Jump to content

Recommended Posts

I have run into a nasty trojan on my daughters laptop that neither AVG nor Malwarebytes has been able to catch or remove.  I started a thread in another area and received an e-mail to post this information here in hopes someone could assist.  Per the instructions here are the contents of the files created by dds.scr

 

Attach.txt

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/24/2012 9:02:08 AM
System Uptime: 3/9/2014 5:35:10 PM (0 hours ago)
.
Motherboard: Acer |  | Havok  
Processor: AMD A8-4555M APU with Radeon HD Graphics    | Socket FT1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 418 GiB total, 359.586 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Bluetooth USB Module
Device ID: USB\VID_0489&PID_E04E\5&1730C275&0&3
Manufacturer: Qualcomm Atheros Communications
Name: Bluetooth USB Module
PNP Device ID: USB\VID_0489&PID_E04E\5&1730C275&0&3
Service: BTHUSB
.
==== System Restore Points ===================
.
RP64: 2/20/2014 11:03:01 PM - Windows Update
RP65: 3/3/2014 5:25:14 PM - Scheduled Checkpoint
RP66: 3/8/2014 10:46:26 PM - Installed AVG 2014
.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - Video 2
Acer Backup Manager
Acer Device Fast-lane
Acer Instant Update Service
Acer Power Management
Acer Recovery Management
AcerCloud
AcerCloud Docs
Agatha Christie - Death on the Nile
Alcor Micro USB Card Reader
Aloha TriPeaks
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AVG 2014
AVG SafeGuard toolbar
Backup Manager v4
Bejeweled 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
clear.fi Media
clear.fi Photo
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cradle Of Egypt Collector's Edition
CyberLink MediaEspresso 6.5
Delicious: Emily's True Love Premium Edition
Dora's World Adventure
ETDWare PS/2-X64 11.6.4.001_WHQL
File Association Helper
Final Drive: Nitro
Google Chrome
Google Update Helper
iCloud
Identity Card
iTunes
Jewel Match 3
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Musictube
Mystery P.I. - Curious Case of Counterfeit Cove
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
NTI Media Maker 9
PC Performer
PDFViewer
Peggle Nights
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros WiFi Driver Installation
QuickTime
Shared C Run-time for x64
Shredder
Tales of Lagoona
Update Installer for WildTangent Games App
Virtual Families
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WildTangent Games
WildTangent Games App
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 5:36:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
3/9/2014 1:51:58 PM, Error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
3/9/2014 1:45:51 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
3/9/2014 1:45:51 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/8/2014 9:46:58 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
3/8/2014 10:51:24 PM, Error: Service Control Manager [7024]  - 
3/6/2014 5:14:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
3/6/2014 5:13:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
3/6/2014 5:13:13 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
3/6/2014 5:12:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
3/6/2014 5:11:26 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/6/2014 5:11:26 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/6/2014 5:10:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
3/6/2014 5:10:14 PM, Error: Service Control Manager [7000]  - The Group Policy Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/6/2014 5:09:44 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
.
==== End Of File ===========================
 
dds.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798
Run by Elisabeth at 17:39:12 on 2014-03-09
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3530.2362 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\RfBtnSvc64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files\Elantech\ETDCtrl.exe
c:\Program Files (x86)\Bluetooth Suite\BtTray.exe
c:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll
BHO: Video Player: {9642bf75-6b95-4a34-af97-6e4989572a1b} - 
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll
uRun: [ROC_ROC_APR2013_AV] C:\Users\Elisabeth\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 33f3459043ee47d09dd5d9d747c48342-4e0d0773349f54e8404c177c2165db6438dadae9 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Elisabeth\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 33f3459043ee47d09dd5d9d747c48342-06ce4fc639803a2e3563922518183d8e94088cb9 --CMPID 0913a
uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Elisabeth\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [bakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h
mRun: [LManager] <no file>
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-System: DisableCAD = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\24F49535D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\34253434 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\6413530364F62746 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\93536413530364F62746 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\D43584F6D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{787BA295-3F3E-4CB3-8FE7-9F2655985010}\D456273656465637 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C2408AB8-4196-45D4-9A23-96C9434AC4BD} : DHCPNameServer = 10.54.120.10
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\Drivers\avgdiska.sys [2013-11-25 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-11-1 212280]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-10-21 252728]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-8-10 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-8-10 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-8-10 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-14 239616]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-4 199008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-7-31 207488]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-7-27 2415760]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-9-4 201376]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-24 348784]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-24 701512]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-9-4 93296]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-2 1759768]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-9-4 81536]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-14 98472]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-9-4 33944]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-8-1 659600]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-8-14 315280]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-9-4 103936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2012-12-24 25928]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-9-4 26736]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-4 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2012-7-25 51712]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-9-4 88728]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-9-4 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-9-4 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-9-4 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-9-4 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-9-4 135832]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-9-4 574616]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-7-30 466064]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-7-30 259136]
S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2012-9-4 9728]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-03-09 18:57:05 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-09 18:56:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-09 04:14:23 -------- d-----w- C:\Program Files (x86)\PC Performer
2014-03-09 03:53:39 -------- d-----w- C:\Users\Elisabeth\AppData\Roaming\AVG2014
2014-03-09 03:47:22 -------- d-----w- C:\ProgramData\AVG2014
2014-03-09 03:43:13 -------- d-----w- C:\Users\Elisabeth\AppData\Local\Avg2014
2014-03-02 15:25:22 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-02-28 20:33:09 -------- d-----w- C:\Program Files (x86)\MediaViewV1
2014-02-25 22:58:03 -------- d-----w- C:\Program Files (x86)\MediaViewerV1
2014-02-17 01:11:45 1845248 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-17 01:11:44 1419264 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-17 01:11:30 2232664 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-02-17 01:11:27 600064 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-17 01:11:27 523776 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-17 01:10:31 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-02-17 01:08:39 3960320 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-17 01:08:38 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-17 01:08:22 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-02-17 01:08:16 583680 ----a-w- C:\Windows\System32\msdrm.dll
2014-02-17 01:08:15 451072 ----a-w- C:\Windows\SysWow64\msdrm.dll
2014-02-17 01:07:25 3842560 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-17 01:07:24 2238976 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-17 01:07:23 3288576 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-17 01:07:22 2032640 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
==================== Find3M  ====================
.
2014-03-02 15:24:33 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-02-17 22:03:37 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03:37 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-01 09:19:49 2241536 ----a-w- C:\Windows\System32\wininet.dll
2014-02-01 09:19:36 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-02-01 09:19:36 53760 ----a-w- C:\Windows\System32\UXInit.dll
2014-02-01 09:18:21 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2014-02-01 07:57:16 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
.
============= FINISH: 17:40:49.50 ===============
 

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.