Hyuhgr4

Previous post with http://forums.malwarebytes.org/index.php?showtopic=113398 With tempted help by Maniac; was asked to repost. I have the Trojan still, and it created other infections because I noticed there are more duplicates of my Documents and etc. I really I hope I can get rid of this trojan, it's growing progressively! D: I had an CCleaner before I had made the first post, which was yesterday. I hope that doesn't cause conflict. I didn't know until now, that I was supposed to wait to run things. Anyway, here are the DDS LOGS. Hyuhgr4 "Sometimes all you can do is Dream." . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Brittany Forrester at 21:51:31 on 2012-07-31 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.241 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files (x86)\ooVoo\ooVoo.exe C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com/?ilc=8 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Google Update] "C:\Users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\Brittany Forrester\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\Users\BRITTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{974C78B8-9200-49D0-BB9D-3DBF8DA9BECC} : DhcpNameServer = 192.168.72.2 TCP: Interfaces\{A4D03D01-51FC-4107-A087-D64A10F2A236} : DhcpNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\Firefox\Profiles\p5nt0x6x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p= FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-25 98208] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-23 44808] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-25 13336] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-25 1817088] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 654408] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-25 2656280] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-15 86224] S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-15 110032] S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-15 465360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248] S3 DMBdtv;DTMB DTV USB Tuner;C:\Windows\system32\Drivers\DMBdtv.sys --> C:\Windows\system32\Drivers\DMBdtv.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 118256] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-01 00:14:44 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6EFBE0-BC4D-468F-A70F-1386A8D4771E}\mpengine.dll 2012-07-30 21:10:27 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-30 20:25:49 -------- d-----w- C:\Program Files\CCleaner 2012-07-30 20:11:24 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{600CD41A-DB6F-4C61-A69A-4C92D6B23BE2} 2012-07-30 20:10:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9215DB55-6A2B-4B22-8304-1F355DAE9C6D} 2012-07-30 02:11:06 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\ooVoo Details 2012-07-30 02:06:58 -------- d-----w- C:\Program Files (x86)\ooVoo 2012-07-27 19:51:42 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{F678591A-6CD1-4784-AD3E-AA737311B482} 2012-07-27 19:51:27 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9DBD439B-11D1-4245-AD08-6A2A966CC4B4} 2012-07-27 14:19:27 -------- d-----w- C:\Program Files (x86)\Aurora 2012-07-24 10:58:23 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{090DB5B3-3BB5-4810-BA34-CCF0DF2F5BDB} 2012-07-24 10:58:09 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521BBA3-FBBA-4ABF-B7F2-2E58C6373AAA} 2012-07-23 19:42:17 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Utherverse 2012-07-23 12:52:35 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-23 12:52:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-23 12:52:29 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-23 12:51:39 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-22 18:27:54 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5EBC39FF-AF9C-40E7-9DFD-E0BE783C96B8} 2012-07-22 18:27:43 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{147369CF-C438-4FB7-B42A-DD518830BC40} 2012-07-20 05:18:09 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-19 21:56:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\MusicOasis 2012-07-19 21:22:30 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com 2012-07-19 21:21:26 -------- d-----w- C:\ProgramData\WeCareReminder 2012-07-19 20:16:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{07B935B0-EE2C-4A4A-9F21-00E913BEB6AA} 2012-07-19 20:16:47 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{3F00F6CA-05A2-4953-ACFA-0875769089AC} 2012-07-19 03:24:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Spotify 2012-07-18 18:32:36 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{A8845EA5-CC29-49FD-80F9-A1C6616CE61F} 2012-07-18 18:32:21 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5AB2719C-7D6C-41F7-A97F-F7FB42ACA6F4} 2012-07-16 16:37:22 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5875429C-0850-4BCE-8C08-4041F679692D} 2012-07-16 16:37:10 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{57F27D83-1F95-49FB-89F5-636E8EDF39DC} 2012-07-15 17:31:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{11A817FA-3354-4FD1-A31F-EB5E63295F97} 2012-07-15 00:05:39 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-15 00:05:39 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-14 06:30:44 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc 2012-07-13 22:44:15 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-12 01:34:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple Computer 2012-07-12 01:24:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple 2012-07-11 22:20:22 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-11 19:34:13 98816 ----a-w- C:\Windows\sed.exe 