Jump to content

OldWolf99

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have run into a nasty trojan on my daughters laptop that neither AVG nor Malwarebytes has been able to catch or remove. I started a thread in another area and received an e-mail to post this information here in hopes someone could assist. Per the instructions here are the contents of the files created by dds.scr Attach.txt DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 12/24/2012 9:02:08 AMSystem Uptime: 3/9/2014 5:35:10 PM (0 hours ago).Motherboard: Acer | | Havok Processor: AMD A8-4555M APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 418 GiB total, 359.586 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Bluetooth USB ModuleDevice ID: USB\VID_0489&PID_E04E\5&1730C275&0&3Manufacturer: Qualcomm Atheros CommunicationsName: Bluetooth USB ModulePNP Device ID: USB\VID_0489&PID_E04E\5&1730C275&0&3Service: BTHUSB.==== System Restore Points ===================.RP64: 2/20/2014 11:03:01 PM - Windows UpdateRP65: 3/3/2014 5:25:14 PM - Scheduled CheckpointRP66: 3/8/2014 10:46:26 PM - Installed AVG 2014.==== Installed Programs ======================. clear.fi SDK- Movie 2 clear.fi SDK - Video 2Acer Backup ManagerAcer Device Fast-laneAcer Instant Update ServiceAcer Power ManagementAcer Recovery ManagementAcerCloudAcerCloud DocsAgatha Christie - Death on the NileAlcor Micro USB Card ReaderAloha TriPeaksAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Quick StreamAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAVG 2014AVG SafeGuard toolbarBackup Manager v4Bejeweled 3BonjourCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help Turkishclear.fi Mediaclear.fi PhotoCompatibility Pack for the 2007 Office systemConexant HD AudioCradle Of Egypt Collector's EditionCyberLink MediaEspresso 6.5Delicious: Emily's True Love Premium EditionDora's World AdventureETDWare PS/2-X64 11.6.4.001_WHQLFile Association HelperFinal Drive: NitroGoogle ChromeGoogle Update HelperiCloudIdentity CardiTunesJewel Match 3Launch ManagerLive UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Office Standard Edition 2003Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2005 Tools for Office RuntimeMusictubeMystery P.I. - Curious Case of Counterfeit CoveMyWinLockerMyWinLocker 4MyWinLocker SuiteNTI Media Maker 9PC PerformerPDFViewerPeggle NightsPenguins!Plants vs. Zombies - Game of the YearPolar BowlerPolar GolferQualcomm Atheros Bluetooth Suite (64)Qualcomm Atheros WiFi Driver InstallationQuickTimeShared C Run-time for x64ShredderTales of LagoonaUpdate Installer for WildTangent Games AppVirtual FamiliesVisual Studio 2005 Tools for Office Second Edition RuntimeVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)WildTangent GamesWildTangent Games AppZuma's Revenge.==== Event Viewer Messages From Past Week ========.3/9/2014 5:36:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.3/9/2014 1:51:58 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).3/9/2014 1:45:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.3/9/2014 1:45:51 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/8/2014 9:46:58 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.3/8/2014 10:51:24 PM, Error: Service Control Manager [7024] - 3/6/2014 5:14:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.3/6/2014 5:13:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.3/6/2014 5:13:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.3/6/2014 5:12:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.3/6/2014 5:11:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.3/6/2014 5:11:26 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/6/2014 5:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.3/6/2014 5:10:14 PM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/6/2014 5:09:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service..==== End Of File =========================== dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16798Run by Elisabeth at 17:39:12 on 2014-03-09Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3530.2362 [GMT -4:00].AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\dwm.exeC:\Windows\system32\WLANExt.exeC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\Rundll32.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskhostex.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exeC:\Windows\system32\CxAudMsg64.exeC:\Program Files (x86)\Launch Manager\dsiwmis.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Launch Manager\LMutilps32.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files (x86)\Launch Manager\LManager.exeC:\Windows\RfBtnSvc64.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exeC:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\AVG\AVG2014\avgnsa.exeC:\Program Files\Acer\Acer Power Management\ePowerTray.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Windows\system32\msiexec.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Acer\Acer Power Management\ePowerSvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Acer\Acer Power Management\ePowerEvent.exeC:\Program Files\Elantech\ETDCtrl.exec:\Program Files (x86)\Bluetooth Suite\BtTray.exec:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dllBHO: Video Player: {9642bf75-6b95-4a34-af97-6e4989572a1b} - TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dlluRun: [ROC_ROC_APR2013_AV] C:\Users\Elisabeth\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 33f3459043ee47d09dd5d9d747c48342-4e0d0773349f54e8404c177c2165db6438dadae9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [AVG-Secure-Search-Update_0913a] C:\Users\Elisabeth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 33f3459043ee47d09dd5d9d747c48342-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913auRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Elisabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRunmRun: [bakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -hmRun: [LManager] <no file>dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}mPolicies-System: