Jump to content

Recommended Posts

Hi there. Another product found htcupctupdate.exe to be a backdoor trojan a few weeks ago. I've been researching ever since and have decided it must be a false positive. AT the time I was having internet connectivity problems, but not any more. Currently my symptoms are only printers appearing and disappearing from the print menu, and denied access to "add printer". But that was probably a result of changing printer names, but I can't fix it. Can you please look at my DDS and my gmer? ( If you see combofix, please know that I did not run it. ) Thank you!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Kristine at 14:37:12 on 2012-07-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1536 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\dllhost.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\System32\snmp.exe

C:\Windows\System32\snmptrap.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=60kjish9gbjtv

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = www.google.com

mWinlogon: Userinit=userinit.exe

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [EPSON64A0E3 (Epson Stylus NX620) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9EBE.tmp" /EF "HKCU"

uRun: [Do not use (Epson nx620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Kristine\AppData\Local\Temp\E_SC685.tmp" /EF "HKCU"

uRun: [EPSON64A0E3 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SF081.tmp" /EF "HKCU"

uRun: [Epson Stylus NX620(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SCDE5.tmp" /EF "HKCU"

uRun: [Epson Printer on Pelino Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S62E1.tmp" /EF "HKCU"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe

dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m

StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-explorer: NoExpandedNewMenu = 0 (0x0)

uPolicies-explorer: MaxRecentDocs = 43 (0x2b)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoStrCmpLogical = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{EDE5A8A5-2BF2-41F0-BFBA-EA31F0CC20A0} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]

R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-20 868896]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-12 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-12 128512]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408]

R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-6-8 138232]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-28 138232]

R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

.

=============== Created Last 30 ================

.

2012-07-08 17:57:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF74C6C-7B92-466E-B67A-E27618DCF618}\mpengine.dll

2012-07-08 03:45:50 -------- d-----w- C:\ACE Event Logs

2012-07-07 20:35:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD867E3F-E0E9-49C9-BAF5-0698BA03EA34}\gapaengine.dll

2012-07-07 20:35:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-06 07:48:02 1298 ----a-w- C:\FixitRegBackup.reg

2012-07-06 05:13:56 -------- d-----w- C:\Users\Kristine\AppData\Roaming\FixIt

2012-07-05 18:06:41 -------- d-----w- C:\Program Files\iPod

2012-07-05 18:06:40 -------- d-----w- C:\Program Files\iTunes

2012-07-05 18:06:40 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-05 17:45:16 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-07-05 17:35:32 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-05 04:50:36 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-01 21:40:15 -------- d-----w- C:\Windows\pss

2012-07-01 19:15:16 -------- d-----w- C:\ae1ba45e8f74d9428dd7c3c8c1f226

2012-07-01 05:48:24 -------- d-----w- C:\Users\Kristine\AppData\Local\Help

2012-07-01 05:45:52 -------- d-----w- C:\Program Files\Windows Journal

2012-07-01 04:42:01 -------- d-----w- C:\Users\Kristine\AppData\Local\Cyberlink

2012-06-29 12:46:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-06-29 12:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-06-29 12:27:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F2EE55-2673-4A46-A6CB-4DC7FFCAB88C}\mpengine.dll

2012-06-27 16:49:45 -------- d-----w- C:\Users\Kristine\AppData\Local\{AAE03B66-4EFA-480F-BE50-A14B565861B8}

2012-06-27 16:49:34 -------- d-----w- C:\Users\Kristine\AppData\Local\{DAF0381D-387B-4F64-8311-20AF6826639D}

2012-06-27 16:20:36 -------- d-----w- C:\Users\Kristine\AppData\Local\{D0EA47EC-2611-4E56-BDD6-A9F6A306A1AF}

2012-06-27 03:53:00 -------- d-----w- C:\Users\Kristine\AppData\Local\{4FEA9AFD-FB22-4B28-9C15-CCB5EA48D6C5}

2012-06-26 08:15:53 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-06-25 23:46:52 -------- d-----w- C:\Users\Kristine\AppData\Local\{FBFF6E14-ACF7-450C-8898-41AE0387FC82}

2012-06-25 23:46:41 -------- d-----w- C:\Users\Kristine\AppData\Local\{F81F8EAA-4FA0-4713-9BF7-1BA1711D7385}

