Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center is telling me my PC Tools Firewall is off, but it's not...


  • This topic is locked This topic is locked
7 replies to this topic

#1 RhonB

RhonB

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:55 AM

Posted 07 November 2010 - 12:38 PM

Hi there,

Posting some logs as requested in my original topic Here

As explained there, my Windows Security center is telling me that my PC Tools Firewall is off but it isn't. I have tried turning it off and on but it still says it is off.
Not sure what this is...?

Also having an issue with this error popping up at startup.

C\Program Files\NOS\bin\getplus_helper_3004.dll
This module could not be found


I did do some research on this and found it has something to do with Adobe I think...but not sure what to do about it...

I do not think I am infected as I am not having any other issues with my machine but I was asked to post some logs.
I am presently enrolled as a Junior in the Malware training here at Bleeping, but we have not done any DDS or GMER logs yet so I don't know how to read them. I am going to also do an HJT log and research it myself (I can do these and it might help with my training :wink:)

So, if someone can please read the logs below and let me know if there is anything I need to worry about I would appreciate it.

Thanks


DDS (Ver_10-11-05.01) - NTFSx86
Run by Rhon at 9:14:56.28 on 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1061 [GMT -5:00]

AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\V0230Mon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\CASIO\YouTube Uploader for CASIO\YStart.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rhon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search &

destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware

doctor\bdt\PCTBrowserDefender.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe
mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program

files\nos\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk -

c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\youtub~1.lnk - c:\program files\casio\youtube uploader for

casio\YStart.exe
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
Trusted Zone: facebook.com\apps
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rhon\applic~1\mozilla\firefox\profiles\bwddzfgj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\spyware doctor\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-2 207792]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-1-1 32008]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-3-12 15172]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-1-2 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe

[2010-1-2 198608]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-1-1 6415608]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-1-4 88176]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-1-2 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-1-2 818432]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-1-30 76440]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-1-2

70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-1-2 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-1-2 115216]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-3-21 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-3-21 14336]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-1-1 26096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-1-2 32680]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-2 1141712]
S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2006-3-24 6272]
S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2006-9-29 500480]

=============== Created Last 30 ================

2010-11-07 05:39:04 -------- d-----w- c:\docume~1\rhon\applic~1\AnvSoft
2010-11-07 05:39:00 -------- d-----w- c:\program files\AnvSoft
2010-10-12 17:41:24 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 17:41:24 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-12 17:41:24 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-12 17:41:17 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 16:51:41 -------- d-----w- c:\docume~1\rhon\locals~1\applic~1\PCHealth

==================== Find3M ====================

2010-10-30 14:26:07 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 9:15:37.29 ===============



DDS (Ver_10-11-05.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/03/2008 10:36:42 PM
System Uptime: 11/06/2010 9:34:35 PM (3564 hours ago)

Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz | Socket 775 | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 194.988 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653B_______________D300____\5&29AAEA67&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp DVD+-RW TS-H653B
PNP Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653B_______________D300____\5&29AAEA67&0&0.0.0
Service: cdrom