2012-07-11 19:34:13 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-11 19:34:13 256000 ----a-w- C:\Windows\PEV.exe 2012-07-11 19:34:13 208896 ----a-w- C:\Windows\MBR.exe 2012-07-11 19:14:07 -------- d-----w- C:\Windows\en 2012-07-11 19:09:37 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-11 19:03:42 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DSETUP.dll 2012-07-11 19:03:42 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DXSETUP.exe 2012-07-11 19:03:42 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\dsetup32.dll 2012-07-11 19:03:42 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e37fe80a1cd5f9702\MeshBetaRemover.exe 2012-07-11 14:56:05 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8FFC4C1D-E6CB-43A2-8D45-327FEA658040} 2012-07-11 14:55:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{599DD9D5-F0E2-4BB2-8791-50E6AAAAD424} 2012-07-11 06:07:31 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 05:53:52 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-07-10 20:51:45 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{048FE201-C7B6-4515-B247-A1CD5A05CA35} 2012-07-10 20:51:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{1F69E501-391B-4169-ABD1-03FC640596B9} 2012-07-10 10:08:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521C825-8BBD-4112-AF2C-A637036643A2} 2012-07-10 10:08:37 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{690F744B-003C-4821-B1FE-A02BAFDB916E} 2012-07-10 02:11:11 -------- d-----w- C:\ProgramData\KingsIsle Entertainment 2012-07-09 12:56:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{BA35B3E2-10B8-4B5A-9790-83A100AA2A47} 2012-07-09 10:14:46 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{C7CBE44D-C7C2-43DE-AA50-2CD89269C9B6} 2012-07-07 11:35:11 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8B2C2E4B-CB24-4773-8AC8-A264424A3D76} 2012-07-07 11:34:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{759FF0D9-E6EB-43CA-BD38-0A3E1AA80174} 2012-07-07 11:25:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{4E260ABE-20C5-46E3-A847-12BE5F1A2B21} 2012-07-06 15:44:46 -------- d-----w- C:\Windows\pss 2012-07-02 05:31:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8E265123-0560-428A-955E-57815CDC4797} . ==================== Find3M ==================== . 2012-07-27 15:47:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-27 15:47:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-26 16:33:02 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-26 16:33:02 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-06-15 18:17:11 878184 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys 2012-06-08 20:44:08 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-06-01 11:31:56 377768 ----a-w- C:\Windows\System32\vsnp2uvc.dll 2012-06-01 11:31:54 400296 ----a-w- C:\Windows\System32\rsnp2uvc.dll 2012-06-01 11:31:54 1863720 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys 2012-06-01 11:31:52 245672 ----a-w- C:\Windows\System32\csnp2uvc.dll 2012-06-01 11:31:36 311208 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll 2012-06-01 11:31:34 26024 ----a-w- C:\Windows\snuvcdsm.exe 2012-06-01 11:31:24 401832 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-17 13:22:29 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll . ============= FINISH: 21:53:24.55 =============== Attach.txt

I am not sure what Trojan I have. All I know is, is that Malwarebytes picked up on it a day ago and I had quarantined it. It's till quarantined. I searched Google and found that I needed to "Pulicize" my folders, and do I did, and the hidden folders shown that there were so many shortcuts of my "Documents", "Pictures" etc, etc. I'm sure there are tons of Reg Keys with a bunch of trojans I suppose. I really want to get rid of this. I suppose I caught it browsing the web, or that time when my brother downloaded something while looking for a good Music Downloader and got it then. I noticed when I logged on my computer, it shown Screensaver icons on the desktop and said "Freeze.com" I searched about Freeze.com and it mentioned that there was Malware, and stuff, on that site and to stay away. I have a feeling I might have to take my computer back and get a new one, because I have had this problem before, and could NOT get rid of the Trojan virus I had. It's been here for probably a week or so now, and could have created so much more than I realize, and it may be too late. I have ran Malwarebytes and it only picked up on Trojan.Agent, and it was in my Temp files folder. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Brittany Forrester :: KITTY [administrator] Protection: Enabled 7/29/2012 10:28:39 PM mbam-log-2012-07-29 (22-28-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195252 Time elapsed: 8 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Brittany Forrester\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) There is one that was I think: C:\Users\Brittany Forrester\AppData\Local\Temp\IWantThis.exe .exe didn't show in the quarantine list, unless it's still the same thing, and it doesn't need to have the same title. Please help. Thank-you in advance. I love Malwarebytes. TWICE, has this program told me that I had a Trojan, and was on the road to helping me. It even blocks sites that aren't bad or "seem" malicious. I have been using this program for like 2 years and it's my #1Software. When I get some money, I am definitely going to contribute to the acceptor. Attaching HijackThis log. I never finished the scanning, because I am not sure if I should "Analyze" and hit "Fixed checked." I will wait for your reply. -Hyuhgr4 "Sometimes Dreaming is all you can do." hijackthis.log