Hyuhgr4 Posted July 31, 2012 ID:578822 Share Posted July 31, 2012 I am not sure what Trojan I have. All I know is, is that Malwarebytes picked up on it a day ago and I had quarantined it. It's till quarantined. I searched Google and found that I needed to "Pulicize" my folders, and do I did, and the hidden folders shown that there were so many shortcuts of my "Documents", "Pictures" etc, etc.I'm sure there are tons of Reg Keys with a bunch of trojans I suppose. I really want to get rid of this. I suppose I caught it browsing the web, or that time when my brother downloaded something while looking for a good Music Downloader and got it then. I noticed when I logged on my computer, it shown Screensaver icons on the desktop and said "Freeze.com"I searched about Freeze.com and it mentioned that there was Malware, and stuff, on that site and to stay away. I have a feeling I might have to take my computer back and get a new one, because I have had this problem before, and could NOT get rid of the Trojan virus I had. It's been here for probably a week or so now, and could have created so much more than I realize, and it may be too late.I have ran Malwarebytes and it only picked up on Trojan.Agent, and it was in my Temp files folder.Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.30.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Brittany Forrester :: KITTY [administrator]Protection: Enabled7/29/2012 10:28:39 PMmbam-log-2012-07-29 (22-28-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 195252Time elapsed: 8 minute(s), 25 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Brittany Forrester\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.(end)There is one that was I think: C:\Users\Brittany Forrester\AppData\Local\Temp\IWantThis.exe.exe didn't show in the quarantine list, unless it's still the same thing, and it doesn't need to have the same title.Please help.Thank-you in advance.I love Malwarebytes. TWICE, has this program told me that I had a Trojan, and was on the road to helping me. It even blocks sites that aren't bad or "seem" malicious. I have been using this program for like 2 years and it's my #1Software. When I get some money, I am definitely going to contribute to the acceptor.Attaching HijackThis log. I never finished the scanning, because I am not sure if I should "Analyze" and hit "Fixed checked."I will wait for your reply.-Hyuhgr4"Sometimes Dreaming is all you can do."hijackthis.log Link to post Share on other sites More sharing options...
Maniac Posted July 31, 2012 ID:578893 Share Posted July 31, 2012 Hello Hyuhgr4 and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Please follow the instructions in this thread and post the log files here:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
Hyuhgr4 Posted August 1, 2012 Author ID:579328 Share Posted August 1, 2012 Previous post with http://forums.malwarebytes.org/index.php?showtopic=113398With tempted help by Maniac; was asked to repost. I have the Trojan still, and it created other infections because I noticed there are more duplicates of my Documents and etc. I really I hope I can get rid of this trojan, it's growing progressively! D:I had an CCleaner before I had made the first post, which was yesterday. I hope that doesn't cause conflict. I didn't know until now, that I was supposed to wait to run things. Anyway, here are the DDS LOGS.Hyuhgr4"Sometimes all you can do is Dream.".DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Brittany Forrester at 21:51:31 on 2012-07-31Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.241 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Windows\system32\DllHost.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://www.yahoo.com/?ilc=8uInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [Google Update] "C:\Users\Brittany Forrester\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [Facebook Update] "C:\Users\Brittany Forrester\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserveruRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimizedmRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiStartupFolder: C:\Users\BRITTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exemPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllLSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{974C78B8-9200-49D0-BB9D-3DBF8DA9BECC} : DhcpNameServer = 192.168.72.2TCP: Interfaces\{A4D03D01-51FC-4107-A087-D64A10F2A236} : DhcpNameServer = 192.168.1.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllTB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllmRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiIE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\Firefox\Profiles\p5nt0x6x.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=FF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dllFF - plugin: C:\Users\Brittany Forrester\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dllFF - plugin: C:\Users\Brittany Forrester\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Brittany Forrester\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-25 98208]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-23 44808]R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-25 13336]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-4-25 1817088]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-19 654408]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-25 2656280]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-15 86224]S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-15 110032]S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2012-6-15 465360]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]S3 DMBdtv;DTMB DTV USB Tuner;C:\Windows\system32\Drivers\DMBdtv.sys --> C:\Windows\system32\Drivers\DMBdtv.sys [?]