possible infection

[kristine350]

Hi there. Another product found htcupctupdate.exe to be a backdoor trojan a few weeks ago. I've been researching ever since and have decided it must be a false positive. AT the time I was having internet connectivity problems, but not any more. Currently my symptoms are only printers appearing and disappearing from the print menu, and denied access to "add printer". But that was probably a result of changing printer names, but I can't fix it. Can you please look at my DDS and my gmer? ( If you see combofix, please know that I did not run it. ) Thank you!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Kristine at 14:37:12 on 2012-07-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1536 [GMT -4:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\dllhost.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\System32\snmp.exe

C:\Windows\System32\snmptrap.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=60kjish9gbjtv

uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW

mStart Page = www.google.com

mWinlogon: Userinit=userinit.exe

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [EPSON64A0E3 (Epson Stylus NX620) (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S9EBE.tmp" /EF "HKCU"

uRun: [Do not use (Epson nx620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Users\Kristine\AppData\Local\Temp\E_SC685.tmp" /EF "HKCU"

uRun: [EPSON64A0E3 (Epson Stylus NX620)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SF081.tmp" /EF "HKCU"

uRun: [Epson Stylus NX620(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SCDE5.tmp" /EF "HKCU"

uRun: [Epson Printer on Pelino Network] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_S62E1.tmp" /EF "HKCU"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe

dRun: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m

StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kristine\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Kristine\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

uPolicies-explorer: NoExpandedNewMenu = 0 (0x0)

uPolicies-explorer: MaxRecentDocs = 43 (0x2b)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: NoStrCmpLogical = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{EDE5A8A5-2BF2-41F0-BFBA-EA31F0CC20A0} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\coIEPlg.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "c:\program files (x86)\quicktime\qttask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [EEventManager] c:\program files (x86)\epson software\event manager\eeventmanager.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]

R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys --> C:\Windows\system32\drivers\MCLIENTx64\0201020.00D\ccSetx64.sys [?]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120705.001\IDSviA64.sys [2012-7-6 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0602010.005\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-23 321104]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-10-20 868896]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-12 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-12 128512]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408]

R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\ccSvcHst.exe [2012-6-8 138232]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-5-28 138232]

R2 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-23 243232]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-19 136176]

.

=============== Created Last 30 ================

.

2012-07-08 17:57:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9BF74C6C-7B92-466E-B67A-E27618DCF618}\mpengine.dll

2012-07-08 03:45:50 -------- d-----w- C:\ACE Event Logs

2012-07-07 20:35:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD867E3F-E0E9-49C9-BAF5-0698BA03EA34}\gapaengine.dll

2012-07-07 20:35:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-06 07:48:02 1298 ----a-w- C:\FixitRegBackup.reg

2012-07-06 05:13:56 -------- d-----w- C:\Users\Kristine\AppData\Roaming\FixIt

2012-07-05 18:06:41 -------- d-----w- C:\Program Files\iPod

2012-07-05 18:06:40 -------- d-----w- C:\Program Files\iTunes

2012-07-05 18:06:40 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-05 17:45:16 -------- d-----w- C:\Windows\SysWow64\Adobe

2012-07-05 17:35:32 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-05 04:50:36 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-01 21:40:15 -------- d-----w- C:\Windows\pss

2012-07-01 19:15:16 -------- d-----w- C:\ae1ba45e8f74d9428dd7c3c8c1f226

2012-07-01 05:48:24 -------- d-----w- C:\Users\Kristine\AppData\Local\Help

2012-07-01 05:45:52 -------- d-----w- C:\Program Files\Windows Journal

2012-07-01 04:42:01 -------- d-----w- C:\Users\Kristine\AppData\Local\Cyberlink

2012-06-29 12:46:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-06-29 12:46:29 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-06-29 12:27:15 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{37F2EE55-2673-4A46-A6CB-4DC7FFCAB88C}\mpengine.dll

2012-06-27 16:49:45 -------- d-----w- C:\Users\Kristine\AppData\Local\{AAE03B66-4EFA-480F-BE50-A14B565861B8}

2012-06-27 16:49:34 -------- d-----w- C:\Users\Kristine\AppData\Local\{DAF0381D-387B-4F64-8311-20AF6826639D}

2012-06-27 16:20:36 -------- d-----w- C:\Users\Kristine\AppData\Local\{D0EA47EC-2611-4E56-BDD6-A9F6A306A1AF}

2012-06-27 03:53:00 -------- d-----w- C:\Users\Kristine\AppData\Local\{4FEA9AFD-FB22-4B28-9C15-CCB5EA48D6C5}

2012-06-26 08:15:53 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-06-25 23:46:52 -------- d-----w- C:\Users\Kristine\AppData\Local\{FBFF6E14-ACF7-450C-8898-41AE0387FC82}

