1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How do I remove a Trojan.gen virus that was detected and quarentined by Norton?

Discussion in 'Virus & Other Malware Removal' started by jodnpam, Dec 30, 2010.

Thread Status:
Not open for further replies.
  1. jodnpam

    jodnpam Thread Starter

    Joined:
    Dec 30, 2010
    Messages:
    2
    My son recently got a netbook for Christmas. Since he has had the computer, it seems to be a bit sluggish. Last night I ran some microsoft updates and this morning Nortron said that it found a Trojan.gen virus. I would like to remove this file and any other potentially harmful or files that may be affecting the operating speed of this computer. I am new to this site and I am hopeful that you can help me. The following is the hijack this file, ark.txt file and dds files. let me know if there is anythin else that I can send or provide.

    Thank you

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:48:37 AM, on 12/30/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ezSharedSvcHost.exe
    C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ASUS\Eee Storage\BackupService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jody Hancock\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/www.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ezShellStart.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.1.0.37\coIEPlg.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Easybits Parental Control] "C:\Program Files\EasyBits For Kids\ezMDAdmin.exe" /startup
    O4 - HKLM\..\Run: [Easybits Desktop Live] "C:\Program Files\EasyBits For Kids\ezLiveDesk.exe" /startup
    O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Eee Storage\BackupService.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O4 - Global Startup: AutoRun OSCleaner.lnk = ?
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Teknum Systems AS - C:\WINDOWS\System32\ezSharedSvcHost.exe
    O23 - Service: Hyperdesk Theme Enabler (HdThemeEnabler) - The Skins Factory, Inc. - C:\Program Files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
    O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    --
    End of file - 8183 bytes


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jody Hancock at 10:51:34.37 on Thu 12/30/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.123 [GMT -5:00]
    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled*
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\ezSharedSvcHost.exe
    C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Norton Online\Engine\2.1.0.21\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ASUS\Eee Storage\BackupService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jody Hancock\Desktop\HijackThis.exe
    C:\Documents and Settings\Jody Hancock\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp:/www.msn.com
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ezShellStart.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Norton Safety Minder: {b8e07826-0971-4f16-b133-047b88034e89} - c:\program files\norton online\addons\norton safety minder\engine\2.1.0.37\coIEPlg.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\coIEPlg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SynAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe
    mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
    mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
    mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [Easybits Parental Control] "c:\program files\easybits for kids\ezMDAdmin.exe" /startup
    mRun: [Easybits Desktop Live] "c:\program files\easybits for kids\ezLiveDesk.exe" /startup
    mRun: [EeeStorageBackup] c:\program files\asus\eee storage\BackupService.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1.lnk - c:\program files\asus\asus os cleaner\AsOSCleaner.exe
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.8.0.41\CoIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: N/A: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\ezUPBHook.dll
    ============= SERVICES / DRIVERS ===============
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-12-29 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-12-29 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-12-29 482432]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101228.001\IDSXpx86.sys [2010-12-29 341944]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2009-7-20 511536]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-15 55152]
    R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HDThemeEnabler.exe [2008-7-21 106496]
    R2 NOF;Norton Online;c:\program files\norton online\engine\2.1.0.21\ccSvcHst.exe [2010-12-26 126904]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-12-29 117640]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-28 102448]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-5-21 39424]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101229.036\NAVENG.SYS [2010-12-30 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101229.036\NAVEX15.SYS [2010-12-30 1360760]
    R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv1.tmp [2010-12-30 3584]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-15 1684736]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S3 SQTECH9052;Disney Micro;c:\windows\system32\drivers\Capt9052.sys [2009-7-20 38656]
    S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\nsm\0201000.025\symrdr.sys [2010-12-26 181296]
    =============== Created Last 30 ================
    2010-12-30 14:29:59 -------- d--h--w- c:\windows\$hf_mig$
    2010-12-29 16:59:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-12-29 13:54:01 48688 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndisv.sys
    2010-12-29 13:54:01 217136 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symtdi.sys
    2010-12-29 13:53:55 36400 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symndis.sys
    2010-12-29 13:53:50 89904 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symfw.sys
    2010-12-29 13:53:50 33072 ----a-w- c:\windows\system32\drivers\nis\1008000.029\symids.sys
    2010-12-29 13:53:50 310320 ----a-w- c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys
    2010-12-29 13:53:49 43696 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtspx.sys
    2010-12-29 13:53:47 308272 ----a-w- c:\windows\system32\drivers\nis\1008000.029\srtsp.sys
    2010-12-29 13:53:46 259632 ----a-w- c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys
    2010-12-29 13:50:04 482432 ----a-w- c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys
    2010-12-29 13:33:21 -------- d-----w- c:\windows\system32\drivers\nis\1008000.029
    2010-12-29 13:23:32 -------- d-----w- c:\windows\system32\PreInstall
    2010-12-27 14:58:03 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-27 14:58:03 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-27 14:58:03 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-12-27 01:14:25 -------- d-----w- c:\docume~1\jodyha~1\applic~1\EasyBits For Kids
    2010-12-26 15:59:53 -------- d-----w- c:\docume~1\jodyha~1\locals~1\applic~1\DigitalBlue
    2010-12-26 14:56:44 50176 ----a-w- c:\windows\system32\win_utilman.exe
    2010-12-26 14:54:29 181296 ----a-r- c:\windows\system32\drivers\nsm\0201000.025\symrdr.sys
    2010-12-26 14:54:23 -------- d-----w- c:\windows\system32\drivers\nsm\0201000.025
    2010-12-26 14:54:23 -------- d-----w- c:\windows\system32\drivers\NSM
    2010-12-26 14:54:09 -------- d-----w- c:\windows\system32\drivers\nof\0201000.015
    2010-12-26 14:54:09 -------- d-----w- c:\windows\system32\drivers\NOF
    2010-12-26 14:54:09 -------- d-----w- c:\program files\Norton Online
    2010-12-26 14:35:01 -------- d-----w- c:\docume~1\jodyha~1\applic~1\Skinux
    2010-12-26 14:29:13 2560 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\usmt\iconlib.dll
    2010-12-26 14:10:26 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-12-26 14:10:23 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-12-26 14:10:23 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-26 14:10:23 -------- d-----w- c:\program files\Symantec
    2010-12-26 14:10:23 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-12-26 14:09:21 -------- d-----w- c:\windows\system32\drivers\NIS
    2010-12-26 14:09:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-12-26 14:08:45 -------- d-----w- c:\program files\NortonInstaller
    2010-12-26 14:08:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-12-26 14:04:12 -------- d-----w- c:\windows\system32\NtmsData
    ==================== Find3M ====================
    2010-12-28 22:15:17 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
    2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    2010-10-21 12:12:30 389120 ----a-w- c:\windows\system32\html.iec


