Trojan.Agent

Hyuhgr4 · July 31, 2012

I am not sure what Trojan I have. All I know is, is that Malwarebytes picked up on it a day ago and I had quarantined it. It's till quarantined. I searched Google and found that I needed to "Pulicize" my folders, and do I did, and the hidden folders shown that there were so many shortcuts of my "Documents", "Pictures" etc, etc.

I'm sure there are tons of Reg Keys with a bunch of trojans I suppose. I really want to get rid of this. I suppose I caught it browsing the web, or that time when my brother downloaded something while looking for a good Music Downloader and got it then. I noticed when I logged on my computer, it shown Screensaver icons on the desktop and said "Freeze.com"

I searched about Freeze.com and it mentioned that there was Malware, and stuff, on that site and to stay away. I have a feeling I might have to take my computer back and get a new one, because I have had this problem before, and could NOT get rid of the Trojan virus I had. It's been here for probably a week or so now, and could have created so much more than I realize, and it may be too late.

I have ran Malwarebytes and it only picked up on Trojan.Agent, and it was in my Temp files folder.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.30.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Brittany Forrester :: KITTY [administrator]

Protection: Enabled

7/29/2012 10:28:39 PM

mbam-log-2012-07-29 (22-28-39).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 195252

Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Brittany Forrester\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

There is one that was I think: C:\Users\Brittany Forrester\AppData\Local\Temp\IWantThis.exe

.exe didn't show in the quarantine list, unless it's still the same thing, and it doesn't need to have the same title.

Please help.

Thank-you in advance.

I love Malwarebytes. TWICE, has this program told me that I had a Trojan, and was on the road to helping me. It even blocks sites that aren't bad or "seem" malicious. I have been using this program for like 2 years and it's my #1Software. When I get some money, I am definitely going to contribute to the acceptor.

Attaching HijackThis log. I never finished the scanning, because I am not sure if I should "Analyze" and hit "Fixed checked."

I will wait for your reply.

-Hyuhgr4

"Sometimes Dreaming is all you can do."

hijackthis.log

Maniac · July 31, 2012

Hello Hyuhgr4 and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions in this thread and post the log files here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Hyuhgr4 · August 1, 2012

Previous post with http://forums.malwarebytes.org/index.php?showtopic=113398

With tempted help by Maniac; was asked to repost. I have the Trojan still, and it created other infections because I noticed there are more duplicates of my Documents and etc. I really I hope I can get rid of this trojan, it's growing progressively! D:

I had an CCleaner before I had made the first post, which was yesterday. I hope that doesn't cause conflict. I didn't know until now, that I was supposed to wait to run things. Anyway, here are the DDS LOGS.

Hyuhgr4

"Sometimes all you can do is Dream."

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Brittany Forrester at 21:51:31 on 2012-07-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.241 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.yahoo.com/?ilc=8

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Google Update] "C:\Users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\Brittany Forrester\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

StartupFolder: C:\Users\BRITTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{974C78B8-9200-49D0-BB9D-3DBF8DA9BECC} : DhcpNameServer = 192.168.72.2

TCP: Interfaces\{A4D03D01-51FC-4107-A087-D64A10F2A236} : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\Firefox\Profiles\p5nt0x6x.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll

FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Brittany Forrester\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-25 98208]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-23 44808]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-25 13336]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-25 1817088]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 654408]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-25 2656280]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-15 86224]

S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-15 110032]

S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-15 465360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 DMBdtv;DTMB DTV USB Tuner;C:\Windows\system32\Drivers\DMBdtv.sys --> C:\Windows\system32\Drivers\DMBdtv.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 118256]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-01 00:14:44 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6EFBE0-BC4D-468F-A70F-1386A8D4771E}\mpengine.dll

2012-07-30 21:10:27 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-30 20:25:49 -------- d-----w- C:\Program Files\CCleaner

2012-07-30 20:11:24 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{600CD41A-DB6F-4C61-A69A-4C92D6B23BE2}

2012-07-30 20:10:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9215DB55-6A2B-4B22-8304-1F355DAE9C6D}

2012-07-30 02:11:06 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\ooVoo Details

2012-07-30 02:06:58 -------- d-----w- C:\Program Files (x86)\ooVoo

2012-07-27 19:51:42 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{F678591A-6CD1-4784-AD3E-AA737311B482}

2012-07-27 19:51:27 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9DBD439B-11D1-4245-AD08-6A2A966CC4B4}

2012-07-27 14:19:27 -------- d-----w- C:\Program Files (x86)\Aurora

2012-07-24 10:58:23 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{090DB5B3-3BB5-4810-BA34-CCF0DF2F5BDB}

2012-07-24 10:58:09 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521BBA3-FBBA-4ABF-B7F2-2E58C6373AAA}

2012-07-23 19:42:17 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Utherverse