2012-06-25 23:46:41 -------- d-----w- C:\Users\Kristine\AppData\Local\{F81F8EAA-4FA0-4713-9BF7-1BA1711D7385}

2012-06-25 23:46:40 -------- d-----w- C:\Users\Kristine\AppData\Local\{8E016B8E-E610-4933-BBC9-224E36E1B24A}

2012-06-25 20:02:41 -------- d-----w- C:\Program Files (x86)\Cisco

2012-06-25 20:02:04 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe

2012-06-25 20:02:04 -------- d-----w- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver

2012-06-25 17:13:39 -------- d-----w- C:\Users\Kristine\AppData\Local\Downloaded Installations

2012-06-24 02:07:28 -------- d-----w- C:\Users\Kristine\AppData\Roaming\IPSecureLogs

2012-06-24 01:27:24 -------- d-----w- C:\Users\Kristine\AppData\Local\MetaGeek,_LLC

2012-06-23 18:47:27 -------- d-----w- C:\Users\Kristine\AppData\Roaming\Malwarebytes

2012-06-23 18:47:16 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-23 18:47:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-23 18:47:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-21 10:44:33 -------- d-----w- C:\performance monitor report 061912_files

2012-06-19 02:42:00 -------- d-----w- C:\Windows\SysWow64\N360_BACKUP

2012-06-19 02:07:04 -------- d-----w- C:\N360_BACKUP

2012-06-18 22:32:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-18 22:32:24 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-18 22:31:56 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-18 22:31:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 21:07:36 -------- d-----w- C:\Users\Kristine\AppData\Local\doubleTwist Corporation

2012-06-17 18:30:33 -------- d-----w- C:\Users\Kristine\Tracing

2012-06-14 19:52:21 -------- d-----w- C:\Windows\en

2012-06-14 19:43:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-06-14 19:43:01 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-06-14 19:43:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-06-14 19:43:01 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-06-14 19:42:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DSETUP.dll

2012-06-14 19:42:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\DXSETUP.exe

2012-06-14 19:42:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e03cbe121cd4a6507\dsetup32.dll

2012-06-14 19:40:51 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DXSETUP.exe

2012-06-14 19:40:51 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\dsetup32.dll

2012-06-14 19:40:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\99ba18b61cd4a6506\DSETUP.dll

2012-06-14 19:38:25 -------- d-----w- C:\Users\Kristine\AppData\Local\Windows Live

2012-06-13 16:40:19 -------- d-----w- C:\Users\Kristine\AbiSuite

2012-06-13 04:37:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-13 04:37:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-13 04:37:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-13 04:37:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-13 04:37:01 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-13 04:36:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-13 04:36:06 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 04:30:16 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-13 04:29:48 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-13 04:29:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-13 04:29:13 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-13 04:29:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-13 04:29:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-13 04:25:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-13 04:25:58 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-13 04:25:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-13 04:25:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-13 04:25:58 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-13 04:25:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-07-05 04:49:20 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-29 17:01:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 17:01:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-13 04:28:21 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-13 04:28:21 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-13 04:28:21 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-13 04:28:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-13 04:28:21 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-13 04:28:21 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-13 04:28:21 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-13 04:28:21 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-13 04:28:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-08 14:57:34 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-05-10 06:09:32 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 06:09:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 05:54:43 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 05:54:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-04-11 15:40:28 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys

.

============= FINISH: 14:38:36.52 ===============

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-07-09 15:30:33

Windows 6.1.7601 Service Pack 1

Running: fglr50y9.exe

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Kristine\AppData\Roaming\Microsoft\Windows\Start Menu\7-Day Forecast for Latitude 38.72\xb0N and Longitude 77.8\xb0W.website 1

---- EOF - GMER 1.0.15 ----

[screen317]

I don't see any infections here.

I notice that you are using more than one antivirus program in resident mode (Norton and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

I suggest posting in our PC Help forum instead, regarding your printer issue.

[kristine350]

Thanks very much.

I discovered a while back when I started having problems that having more than one antivirus is not advisable so I uninstalled MSE. Then I started getting multiple errors and my internal state was going haywire and throwing fatal alerts and my PC health dropped to 2. Then I found that MSE was not successfully uninstalled. Then I had Mr Fix It from microsoft uninstall anything that was left behind. That didn't work... so I used App Remover and it found nothing. So I reinstalled MSE and disabled it. The errors seemed to reduce in frequency. I was worried that it was malware causing my problems. Glad to hear that it is not.

Next stop is PC Help! Thanks again for taking a look. Have a great day!

[screen317]

You may have better luck using Revo Uninstaller to fully remove it. I suspect Norton or something else may be hindering its removal.

If you have the means, formatting your hard drive and starting over (after backing up your data) is another option.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[kristine350]

Hi! I'm so sorry, I would have closed the topic but I can't see how to do it. Yes, I am finished here and thank you for your help!!!

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!