Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Auto-Protect Results

(New)
(!)

Niteprey2's Avatar
Niteprey2 Niteprey2 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
08-Jul-2012, 08:42 PM #1
Auto-Protect Results
I keep receiving Auto Protect results like:

Trojan.zeroaccess
Trojan.Gen.2

I am posting the logs as requested..Thanks for the help..

Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:36 AM, on 7/8/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\new years.christmaslove\AppData\Local\Programs\Google\MusicManager\MusicManager .exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Users\new years.christmaslove\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\new years.christmaslove\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MusicManager] "C:\Users\new years.christmaslove\AppData\Local\Programs\Google\MusicManager\MusicManager .exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/P...ller_6-1-2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1C5EF41-19C1-4B90-A6CB-489E9EBBB907}: Domain = co.clayton.ga.us
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11141 bytes


DDS File:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by new years at 10:49:22 on 2012-07-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1095 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\new years.christmaslove\AppData\Local\Programs\Google\MusicManager\MusicManager .exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
\\.\globalroot\systemroot\Installer\{c6682faa-e199-6927-084e-0b9be305fd10}\U
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.my.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\new years.christmaslove\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MusicManager] "c:\users\new years.christmaslove\appdata\local\programs\google\musicmanager\MusicManager .exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D1C5EF41-19C1-4B90-A6CB-489E9EBBB907} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-5-29 21504]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-29 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2008-10-23 1956752]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-10-16 401408]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-1 106656]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-15 5504]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-10-28 2152720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-10 136176]
S2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-30 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-24 257224]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2007-6-21 51584]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2007-6-21 364544]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2007-6-21 162304]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-10 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-10-28 15232]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-10-23 121744]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbda.sys [2007-9-17 147328]
.
=============== Created Last 30 ================
.
2012-07-03 23:08:34 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40ff165a-9976-4348-a579-57da0e20c469}\mpengine.dll
2012-07-03 15:38:49 -------- d-----w- c:\program files\CCleaner
2012-06-22 09:45:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 09:44:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 09:44:44 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-16 23:58:43 -------- d-----w- c:\programdata\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-16 21:13:52 -------- d-----w- c:\program files\Uniblue
2012-06-13 09:52:25 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:52:25 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:52:25 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:51:48 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:51:47 2045440 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-06-11 18:54:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 18:54:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 23:07:05 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-12 09:47:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 10:50:13.17 ===============


ark.txt file:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-08 20:31:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST350063 rev.3.AA
Running: gmer.exe; Driver: C:\Users\NEWYEA~1.CHR\AppData\Local\Temp\kwlyiuoc.sys

---- System - GMER 1.0.15 ----
SSDT 886999B8 ZwAlertResumeThread
SSDT 88699A98 ZwAlertThread
SSDT 88726868 ZwAllocateVirtualMemory
SSDT 886A3F30 ZwConnectPort
SSDT 88699708 ZwCreateMutant
SSDT 887236A0 ZwCreateThread
SSDT 88752108 ZwFreeVirtualMemory
SSDT 886997F8 ZwImpersonateAnonymousToken
SSDT 886998D8 ZwImpersonateThread
SSDT 88751590 ZwMapViewOfSection
SSDT 88699628 ZwOpenEvent
SSDT 88752398 ZwOpenProcessToken
SSDT 88699EF0 ZwOpenThreadToken
SSDT 88753A38 ZwResumeThread
SSDT 88699E30 ZwSetContextThread
SSDT 88699FC0 ZwSetInformationProcess
SSDT 88699D60 ZwSetInformationThread
SSDT 88699548 ZwSuspendProcess
SSDT 88699BE0 ZwSuspendThread
SSDT 88752290 ZwTerminateProcess
SSDT 88699CA0 ZwTerminateThread
SSDT 887514D0 ZwUnmapViewOfSection
SSDT 88752BD0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 826F47E0 8 Bytes [B8, 99, 69, 88, 98, 9A, 69, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 826F47F4 4 Bytes [68, 68, 72, 88]
.text ntkrnlpa.exe!KeSetEvent + 1C1 826F4884 4 Bytes [30, 3F, 6A, 88] {XOR [EDI], BH; PUSH -0x78}
.text ntkrnlpa.exe!KeSetEvent + 1F5 826F48B8 4 Bytes [08, 97, 69, 88]
.text ntkrnlpa.exe!KeSetEvent + 221 826F48E4 4 Bytes [A0, 36, 72, 88]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC07340, 0x39DB57, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[616] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
? C:\Windows\system32\svchost.exe[4216] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text C:\Windows\system32\svchost.exe[4216] USER32.dll!DialogBoxIndirectParamAorW 76B12EB6 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [1816] 0x45670000
---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Niteprey2's Avatar
Niteprey2 Niteprey2 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
09-Jul-2012, 08:47 PM #2
Auto Protect Results
Bumping this up...noone has looked yet. I was having a problem with the computer shutting down unexpectedly as well....then I started receiving these Trojan.zeroaccess auto protect results...
Niteprey2's Avatar
Niteprey2 Niteprey2 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
10-Jul-2012, 08:02 PM #3
Bumping up again...please help!
Niteprey2's Avatar
Niteprey2 Niteprey2 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
11-Jul-2012, 09:04 PM #4
Bumping up again!!!! Anybody out there?
Niteprey2's Avatar
Niteprey2 Niteprey2 is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
15-Jul-2012, 11:19 AM #5
Still no response...bumping up again
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