Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
I'm greatful to anyone who can help with this. My DH ran a version of Kapersky from unknown origins a while back..we got the blue screen of death, I managed to restore to the last version, but since then, explorer.exe and adobe ARM crash as soon as windows opens. We've tried restoring to an earlier date, we've ran MBAM, SuperAntiSpyware, Spyware Doctor, CCleaner at the suggestion of other sites when I googled the error signature (AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: unknown
ModVer: 0.0.0.0 Offset: 02dffb5a)
SAS found this:
Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\STACY SAMSON\LOCAL SETTINGS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
But quarantining hasn't resolved the issue. MBAM, SD, and CCleaner all came back clean. Everything I've read indicates that reimaging is the next step but I don't have my original install disk, and things are so tight financially, I don't have the cash to order a new disk. Help, and thank you in advance! Logs are below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Run by Stacy Samson at 20:45:03 on 2012-01-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.90 [GMT -6:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20120104,16898,0,8,0
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: My Personal Homepage: {0538cf1c-8419-4800-adbb-0c00c799fda2} - c:\documents and settings\stacy samson\application data\genieo\application\ieplugins\bin\IEWrapper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - c:\program files\rewardsarcadesuite\RewardsArcadeSuite.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {E19E589B-749F-4641-9ED3-032DEB7A8D92} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: vistaprint.com\www
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--af6bde30-0f41-423e-a0c4-737047c7fd68/online/zenerchi/en/ZenerchiWeb.1.0.0.10.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://aolsvc.aol.com/onlinegames/free-trial-pet-shop-hop/petshophopweb.1.0.0.16.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{42EB371F-6754-4CEE-95F5-9A519506D84C} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stacy samson\application data\mozilla\firefox\profiles\eip6i22u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - facebook.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is&type=W3i_IA,206,0_0,StartPage,20111146,18482,0,0,6434&p=
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-7 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-7 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-7 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-1-10 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-1-10 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-7 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-1-7 185560]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-29 20464]
R3 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-29 652872]
S1 9df2ded6;9df2ded6;c:\windows\system32\drivers\9df2ded6.sys [2008-10-23 0]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-1-7 56840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-1-7 70536]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-1-10 35264]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-1-7 546768]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-4-17 192512]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-1-7 402336]
S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-1-7 1117624]
S4 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2012-01-29 21:16:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-29 21:16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-29 20:30:47 -------- d-----w- c:\program files\CCleaner
2012-01-29 06:01:51 -------- d-----w- c:\documents and settings\stacy samson\application data\SUPERAntiSpyware.com
2012-01-29 06:00:56 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
2012-01-29 06:00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-29 06:00:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-29 05:52:48 388096 ----a-r- c:\documents and settings\stacy samson\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-29 05:52:46 -------- d-----w- c:\program files\Trend Micro
2012-01-28 00:46:05 -------- d-----w- c:\documents and settings\stacy samson\application data\com.w3i.intune
2012-01-28 00:40:13 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-01-28 00:40:12 -------- d-----w- c:\program files\Freeze.com
2012-01-28 00:40:00 -------- d-----w- c:\documents and settings\stacy samson\local settings\application data\RewardsArcadeSuite
2012-01-28 00:39:57 -------- d-----w- c:\program files\RewardsArcadeSuite
2012-01-28 00:39:43 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
2012-01-23 11:32:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 22:08:03 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2012-01-22 22:07:49 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-22 22:07:33 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2012-01-22 22:07:33 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2012-01-22 22:07:32 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2012-01-22 22:07:32 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2012-01-22 22:07:32 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2012-01-22 22:07:31 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2012-01-22 17:20:36 -------- d-----w- C:\418352dc603ff00b4be4
2012-01-20 06:03:36 -------- d-----w- C:\dc5974001cae26dc096f9cca9c
2012-01-20 06:01:50 -------- d-----w- C:\e2c0040a8d43498cbe8a39
2012-01-16 22:18:56 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-01-16 22:18:20 -------- d-----w- c:\program files\W3i
2012-01-16 22:18:19 -------- d-----w- c:\documents and settings\all users\application data\W3i
2012-01-16 22:16:40 -------- d-----w- c:\documents and settings\stacy samson\application data\Genieo
2012-01-16 22:15:56 -------- d-----w- c:\documents and settings\stacy samson\application data\W3i, LLC
2012-01-13 11:04:34 -------- d-----w- c:\documents and settings\stacy samson\local settings\application data\Proxure
2012-01-13 11:03:57 -------- d-----w- c:\documents and settings\all users\application data\ClubSanDisk
2012-01-13 09:31:20 -------- d-----w- c:\documents and settings\stacy samson\application data\Systweak
2012-01-10 19:33:02 574424 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2012-01-10 19:33:01 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2012-01-10 19:32:59 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2012-01-10 06:04:49 -------- d-----w- C:\1d0f0fce02019d32919180ebc604
2012-01-08 02:56:14 1409 ----a-w- c:\windows\QTFont.for
2012-01-07 07:40:02 767952 ----a-w- c:\windows\BDTSupport.dll0138.old
2012-01-07 07:40:02 767952 ----a-w- c:\windows\BDTSupport.dll0128.old
2012-01-07 07:40:02 767952 ----a-w- c:\windows\BDTSupport.dll
2012-01-07 07:40:02 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-01-07 07:40:01 2246608 ----a-w- c:\windows\PCTBDCore.dll0138.old
2012-01-07 07:40:01 2246608 ----a-w- c:\windows\PCTBDCore.dll0128.old
2012-01-07 07:40:01 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-01-07 07:40:01 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-01-07 07:40:01 149456 ----a-w- c:\windows\SGDetectionTool.dll0138.old
2012-01-07 07:40:01 149456 ----a-w- c:\windows\SGDetectionTool.dll0128.old
2012-01-07 07:40:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-01-07 07:37:52 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-07 07:37:15 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-01-07 07:36:57 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-01-07 07:36:37 -------- d-----w- c:\program files\PC Tools
2012-01-07 07:10:33 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-01-07 07:10:33 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-01-07 07:10:29 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-07 07:10:29 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-07 07:10:25 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-07 07:10:25 -------- d-----w- c:\program files\common files\PC Tools
2012-01-06 21:32:16 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2012-01-06 20:29:12 -------- d-----w- C:\Inetpub
2012-01-06 08:25:03 -------- d-----w- c:\documents and settings\stacy samson\application data\TestApp
2012-01-06 07:15:53 767952 ----a-w- c:\windows\BDTSupport.dll0142.old
2012-01-06 07:15:52 1996752 ----a-w- c:\windows\PCTBDCore.dll0142.old
2012-01-06 07:15:52 149456 ----a-w- c:\windows\SGDetectionTool.dll0142.old
2012-01-06 06:28:06 -------- d-----w- c:\documents and settings\stacy samson\application data\PCTools
2012-01-05 23:44:37 94896 ----a-w- c:\windows\system32\drivers\91188348.sys
2012-01-05 07:23:33 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ------w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 20:47:43.23 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-30 12:20:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: gmer.exe; Driver: C:\DOCUME~1\STACYS~1\LOCALS~1\Temp\kgtyapow.sys
---- System - GMER 1.0.15 ----
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF80FA290]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF82A1C0C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF82A1ED4]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF80FA500]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF80FA5C0]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF80FA130]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82D3E16]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF80FA7C0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA0E8640]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device \Driver\Tcpip \Device\IPMULTICAST pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
Attached File(s)
-
attach.txt (27.25K)
Number of downloads: 2
Back to top