2012-07-23 12:52:35 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-23 12:52:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-23 12:52:29 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-23 12:51:39 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-22 18:27:54 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5EBC39FF-AF9C-40E7-9DFD-E0BE783C96B8}

2012-07-22 18:27:43 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{147369CF-C438-4FB7-B42A-DD518830BC40}

2012-07-20 05:18:09 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-19 21:56:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\MusicOasis

2012-07-19 21:22:30 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com

2012-07-19 21:21:26 -------- d-----w- C:\ProgramData\WeCareReminder

2012-07-19 20:16:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{07B935B0-EE2C-4A4A-9F21-00E913BEB6AA}

2012-07-19 20:16:47 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{3F00F6CA-05A2-4953-ACFA-0875769089AC}

2012-07-19 03:24:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Spotify

2012-07-18 18:32:36 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{A8845EA5-CC29-49FD-80F9-A1C6616CE61F}

2012-07-18 18:32:21 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5AB2719C-7D6C-41F7-A97F-F7FB42ACA6F4}

2012-07-16 16:37:22 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5875429C-0850-4BCE-8C08-4041F679692D}

2012-07-16 16:37:10 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{57F27D83-1F95-49FB-89F5-636E8EDF39DC}

2012-07-15 17:31:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{11A817FA-3354-4FD1-A31F-EB5E63295F97}

2012-07-15 00:05:39 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-15 00:05:39 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-14 06:30:44 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc

2012-07-13 22:44:15 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-12 01:34:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple Computer

2012-07-12 01:24:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple

2012-07-11 22:20:22 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-11 19:34:13 98816 ----a-w- C:\Windows\sed.exe

2012-07-11 19:34:13 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-11 19:34:13 256000 ----a-w- C:\Windows\PEV.exe

2012-07-11 19:34:13 208896 ----a-w- C:\Windows\MBR.exe

2012-07-11 19:14:07 -------- d-----w- C:\Windows\en

2012-07-11 19:09:37 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-11 19:03:42 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DSETUP.dll

2012-07-11 19:03:42 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DXSETUP.exe

2012-07-11 19:03:42 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\dsetup32.dll

2012-07-11 19:03:42 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e37fe80a1cd5f9702\MeshBetaRemover.exe

2012-07-11 14:56:05 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8FFC4C1D-E6CB-43A2-8D45-327FEA658040}

2012-07-11 14:55:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{599DD9D5-F0E2-4BB2-8791-50E6AAAAD424}

2012-07-11 06:07:31 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 05:53:52 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-10 20:51:45 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{048FE201-C7B6-4515-B247-A1CD5A05CA35}

2012-07-10 20:51:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{1F69E501-391B-4169-ABD1-03FC640596B9}

2012-07-10 10:08:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521C825-8BBD-4112-AF2C-A637036643A2}

2012-07-10 10:08:37 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{690F744B-003C-4821-B1FE-A02BAFDB916E}

2012-07-10 02:11:11 -------- d-----w- C:\ProgramData\KingsIsle Entertainment

2012-07-09 12:56:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{BA35B3E2-10B8-4B5A-9790-83A100AA2A47}

2012-07-09 10:14:46 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{C7CBE44D-C7C2-43DE-AA50-2CD89269C9B6}

2012-07-07 11:35:11 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8B2C2E4B-CB24-4773-8AC8-A264424A3D76}

2012-07-07 11:34:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{759FF0D9-E6EB-43CA-BD38-0A3E1AA80174}

2012-07-07 11:25:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{4E260ABE-20C5-46E3-A847-12BE5F1A2B21}

2012-07-06 15:44:46 -------- d-----w- C:\Windows\pss

2012-07-02 05:31:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8E265123-0560-428A-955E-57815CDC4797}

.

==================== Find3M ====================

.

2012-07-27 15:47:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 15:47:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-26 16:33:02 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-06-26 16:33:02 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-06-15 18:17:11 878184 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys

2012-06-08 20:44:08 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-06-01 11:31:56 377768 ----a-w- C:\Windows\System32\vsnp2uvc.dll

2012-06-01 11:31:54 400296 ----a-w- C:\Windows\System32\rsnp2uvc.dll

2012-06-01 11:31:54 1863720 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys

2012-06-01 11:31:52 245672 ----a-w- C:\Windows\System32\csnp2uvc.dll

2012-06-01 11:31:36 311208 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll

2012-06-01 11:31:34 26024 ----a-w- C:\Windows\snuvcdsm.exe

2012-06-01 11:31:24 401832 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-17 13:22:29 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

.

============= FINISH: 21:53:24.55 ===============

Attach.txt

Maniac · August 2, 2012

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security, but if you don't have a license for it do the opposite. Finally, reboot your PC.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
aswMBR log
a new fresh DDS log

screen317 · August 7, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

screen317 · August 15, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Trojan.Agent

Recommended Posts

Hyuhgr4

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

Hyuhgr4

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

screen317

Link to post

Share on other sites

screen317

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information