==== System Restore Points ===================

RP258: 10/08/2010 4:38:28 AM - System Checkpoint
RP259: 11/08/2010 3:00:19 AM - Software Distribution Service 3.0
RP260: 11/08/2010 6:04:40 PM - Installed Java™ 6 Update 21
RP261: 12/08/2010 6:30:52 PM - System Checkpoint
RP262: 13/08/2010 9:06:07 PM - System Checkpoint
RP263: 13/08/2010 10:59:18 PM - Installed HiJackThis
RP264: 14/08/2010 11:30:52 PM - System Checkpoint
RP265: 15/08/2010 11:31:12 PM - System Checkpoint
RP266: 16/08/2010 11:36:00 PM - System Checkpoint
RP267: 18/08/2010 1:31:10 AM - System Checkpoint
RP268: 19/08/2010 1:35:07 AM - System Checkpoint
RP269: 20/08/2010 1:58:42 AM - System Checkpoint
RP270: 21/08/2010 2:53:19 AM - System Checkpoint
RP271: 22/08/2010 4:25:54 AM - System Checkpoint
RP272: 22/08/2010 9:31:05 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP273: 22/08/2010 9:31:54 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP274: 22/08/2010 9:32:10 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP275: 22/08/2010 9:33:39 PM - Installed Windows XP KB942288-v3.
RP276: 22/08/2010 9:57:15 PM - Installed Nero BurnLite 10.
RP277: 22/08/2010 10:12:02 PM - Removed Nero BurnLite 10.
RP278: 24/08/2010 1:23:14 AM - System Checkpoint
RP279: 25/08/2010 1:46:03 AM - System Checkpoint
RP280: 26/08/2010 12:23:56 AM - Installed Photo Story 3 for Windows
RP281: 27/08/2010 1:22:30 AM - System Checkpoint
RP282: 28/08/2010 1:59:09 AM - System Checkpoint
RP283: 29/08/2010 3:11:10 AM - System Checkpoint
RP284: 30/08/2010 3:59:44 AM - System Checkpoint
RP285: 30/08/2010 11:09:56 PM - Installed QuickTime
RP286: 01/09/2010 1:07:40 AM - System Checkpoint
RP287: 02/09/2010 2:07:49 AM - System Checkpoint
RP288: 03/09/2010 2:19:16 AM - System Checkpoint
RP289: 06/09/2010 11:40:55 PM - System Checkpoint
RP290: 08/09/2010 12:33:31 AM - System Checkpoint
RP291: 08/09/2010 3:00:16 AM - Software Distribution Service 3.0
RP292: 09/09/2010 3:29:41 AM - System Checkpoint
RP293: 10/09/2010 3:30:43 AM - System Checkpoint
RP294: 11/09/2010 4:29:42 AM - System Checkpoint
RP295: 12/09/2010 5:29:38 AM - System Checkpoint
RP296: 13/09/2010 6:14:11 AM - System Checkpoint
RP297: 14/09/2010 6:14:48 AM - System Checkpoint
RP298: 15/09/2010 3:00:17 AM - Software Distribution Service 3.0
RP299: 16/09/2010 3:24:03 AM - System Checkpoint
RP300: 17/09/2010 4:23:59 AM - System Checkpoint
RP301: 18/09/2010 4:36:00 AM - System Checkpoint
RP302: 19/09/2010 5:33:58 AM - System Checkpoint
RP303: 20/09/2010 5:36:00 AM - System Checkpoint
RP304: 21/09/2010 6:24:14 AM - System Checkpoint
RP305: 22/09/2010 7:38:39 AM - System Checkpoint
RP306: 23/09/2010 8:24:14 AM - System Checkpoint
RP307: 24/09/2010 8:36:14 AM - System Checkpoint
RP308: 25/09/2010 9:25:19 AM - System Checkpoint
RP309: 26/09/2010 9:53:25 AM - System Checkpoint
RP310: 26/09/2010 10:36:55 AM - Installed QuickTime
RP311: 26/09/2010 10:41:42 AM - Removed iTunes
RP312: 26/09/2010 11:09:46 AM - Removed Ask Toolbar.
RP313: 27/09/2010 2:19:09 PM - System Checkpoint
RP314: 27/09/2010 8:04:20 PM - Removed Skype™ 4.2
RP315: 28/09/2010 11:16:31 PM - System Checkpoint
RP316: 29/09/2010 11:45:16 PM - System Checkpoint
RP317: 30/09/2010 3:00:15 AM - Software Distribution Service 3.0
RP318: 01/10/2010 3:42:18 AM - System Checkpoint
RP319: 02/10/2010 4:54:18 AM - System Checkpoint
RP320: 03/10/2010 5:42:18 AM - System Checkpoint
RP321: 04/10/2010 6:42:17 AM - System Checkpoint
RP322: 05/10/2010 7:43:23 AM - System Checkpoint
RP323: 06/10/2010 8:42:17 AM - System Checkpoint
RP324: 07/10/2010 9:54:20 AM - System Checkpoint
RP325: 08/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP326: 09/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP327: 10/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP328: 11/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP329: 12/10/2010 3:39:59 AM - System Checkpoint
RP330: 13/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP331: 14/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP332: 15/10/2010 3:00:33 AM - Software Distribution Service 3.0
RP333: 16/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP334: 17/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP335: 18/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP336: 19/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP337: 20/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP338: 21/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP339: 22/10/2010 3:00:18 AM - Software Distribution Service 3.0
RP340: 23/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP341: 24/10/2010 3:00:21 AM - Software Distribution Service 3.0
RP342: 25/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP343: 26/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP344: 27/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP345: 27/10/2010 7:06:28 PM - Installed Java™ 6 Update 22
RP346: 28/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP347: 29/10/2010 3:00:19 AM - Software Distribution Service 3.0
RP348: 30/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP349: 31/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP350: 01/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP351: 02/11/2010 3:00:16 AM - Software Distribution Service 3.0
RP352: 03/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP353: 04/11/2010 3:00:15 AM - Software Distribution Service 3.0
RP354: 05/11/2010 3:00:41 AM - Software Distribution Service 3.0
RP355: 06/11/2010 3:00:18 AM - Software Distribution Service 3.0
RP356: 07/11/2010 2:00:16 AM - Software Distribution Service 3.0
RP357: 07/11/2010 3:00:15 AM - Software Distribution Service 3.0