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-30 11:25:15
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ASUS-JM_ rev.0810
    Running: qe5bs2po.exe; Driver: C:\DOCUME~1\JODYHA~1\LOCALS~1\Temp\agloiaod.sys

    ---- System - GMER 1.0.15 ----
    SSDT 85306180 ZwAlertResumeThread
    SSDT 85309070 ZwAlertThread
    SSDT 8578E228 ZwAllocateVirtualMemory
    SSDT 853F01C8 ZwAssignProcessToJobObject
    SSDT 85A00210 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9DAC9720]
    SSDT 853290F8 ZwCreateMutant
    SSDT 85A74008 ZwCreateSymbolicLinkObject
    SSDT 85469C80 ZwCreateThread
    SSDT 853950B8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9DAC99A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9DAC9F00]
    SSDT 85A01448 ZwDuplicateObject
    SSDT 8579CA78 ZwFreeVirtualMemory
    SSDT 853291C8 ZwImpersonateAnonymousToken
    SSDT 853060C0 ZwImpersonateThread
    SSDT 859DA9E8 ZwLoadDriver
    SSDT 8579C998 ZwMapViewOfSection
    SSDT 85336008 ZwOpenEvent
    SSDT 858BEA68 ZwOpenProcess
    SSDT 85457C70 ZwOpenProcessToken
    SSDT 85336080 ZwOpenSection
    SSDT 858777D0 ZwOpenThread
    SSDT 853F00F8 ZwProtectVirtualMemory
    SSDT 85AEE218 ZwResumeThread
    SSDT 85815628 ZwSetContextThread
    SSDT 852FA0E8 ZwSetInformationProcess
    SSDT 85336048 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9DACA150]
    SSDT 85336140 ZwSuspendProcess
    SSDT 858BC3E0 ZwSuspendThread
    SSDT 854B6030 ZwTerminateProcess
    SSDT 857CCB30 ZwTerminateThread
    SSDT 858DF218 ZwUnmapViewOfSection
    SSDT 8552C890 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes CALL 6CD5E3B2
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 8 Bytes JMP 7C70858B
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F74 80504810 4 Bytes CALL 48D577B5
    ? SYMEFA.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\JODYHA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 0A94003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] ole32.dll!CreateBindCtx + B5F 774FF14F 7 Bytes JMP 0A9400F3
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] ole32.dll!CoImpersonateClient + 51 775151F0 7 Bytes JMP 0A9401A9
    .text C:\Program Files\Internet Explorer\iexplore.exe[840] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    ---- Files - GMER 1.0.15 ----
    File C:\Documents and Settings\Jody Hancock\Local Settings\Temporary Internet Files\Content.IE5\GHC4LJ5M\eyeclopsminiprojector_blogspot_com[1].htm 24984 bytes
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. jodnpam

    jodnpam Thread Starter

    Joined:
    Dec 30, 2010
    Messages:
    2
    Any help/ information with this would be greatly appreciated. Thank you.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971601

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice