10 05:32:38 -------- d-----w- c:\windows\system32\custom matrices
2011-04-10 05:32:34 -------- d-----w- c:\windows\system32\QuickTime
2011-04-10 05:32:34 -------- d-----w- c:\windows\system32\C2MP
.
==================== Find3M ====================
.
2011-02-22 19:39:04 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-18 11:06:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-07 17:45:52 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-07 17:39:02 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-02 16:10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 2:42:56.65 ===============