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-7 136176]S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 118256]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S4 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-08-01 00:14:44 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6EFBE0-BC4D-468F-A70F-1386A8D4771E}\mpengine.dll2012-07-30 21:10:27 -------- d-----w- C:\Program Files (x86)\Trend Micro2012-07-30 20:25:49 -------- d-----w- C:\Program Files\CCleaner2012-07-30 20:11:24 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{600CD41A-DB6F-4C61-A69A-4C92D6B23BE2}2012-07-30 20:10:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9215DB55-6A2B-4B22-8304-1F355DAE9C6D}2012-07-30 02:11:06 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\ooVoo Details2012-07-30 02:06:58 -------- d-----w- C:\Program Files (x86)\ooVoo2012-07-27 19:51:42 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{F678591A-6CD1-4784-AD3E-AA737311B482}2012-07-27 19:51:27 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{9DBD439B-11D1-4245-AD08-6A2A966CC4B4}2012-07-27 14:19:27 -------- d-----w- C:\Program Files (x86)\Aurora2012-07-24 10:58:23 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{090DB5B3-3BB5-4810-BA34-CCF0DF2F5BDB}2012-07-24 10:58:09 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521BBA3-FBBA-4ABF-B7F2-2E58C6373AAA}2012-07-23 19:42:17 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Utherverse2012-07-23 12:52:35 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2012-07-23 12:52:33 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2012-07-23 12:52:29 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2012-07-23 12:51:39 41224 ----a-w- C:\Windows\avastSS.scr2012-07-22 18:27:54 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5EBC39FF-AF9C-40E7-9DFD-E0BE783C96B8}2012-07-22 18:27:43 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{147369CF-C438-4FB7-B42A-DD518830BC40}2012-07-20 05:18:09 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2012-07-19 21:56:57 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\MusicOasis2012-07-19 21:22:30 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com2012-07-19 21:21:26 -------- d-----w- C:\ProgramData\WeCareReminder2012-07-19 20:16:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{07B935B0-EE2C-4A4A-9F21-00E913BEB6AA}2012-07-19 20:16:47 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{3F00F6CA-05A2-4953-ACFA-0875769089AC}2012-07-19 03:24:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Roaming\Spotify2012-07-18 18:32:36 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{A8845EA5-CC29-49FD-80F9-A1C6616CE61F}2012-07-18 18:32:21 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5AB2719C-7D6C-41F7-A97F-F7FB42ACA6F4}2012-07-16 16:37:22 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{5875429C-0850-4BCE-8C08-4041F679692D}2012-07-16 16:37:10 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{57F27D83-1F95-49FB-89F5-636E8EDF39DC}2012-07-15 17:31:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{11A817FA-3354-4FD1-A31F-EB5E63295F97}2012-07-15 00:05:39 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-07-15 00:05:39 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-07-14 06:30:44 -------- d-----w- C:\Program Files (x86)\Utherverse Digital Inc2012-07-13 22:44:15 -------- d-----w- C:\Program Files (x86)\ESET2012-07-12 01:34:58 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple Computer2012-07-12 01:24:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\Apple2012-07-11 22:20:22 -------- d-sh--w- C:\$RECYCLE.BIN2012-07-11 19:34:13 98816 ----a-w- C:\Windows\sed.exe2012-07-11 19:34:13 518144 ----a-w- C:\Windows\SWREG.exe2012-07-11 19:34:13 256000 ----a-w- C:\Windows\PEV.exe2012-07-11 19:34:13 208896 ----a-w- C:\Windows\MBR.exe2012-07-11 19:14:07 -------- d-----w- C:\Windows\en2012-07-11 19:09:37 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-07-11 19:03:42 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DSETUP.dll2012-07-11 19:03:42 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\DXSETUP.exe2012-07-11 19:03:42 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e3421ad21cd5f9701\dsetup32.dll2012-07-11 19:03:42 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e37fe80a1cd5f9702\MeshBetaRemover.exe2012-07-11 14:56:05 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8FFC4C1D-E6CB-43A2-8D45-327FEA658040}2012-07-11 14:55:51 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{599DD9D5-F0E2-4BB2-8791-50E6AAAAD424}2012-07-11 06:07:31 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-11 05:53:52 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-07-10 20:51:45 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{048FE201-C7B6-4515-B247-A1CD5A05CA35}2012-07-10 20:51:33 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{1F69E501-391B-4169-ABD1-03FC640596B9}2012-07-10 10:08:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{0521C825-8BBD-4112-AF2C-A637036643A2}2012-07-10 10:08:37 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{690F744B-003C-4821-B1FE-A02BAFDB916E}2012-07-10 02:11:11 -------- d-----w- C:\ProgramData\KingsIsle Entertainment2012-07-09 12:56:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{BA35B3E2-10B8-4B5A-9790-83A100AA2A47}2012-07-09 10:14:46 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{C7CBE44D-C7C2-43DE-AA50-2CD89269C9B6}2012-07-07 11:35:11 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8B2C2E4B-CB24-4773-8AC8-A264424A3D76}2012-07-07 11:34:50 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{759FF0D9-E6EB-43CA-BD38-0A3E1AA80174}2012-07-07 11:25:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{4E260ABE-20C5-46E3-A847-12BE5F1A2B21}2012-07-06 15:44:46 -------- d-----w- C:\Windows\pss2012-07-02 05:31:20 -------- d-----w- C:\Users\Brittany Forrester\AppData\Local\{8E265123-0560-428A-955E-57815CDC4797}.==================== Find3M ====================.2012-07-27 15:47:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-27 15:47:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-26 16:33:02 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll2012-06-26 16:33:02 839096 ----a-w- C:\Windows\System32\deployJava1.dll2012-06-15 18:17:11 878184 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys2012-06-08 20:44:08 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-06-01 11:31:56 377768 ----a-w- C:\Windows\System32\vsnp2uvc.dll2012-06-01 11:31:54 400296 ----a-w- C:\Windows\System32\rsnp2uvc.dll2012-06-01 11:31:54 1863720 ----a-w- C:\Windows\System32\drivers\snp2uvc.sys2012-06-01 11:31:52 245672 ----a-w- C:\Windows\System32\csnp2uvc.dll2012-06-01 11:31:36 311208 ----a-w- C:\Windows\SysWow64\vsnp2uvc.dll2012-06-01 11:31:34 26024 ----a-w- C:\Windows\snuvcdsm.exe2012-06-01 11:31:24 401832 ----a-w- C:\Windows\SysWow64\rsnp2uvc.dll2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-05-17 13:22:29 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll.============= FINISH: 21:53:24.55 ===============Attach.txt Link to post Share on other sites More sharing options...
Maniac Posted August 2, 2012 ID:579854 Share Posted August 2, 2012 Step 1Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security, but if you don't have a license for it do the opposite. Finally, reboot your PC.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware logaswMBR loga new fresh DDS log Link to post Share on other sites More sharing options...
Staff screen317 Posted August 7, 2012 Staff ID:581928 Share Posted August 7, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 15, 2012 Staff ID:585400 Share Posted August 15, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts