Jump to content

kristine350

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by kristine350

  1. kristine350
    Hi! I'm so sorry, I would have closed the topic but I can't see how to do it. Yes, I am finished here and thank you for your help!!!
  2. kristine350
    Hi! I have a Gateway NV53A laptop with windows 7 and I've already been cleared of any malware on the other forum. Yay! Happy face. The bad news? I can't print to OneNote. It disappeared from the print menu. Probably when the regular printer here at home was renamed, but I'm not completely certain. Yep, bonehead move. I know, but I can print to the regular printer. So I went to programs in the control panel and repaired my Microsoft Office suite in the add/remove programs window. When it was done I got this in my reliability history: Windows Installer installed the product. Product Name: XPS2OneNote. Product Version: 1.1.0. Product Language: 1033. Manufacturer: CodePlex. Installation success or error status: 1602. Windows Installer reconfigured the product. Product Name: Microsoft Office Shared MUI (English) 2010. Product Version: 14.0.6029.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 1602. Everything was absolutely fine with printing for a year. Needless to say, if I choose file - print - print to OneNote- it is not there. I can only print to the regular printer- Epson Stylus NX620. It's a wireless network printer shared with our workgroup here at home. Also, if I choose tools, I can go to send (send, not print) to One Note and it sends the page to OneNote but the format is unreadable. I can't add a printer because it tells me that access is denied. Should I uninstall the printer from the desktop pc and reinstall it on my computer? (The desktop pc has XP, one laptop has Vista, and two laptops have Windows 7 so we don't use homegroups) I'm afraid to because my laptop denies me access to "add printer". I've tried Mr. Fix It, i've tried troubleshooting, but nothing is working. I tried updating printer software too. This started about 3 weeks ago when Iobit's ASC reported to me that it found: Trojan.Backdoor, FILE, C:\Program Files (x86)\HTC\HTC Sync 3.0\UpctUpdate.exe, 4046490 That later turned out to be a false positive. But I was having internet connectivity problems so I totally believed it to be a trojan for a few weeks. I disconnected from the internet and have been trying to figure it out ever since. I've had at least one BSoD and lots and lots of errors: 7/4/2012 4:44:10 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. Then I found some incompatable software and made all of those corrections. both intuit products. I gave up and tried to set my computer back two weeks but that gave me an error stating the disk is corrupt: 7/8/2012 3:17:11 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Gateway. So I ran chkdsk. No problems found. The latest issues are many different drivers that delay sleep or delay startup. I learned that more than one antivirus will cause problems so I uninstalled MSE and left Norton running and then the errors went crazy. I reinstalled MSE and disabled it. If I have malwarebytes pro do I even need norton anymore? I have uninstalled Iobit Advanced System Care because I learned (among other things) programs that clean up your registry do more harm than good. So that's gone. I also uninstalled ffdshow.exe, double twist, and some other things in an attempt to level out the insanity that is going on with my pc health. It dropped to 2 but is almost back up to 5 today. Any advice? Good grief! Thanks.
  3. kristine350
    Thanks very much. I discovered a while back when I started having problems that having more than one antivirus is not advisable so I uninstalled MSE. Then I started getting multiple errors and my internal state was going haywire and throwing fatal alerts and my PC health dropped to 2. Then I found that MSE was not successfully uninstalled. Then I had Mr Fix It from microsoft uninstall anything that was left behind. That didn't work... so I used App Remover and it found nothing. So I reinstalled MSE and disabled it. The errors seemed to reduce in frequency. I was worried that it was malware causing my problems. Glad to hear that it is not. Next stop is PC Help! Thanks again for taking a look. Have a great day!
  4. kristine350
    Many apologies, thanks for pointing me in the right direction!
  5. kristine350
    Hi there. Another product found htcupctupdate.exe to be a backdoor trojan a few weeks ago. I've been researching ever since and have decided it must be a false positive. AT the time I was having internet connectivity problems, but not any more. Currently my symptoms are only printers appearing and disappearing from the print menu, and denied access to "add printer". But that was probably a result of changing printer names, but I can't fix it. Can you please look at my DDS and my gmer? ( If you see combofix, please know that I did not run it. ) Thank you! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Kristine at 14:37:12 on 2012-07-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1536 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\dllhost.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\SysWow64\perfhost.exe C:\Windows\System32\snmp.exe C:\Windows\System32\snmptrap.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\splwow64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=60kjish9gbjtv uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = www.google.com mWinlogon: Userinit=userinit.exe BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [EPSON64A0E3 (Epson Stylus NX620) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9EBE.tmp" /EF "HKCU" uRun: [Do not use (Epson nx620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Kristine\AppData\Local\Temp\E_SC685.tmp" /EF "HKCU" uRun: [EPSON64A0E3 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SF081.tmp" /EF "HKCU" uRun: [Epson Stylus NX620(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SCDE5.tmp" /EF "HKCU" uRun: [Epson Printer on Pelino Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S62E1.tmp" /EF "HKCU" mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-explorer: NoExpandedNewMenu = 0 (0x0) uPolicies-explorer: MaxRecentDocs = 43 (0x2b) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: NoStrCmpLogical = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: intuit.com\ttlc DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EDE5A8A5-2BF2-41F0-BFBA-EA31F0CC20A0} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-20 868896] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-12 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-12 128512] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-6-8 138232] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-28 138232] R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] . =============== Created Last 30 ================ . 2012-07-08 17:57:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF74C6C-7B92-466E-B67A-E27618DCF618}\mpengine.dll 2012-07-08 03:45:50 -------- d-----w- C:\ACE Event Logs 2012-07-07 20:35:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD867E3F-E0E9-49C9-BAF5-0698BA03EA34}\gapaengine.dll 2012-07-07 20:35:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-06 07:48:02 1298 ----a-w- C:\FixitRegBackup.reg 2012-07-06 05:13:56 -------- d-----w- C:\Users\Kristine\AppData\Roaming\FixIt 2012-07-05 18:06:41 -------- d-----w- C:\Program Files\iPod 2012-07-05 18:06:40 -------- d-----w- C:\Program Files\iTunes 2012-07-05 18:06:40 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-05 17:45:16 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-07-05 17:35:32 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-05 04:50:36 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-01 21:40:15 -------- d-----w- C:\Windows\pss 2012-07-01 19:15:16 -------- d-----w- C:\ae1ba45e8f74d9428dd7c3c8c1f226 2012-07-01 05:48:24 -------- d-----w- C:\Users\Kristine\AppData\Local\Help 2012-07-01 05:45:52 -------- d-----w- C:\Program Files\Windows Journal 2012-07-01 04:42:01 -------- d-----w- C:\Users\Kristine\AppData\Local\Cyberlink 2012-06-29 12:46:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-29 12:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-29 12:27:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F2EE55-2673-4A46-A6CB-4DC7FFCAB88C}\mpengine.dll 2012-06-27 16:49:45 -------- d-----w- C:\Users\Kristine\AppData\Local\{AAE03B66-4EFA-480F-BE50-A14B565861B8} 2012-06-27 16:49:34 -------- d-----w- C:\Users\Kristine\AppData\Local\{DAF0381D-387B-4F64-8311-20AF6826639D} 2012-06-27 16:20:36 -------- d-----w- C:\Users\Kristine\AppData\Local\{D0EA47EC-2611-4E56-BDD6-A9F6A306A1AF} 2012-06-27 03:53:00 -------- d-----w- C:\Users\Kristine\AppData\Local\{4FEA9AFD-FB22-4B28-9C15-CCB5EA48D6C5} 2012-06-26 08:15:53 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-25 23:46:52 -------- d-----w- C:\Users\Kristine\AppData\Local\{FBFF6E14-ACF7-450C-8898-41AE0387FC82} 2012-06-25 23:46:41 -------- d-----w- C:\Users\Kristine\AppData\Local\{F81F8EAA-4FA0-4713-9BF7-1BA1711D7385} 2012-06-25 23:46:40 -------- d-----w- C:\Users\Kristine\AppData\Local\{8E016B8E-E610-4933-BBC9-224E36E1B24A} 2012-06-25 20:02:41 -------- d-----w- C:\Program Files (x86)\Cisco 2012-06-25 20:02:04 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe 2012-06-25 20:02:04 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver 2012-06-25 17:13:39 -------- d-----w- C:\Users\Kristine\AppData\Local\Downloaded Installations 2012-06-24 02:07:28 -------- d-----w- C:\Users\Kristine\AppData\Roaming\IPSecureLogs 2012-06-24 01:27:24 -------- d-----w- C:\Users\Kristine\AppData\Local\MetaGeek,_LLC 2012-06-23 18:47:27 -------- d-----w- C:\Users\Kristine\AppData\Roaming\Malwarebytes 2012-06-23 18:47:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-23 18:47:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-23 18:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-21 10:44:33 -------- d-----w- C:\performance monitor report 061912_files 2012-06-19 02:42:00 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP 2012-06-19 02:07:04 -------- d-----w- C:\N360_BACKUP 2012-06-18 22:32:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-18 22:32:24 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-18 22:31:56 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-18 22:31:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 21:07:36 -------- d-----w- C:\Users\Kristine\AppData\Local\doubleTwist Corporation 2012-06-17 18:30:33 -------- d-----w- C:\Users\Kristine\Tracing 2012-06-14 19:52:21 -------- d-----w- C:\Windows\en 2012-06-14 19:43:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-06-14 19:43:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-06-14 19:43:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-06-14 19:43:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-06-14 