==== Installed Programs ======================

#1 Video Converter 5.0.2
A610
A710_A610_A510_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 6.0
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Any Video Converter 3.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
AVS DVDMenu Editor 1.2.1.19
AVS Video Editor 3.5
Bonjour
Browser Address Error Redirector
Browser Defender 3.0.0.1
BufferChm
Canon CanoScan Toolbox 4.5
CCleaner
CDBurnerXP
Creative Live! Cam Video IM Pro Driver (1.01.03.0928)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell DataSafe Online
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
DeviceManagementQFolder
Download Updater (AOL LLC)
DVD Flick 1.3.0.7
ESET Online Scanner v3
eSupportQFolder
Free Easy Burner V 4.1
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
HOT ALBUM MYBOX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
Image Resizer Powertoy for Windows XP
InstantShareDevicesMFC
Intel® PRO Network Connections 12.1.8.0
iPod for Windows 2005-09-23
iWisoft Free Video Converter 1.2
Java Auto Updater
Java™ 6 Update 22
Jetcast 1.1.1
jZip
K-Lite Codec Pack 4.1.4 (Full)
Malwarebytes' Anti-Malware
MarketResearch
McAfee SiteAdvisor
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Office 2000 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MixPad Audio Mixer
Module linguistique Microsoft .NET Framework 3.5 - fra
Mouse Suite for Desktop Computers
Mozilla Firefox (3.5.13)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4SP2
MyDefrag v4.2.7
Nancy Drew: Secret of the Scarlet Hand
Nancy Drew: The Haunted Carousel
PanoStandAlone
PC Tools Firewall Plus 6.0
Photo Story 3 for Windows
Photo Transport
Pinnacle Instant DVD Recorder
PowerDVD
Prevx
QuickTime
Realtek High Definition Audio Driver
RecordPad Sound Recorder
Roll
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 4.2
Soap 3.0 Toolkit
SolutionCenter
Sonic Activation Module
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spyware Doctor 7.0
SpywareBlaster 4.4
Status
Switch Sound File Converter
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
Toolbox
TrayApp
UFile 2007
UFile 2008
UFile 2009
UFile Updater 2007
UFile Updater 2008
UFile Updater 2009
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
WinZip 12.0
WOT for Internet Explorer
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
YouTube Uploader for CASIO

==== Event Viewer Messages From Past Week ========

06/11/2010 9:35:28 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: Cdrom Imapi redbook
06/11/2010 6:31:40 PM, error: DCOM [10000] - Unable to start a DCOM Server:

{B2B3C70A-B20F-40B7-90C5-EA7E946C16E0}. The error: "%6" Happened while starting this

command: C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe -Embedding
06/11/2010 3:01:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows

failed to install the following update with error 0x80070643: Security Update for Microsoft

.NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86

(KB2416447).