DisableCAD = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.254.254TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010} : DHCPNameServer = 192.168.254.254TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\24F49535D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\34253434 : DHCPNameServer = 192.168.0.1TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\6413530364F62746 : DHCPNameServer = 192.168.254.254 192.168.254.254TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\93536413530364F62746 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\D43584F6D656 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\D456273656465637 : DHCPNameServer = 192.168.2.1 192.168.2.1TCP: Interfaces\{C2408AB8-4196-45D4-9A23-96C9434AC4BD} : DHCPNameServer = 10.54.120.10Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exex64-mPolicies-System: DisableCAD = dword:1x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-11-25 196376]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-25 150808]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 243480]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-11-1 212280]R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-8-10 22648]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-8-10 20520]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-8-10 62776]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-14 239616]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-4 199008]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-7-31 207488]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-7-27 2415760]R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-9-4 201376]R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-24 348784]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-24 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-24 701512]R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-9-4 93296]R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768]R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-9-4 81536]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-14 98472]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-9-4 33944]R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-8-1 659600]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-8-14 315280]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-4 103936]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-12-24 25928]R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-9-4 26736]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-4 57000]S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2012-7-25 51712]S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-9-4 88728]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-9-4 344216]S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-9-4 114840]S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-9-4 178840]S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-9-4 76952]S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-9-4 135832]S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-9-4 574616]S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-7-30 466064]S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-7-30 259136]S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2012-9-4 9728]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2014-03-09 18:57:05 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-03-09 18:56:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-03-09 04:14:23 -------- d-----w- C:\Program Files (x86)\PC Performer2014-03-09 03:53:39 -------- d-----w- C:\Users\Elisabeth\AppData\Roaming\AVG20142014-03-09 03:47:22 -------- d-----w- C:\ProgramData\AVG20142014-03-09 03:43:13 -------- d-----w- C:\Users\Elisabeth\AppData\Local\Avg20142014-03-02 15:25:22 -------- d-----w- C:\ProgramData\AVG Secure Search2014-02-28 20:33:09 -------- d-----w- C:\Program Files (x86)\MediaViewV12014-02-25 22:58:03 -------- d-----w- C:\Program Files (x86)\MediaViewerV12014-02-17 01:11:45 1845248 ----a-w- C:\Windows\System32\msxml3.dll2014-02-17 01:11:44 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll2014-02-17 01:11:30 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys2014-02-17 01:11:27 600064 ----a-w- C:\Windows\System32\vbscript.dll2014-02-17 01:11:27 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-17 01:10:31 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys2014-02-17 01:08:39 3960320 ----a-w- C:\Windows\System32\jscript9.dll2014-02-17 01:08:38 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-17 01:08:22 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2014-02-17 01:08:16 583680 ----a-w- C:\Windows\System32\msdrm.dll2014-02-17 01:08:15 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll2014-02-17 01:07:25 3842560 ----a-w- C:\Windows\System32\d2d1.dll2014-02-17 01:07:24 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll2014-02-17 01:07:23 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll2014-02-17 01:07:22 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll.==================== Find3M ====================.2014-03-02 15:24:33 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2014-02-17 22:03:37 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-17 22:03:37 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll2014-02-01 09:19:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll2014-02-01 09:19:36 53760 ----a-w- C:\Windows\System32\UXInit.dll2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-01 07:58:24 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-01 05:08:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll.============= FINISH: 17:40:49.50 ===============
  2. I have run into a machine infected by jcp.drivermapping.net . From what I have found it can only be removed prior to the OS booting. I have the most updated AVG 2014 and Malwarebytes and neither has been able to find or remove this trojan. Does anyone have any suggestions?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.