19:42:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DSETUP.dll 2012-06-14 19:42:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DXSETUP.exe 2012-06-14 19:42:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\dsetup32.dll 2012-06-14 19:40:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DXSETUP.exe 2012-06-14 19:40:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\dsetup32.dll 2012-06-14 19:40:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DSETUP.dll 2012-06-14 19:38:25 -------- d-----w- C:\Users\Kristine\AppData\Local\Windows Live 2012-06-13 16:40:19 -------- d-----w- C:\Users\Kristine\AbiSuite 2012-06-13 04:37:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 04:37:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 04:37:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 04:37:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-13 04:37:01 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 04:36:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 04:36:06 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 04:30:16 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 04:29:48 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-13 04:29:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-13 04:29:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 04:29:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 04:29:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 04:25:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 04:25:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 04:25:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 04:25:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-07-05 04:49:20 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-29 17:01:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 17:01:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-13 04:28:21 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-13 04:28:21 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-13 04:28:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-13 04:28:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-13 04:28:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-13 04:28:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-13 04:28:21 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-13 04:28:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-08 14:57:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-05-10 06:09:32 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 06:09:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 05:54:43 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 05:54:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys . ============= FINISH: 14:38:36.52 =============== GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-09 15:30:33 Windows 6.1.7601 Service Pack 1 Running: fglr50y9.exe ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Kristine\AppData\Roaming\Microsoft\Windows\Start Menu\7-Day Forecast for Latitude 38.72\xb0N and Longitude 77.8\xb0W.website 1 ---- EOF - GMER 1.0.15 ----
  6. kristine350
    Hi there. Another product found htcupctupdate.exe to be a backdoor trojan a few weeks ago. I've been researching ever since and have decided it must be a false positive. AT the time I was having internet connectivity problems, but not any more. Currently my symptoms are only printers appearing and disappearing from the print menu, and denied access to "add printer". But that was probably a result of changing printer names, but I can't fix it. Can you please look at my DDS and my gmer? ( If you see combofix, please know that I did not run it. ) Thank you! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Kristine at 14:37:12 on 2012-07-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1536 [GMT -4:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\dllhost.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\SysWow64\perfhost.exe C:\Windows\System32\snmp.exe C:\Windows\System32\snmptrap.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\PLFSetI.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\splwow64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=60kjish9gbjtv uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW mStart Page = www.google.com mWinlogon: Userinit=userinit.exe BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [EPSON64A0E3 (Epson Stylus NX620) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9EBE.tmp" /EF "HKCU" uRun: [Do not use (Epson nx620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Kristine\AppData\Local\Temp\E_SC685.tmp" /EF "HKCU" uRun: [EPSON64A0E3 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SF081.tmp" /EF "HKCU" uRun: [Epson Stylus NX620(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SCDE5.tmp" /EF "HKCU" uRun: [Epson Printer on Pelino Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S62E1.tmp" /EF "HKCU" mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-explorer: NoExpandedNewMenu = 0 (0x0) uPolicies-explorer: MaxRecentDocs = 43 (0x2b) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: NoStrCmpLogical = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: intuit.com\ttlc DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{EDE5A8A5-2BF2-41F0-BFBA-EA31F0CC20A0} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376] R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-20 868896] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-12 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-12 128512] R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408] R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-6-8 138232] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-28 138232] R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176] . =============== Created Last 30 ================ . 