==== End Of File ===========================



GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-07 12:34:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAKS-75VYA0 12.01B02
Running: gmer.exe; Driver: C:\DOCUME~1\Rhon\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAllocateVirtualMemory [0xAA0D1F60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xAA0D1AF0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9E29E52]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E0ACDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E0AED0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xAA0D1B40]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDebugActiveProcess [0xAA0D1F10]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xAA0D1810]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xAA0D18D0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDuplicateObject [0xAA0D2180]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9E28B44]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xAA0D2490]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenSection [0xAA0D1CD0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xAA0D2320]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xAA0D1BE0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9E2AD60]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xAA0D1AA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xAA0D19B0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSystemDebugControl [0xAA0D1E80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xAA0D2630]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xAA0D1C80]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xAA0D2000]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xBA4BC30E]
? C:\DOCUME~1\Rhon\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[3008] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 01547B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3008] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 01547090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\WINDOWS\Explorer.EXE[3008] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 01547800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WININET.dll!InternetWriteFile 3D9A6076 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4648] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00357940 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ntdll.dll!NtCreateSection 7C90D17E 5 Bytes JMP 00357A60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003578D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ntdll.dll!NtOpenSection 7C90D62E 5 Bytes JMP 00357B00 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00357B40 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 00357090 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] kernel32.dll!OutputDebugStringA 7C85AD4C 5 Bytes JMP 00357D60 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 00356ED0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 00352740 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 00352720 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 00356AA0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 00357800 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 00356E90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 00356D20 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 00356C90 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 00356DC0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 003569D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 00356CD0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 00356C50 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 00356D70 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] ADVAPI32.dll!CredEnumerateW 77E18099 7 Bytes JMP 00356FB0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] CRYPT32.dll!CryptUnprotectData 77A8BAF0 7 Bytes JMP 00356F30 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00352890 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00352950 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 003528D0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00352910 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00352850 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 003527C0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00352760 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WININET.dll!InternetWriteFile 3D9A6076 5 Bytes JMP 00352790 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WININET.dll!HttpSendRequestExA 3D9BA642 5 Bytes JMP 00352820 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)
.text C:\Program Files\Internet Explorer\iexplore.exe[5716] WININET.dll!HttpSendRequestExW 3D9BA69B 5 Bytes JMP 003527F0 C:\WINDOWS\system32\PxSecure.dll (Prevx Security Library/Prevx)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \FileSystem\Fastfat \Fat A6AB5D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:55 AM

Posted 14 November 2010 - 09:23 AM

Hello RhonB

Are you still having the same issues?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:55 AM

Posted 14 November 2010 - 11:32 AM

Hi Kahda,

Thank you for responding....

The error message did not appear on my last re-boot....so I think that may have resolved itself.

But, as for the firewall issue....now I am not sure which firewall is on....I had turned on Windows Firewall once SC was telling me that PC Tools Firewall was off...even thought it showed itself to be on, I wanted to be safe. Now, when I go to my SC and I turn off both the Windows Firewall and the PC Tools Firewall it is still showing as Firewall "ON". So I am not sure if it is actually allowing me to turn it off...or if they are actually BOTH on or not. I don't want both on...just the PC Tools, but I am not sure which one is on....ack!

Any ideas on another way to check this? Or fix this? Or even....do you see any issues in my logs that would have caused this...or actually, any issues at all?

Thanks for your help.

Regards,

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:55 AM

Posted 14 November 2010 - 03:15 PM

I see nothing in your logs pointing to infection or system corruption or anything else that would play a role in the situation but have you tried to uninstall the PC tools Firewall and then see what sc says?
If it then responds correctly disable the Windows firewall then reinstall the PC tools firewall.

Let me know what it does.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:55 AM

Posted 14 November 2010 - 03:33 PM

Thanks Kahdah...that's good news!! Whew.

I didn't see anything in my HJT log either....
but I am a newbie and needed an expert opinion. :)

I will try that later tonight and let you know....thanks again.

Regards,

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:55 AM

Posted 14 November 2010 - 04:09 PM

Ok just let me know and we can go from there. :)
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:04:55 AM

Posted 15 November 2010 - 10:40 AM

Hi Kahdah,

That seems to have done the trick. :)

I uninstalled PC Tools and then turned off the Windows firewall to see if the warning message would come up...it did. Yay! Then I turned that one off and re-installed PC Tools firewall and message is gone and firewall is turned on.

I wasn't sure what was going on, if I was infected or what....now I feel better.

Thanks for your help. :thumbup2:

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:55 AM

Posted 15 November 2010 - 02:27 PM

Great you can delete anything we used.
====
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users