2012-06-25 23:46:40 -------- d-----w- C:\Users\Kristine\AppData\Local\{8E016B8E-E610-4933-BBC9-224E36E1B24A}

2012-06-25 20:02:41 -------- d-----w- C:\Program Files (x86)\Cisco

2012-06-25 20:02:04 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe

2012-06-25 20:02:04 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver

2012-06-25 17:13:39 -------- d-----w- C:\Users\Kristine\AppData\Local\Downloaded Installations

2012-06-24 02:07:28 -------- d-----w- C:\Users\Kristine\AppData\Roaming\IPSecureLogs

2012-06-24 01:27:24 -------- d-----w- C:\Users\Kristine\AppData\Local\MetaGeek,_LLC

2012-06-23 18:47:27 -------- d-----w- C:\Users\Kristine\AppData\Roaming\Malwarebytes

2012-06-23 18:47:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-23 18:47:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-23 18:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-21 10:44:33 -------- d-----w- C:\performance monitor report 061912_files

2012-06-19 02:42:00 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP

2012-06-19 02:07:04 -------- d-----w- C:\N360_BACKUP

2012-06-18 22:32:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-18 22:32:24 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-18 22:31:56 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-18 22:31:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 21:07:36 -------- d-----w- C:\Users\Kristine\AppData\Local\doubleTwist Corporation

2012-06-17 18:30:33 -------- d-----w- C:\Users\Kristine\Tracing

2012-06-14 19:52:21 -------- d-----w- C:\Windows\en

2012-06-14 19:43:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-06-14 19:43:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-06-14 19:43:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-06-14 19:43:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-06-14 19:42:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DSETUP.dll

2012-06-14 19:42:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DXSETUP.exe

2012-06-14 19:42:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\dsetup32.dll

2012-06-14 19:40:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DXSETUP.exe

2012-06-14 19:40:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\dsetup32.dll

2012-06-14 19:40:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DSETUP.dll

2012-06-14 19:38:25 -------- d-----w- C:\Users\Kristine\AppData\Local\Windows Live

2012-06-13 16:40:19 -------- d-----w- C:\Users\Kristine\AbiSuite

2012-06-13 04:37:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 04:37:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 04:37:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 04:37:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-13 04:37:01 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 04:36:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 04:36:06 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 04:30:16 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-13 04:29:48 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-13 04:29:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-13 04:29:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-13 04:29:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-13 04:29:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-13 04:25:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 04:25:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 04:25:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 04:25:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 04:25:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 04:25:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-07-05 04:49:20 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-29 17:01:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 17:01:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-13 04:28:21 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-13 04:28:21 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-13 04:28:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-13 04:28:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-13 04:28:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-13 04:28:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-13 04:28:21 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-13 04:28:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-08 14:57:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-05-10 06:09:32 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 06:09:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 05:54:43 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 05:54:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys

.

============= FINISH: 14:38:36.52 ===============

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-07-09 15:30:33

Windows 6.1.7601 Service Pack 1

Running: fglr50y9.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Kristine\AppData\Roaming\Microsoft\Windows\Start Menu\7-Day Forecast for Latitude 38.72\xb0N and Longitude 77.8\xb0W.website 1

---- EOF - GMER 1.0.15 ----

Attachzip.txt

Link to post
Share on other sites

:welcome:

It sounds as if you might be infected.

We cannot work on malware removal in this section of the forums, so please read below for assistance with cleaning your system.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making it hard to recover your system.

PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.

OPTION 2: For paid users of MBAM PRO, free, one-on-one, expert assistance from MBAM support.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  • If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.

  • Then please start a new post in the Malware Removal Forum.
  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.

  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

OPTION 2:

Alternatively, as a paying customer, you can contact the help desk by filling out the form here.

OPTION 3:

If you would like to use the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to our Premium Support site here.

Please be patient – someone will assist you as soon as possible.

PS Please use theoeXUf.png button or the XA9Ey.png message pane (instead of the “Quote” and “MultiQuote” buttons) when replying here & at the other forums. That will make your topic easier to follow. :)

Link to post
Share on other sites

Hello and welcome to Malwarebytes

Right off the bat, I can see you have two antivirus programs installed. This could cause conflicts and computer lockups. I see MSE is disabled but still its not recommended to run more than one at a time. You should remove one of them.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.