2012-07-08 17:57:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF74C6C-7B92-466E-B67A-E27618DCF618}\mpengine.dll 2012-07-08 03:45:50 -------- d-----w- C:\ACE Event Logs 2012-07-07 20:35:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD867E3F-E0E9-49C9-BAF5-0698BA03EA34}\gapaengine.dll 2012-07-07 20:35:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-06 07:48:02 1298 ----a-w- C:\FixitRegBackup.reg 2012-07-06 05:13:56 -------- d-----w- C:\Users\Kristine\AppData\Roaming\FixIt 2012-07-05 18:06:41 -------- d-----w- C:\Program Files\iPod 2012-07-05 18:06:40 -------- d-----w- C:\Program Files\iTunes 2012-07-05 18:06:40 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-05 17:45:16 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-07-05 17:35:32 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-05 04:50:36 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-01 21:40:15 -------- d-----w- C:\Windows\pss 2012-07-01 19:15:16 -------- d-----w- C:\ae1ba45e8f74d9428dd7c3c8c1f226 2012-07-01 05:48:24 -------- d-----w- C:\Users\Kristine\AppData\Local\Help 2012-07-01 05:45:52 -------- d-----w- C:\Program Files\Windows Journal 2012-07-01 04:42:01 -------- d-----w- C:\Users\Kristine\AppData\Local\Cyberlink 2012-06-29 12:46:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-06-29 12:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-06-29 12:27:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F2EE55-2673-4A46-A6CB-4DC7FFCAB88C}\mpengine.dll 2012-06-27 16:49:45 -------- d-----w- C:\Users\Kristine\AppData\Local\{AAE03B66-4EFA-480F-BE50-A14B565861B8} 2012-06-27 16:49:34 -------- d-----w- C:\Users\Kristine\AppData\Local\{DAF0381D-387B-4F64-8311-20AF6826639D} 2012-06-27 16:20:36 -------- d-----w- C:\Users\Kristine\AppData\Local\{D0EA47EC-2611-4E56-BDD6-A9F6A306A1AF} 2012-06-27 03:53:00 -------- d-----w- C:\Users\Kristine\AppData\Local\{4FEA9AFD-FB22-4B28-9C15-CCB5EA48D6C5} 2012-06-26 08:15:53 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-25 23:46:52 -------- d-----w- C:\Users\Kristine\AppData\Local\{FBFF6E14-ACF7-450C-8898-41AE0387FC82} 2012-06-25 23:46:41 -------- d-----w- C:\Users\Kristine\AppData\Local\{F81F8EAA-4FA0-4713-9BF7-1BA1711D7385} 2012-06-25 23:46:40 -------- d-----w- C:\Users\Kristine\AppData\Local\{8E016B8E-E610-4933-BBC9-224E36E1B24A} 2012-06-25 20:02:41 -------- d-----w- C:\Program Files (x86)\Cisco 2012-06-25 20:02:04 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe 2012-06-25 20:02:04 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver 2012-06-25 17:13:39 -------- d-----w- C:\Users\Kristine\AppData\Local\Downloaded Installations 2012-06-24 02:07:28 -------- d-----w- C:\Users\Kristine\AppData\Roaming\IPSecureLogs 2012-06-24 01:27:24 -------- d-----w- C:\Users\Kristine\AppData\Local\MetaGeek,_LLC 2012-06-23 18:47:27 -------- d-----w- C:\Users\Kristine\AppData\Roaming\Malwarebytes 2012-06-23 18:47:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-23 18:47:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-23 18:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-21 10:44:33 -------- d-----w- C:\performance monitor report 061912_files 2012-06-19 02:42:00 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP 2012-06-19 02:07:04 -------- d-----w- C:\N360_BACKUP 2012-06-18 22:32:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-18 22:32:24 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-18 22:31:56 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-18 22:31:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 21:07:36 -------- d-----w- C:\Users\Kristine\AppData\Local\doubleTwist Corporation 2012-06-17 18:30:33 -------- d-----w- C:\Users\Kristine\Tracing 2012-06-14 19:52:21 -------- d-----w- C:\Windows\en 2012-06-14 19:43:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-06-14 19:43:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-06-14 19:43:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-06-14 19:43:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-06-14 19:42:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DSETUP.dll 2012-06-14 19:42:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DXSETUP.exe 2012-06-14 19:42:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\dsetup32.dll 2012-06-14 19:40:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DXSETUP.exe 2012-06-14 19:40:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\dsetup32.dll 2012-06-14 19:40:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DSETUP.dll 2012-06-14 19:38:25 -------- d-----w- C:\Users\Kristine\AppData\Local\Windows Live 2012-06-13 16:40:19 -------- d-----w- C:\Users\Kristine\AbiSuite 2012-06-13 04:37:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 04:37:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 04:37:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 04:37:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-13 04:37:01 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 04:36:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 04:36:06 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 04:30:16 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 04:29:48 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-13 04:29:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-13 04:29:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 04:29:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 04:29:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 04:25:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 04:25:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 04:25:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 04:25:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 04:25:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-07-05 04:49:20 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-29 17:01:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 17:01:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-13 04:28:21 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-13 04:28:21 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-13 04:28:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-13 04:28:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-13 04:28:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-13 04:28:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-13 04:28:21 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-13 04:28:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-08 14:57:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-05-10 06:09:32 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-10 06:09:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-10 05:54:43 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-10 05:54:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys . ============= FINISH: 14:38:36.52 =============== GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-09 15:30:33 Windows 6.1.7601 Service Pack 1 Running: fglr50y9.exe ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Kristine\AppData\Roaming\Microsoft\Windows\Start Menu\7-Day Forecast for Latitude 38.72\xb0N and Longitude 77.8\xb0W.website 1 ---- EOF - GMER 1.0.15 ---- Attachzip.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.