1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win7 Starter, running super slow, windows crashing. All logs posted

Discussion in 'Virus & Other Malware Removal' started by SaintAnger77, Aug 20, 2010.

Thread Status:
Not open for further replies.
  1. SaintAnger77

    SaintAnger77 Thread Starter

    Joined:
    Aug 19, 2010
    Messages:
    2
    I am runniing win7 starter, my net book is only 9 mo. old but it started running super slow and occasionally crashing about 2 months ago. I have no idea why! I have MBAM already as well as AVAST av but whatever is causing this snuck by those two. I have also been running Spybot and oddly it cannot find anything to clean on my system, so I suspect a trojan or some virus. My page file and system usage are extremely high (80-100%, even when I am doing nothing!) versus what it was 3 months ago. I tried system restore a few times but no luck. I appreciate any help anyone can offer me. I need my netbook for school and I am very stressed not being able to use it normally. I have all of the logs below: I had to run HJT in safe mode b/c my system crashed while I was running it in normal mode, plus it gave me a pop up that my .hosts file was locked and that I do not have access to it (odd since I am the admin and only person who usese my cpu).

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:46:06 PM, on 8/19/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Safe mode with network support
    Running processes:
    C:\windows\Explorer.EXE
    C:\windows\system32\ctfmon.exe
    C:\windows\helppane.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\windows\system32\PxSecure.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
    O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
    O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
    O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HotKeyMon.lnk = C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    O4 - Global Startup: tmchlang.lnk = C:\Program Files\Trend Micro\Internet Security\TmChLang.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Aibelive\Voice Command\Skype4COM.dll
    O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    --
    End of file - 8935 bytes

    DDS (Ver_10-03-17.01) - NTFSx86
    Run at 21:19:38.69 on Thu 08/19/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1015.298 [GMT -4:00]
    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    ============== Running Processes ===============
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Prevx\prevx.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Prevx\prevx.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\Asus WebStorage\BackupService.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\Users\LeventCanyas\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\AsusSender.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\AsusSender.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    mRun: [EeeStorageBackup] c:\program files\asus\asus webstorage\BackupService.exe
    mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
    mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey~1.lnk - c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmchlang.lnk - c:\program files\trend micro\internet security\TmChLang.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    ============= SERVICES / DRIVERS ===============
    R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-7-22 30320]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-9 165456]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-9 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-9 50256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
    R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-7-22 6394368]
    R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-7-22 69736]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-3 40384]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-26 20952]
    R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-7-22 24400]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 AsusService;Asus Launcher Service;c:\windows\system32\asusservice.exe --> c:\windows\system32\AsusService.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-30 29472]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-30 55280]
    S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
    =============== Created Last 30 ================
    2010-08-19 01:37:12 32 ----a-w- c:\windows\wininit.ini
    2010-08-19 01:25:15 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-19 01:25:12 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-19 01:19:07 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-08-19 01:18:25 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-08-18 22:31:46 0 d-----w- c:\users\levent~1\appdata\roaming\Update
    2010-08-18 22:31:38 0 d-----w- c:\users\levent~1\appdata\roaming\BS_Temp
    2010-08-18 22:30:05 524288 --sha-w- c:\users\leventcanyas\ntuser.dat{a71a6e24-ab07-11df-b806-002243feab3f}.TMContainer00000000000000000002.regtrans-ms
    2010-08-18 22:30:05 524288 --sha-w- c:\users\leventcanyas\ntuser.dat{a71a6e24-ab07-11df-b806-002243feab3f}.TMContainer00000000000000000001.regtrans-ms
    2010-08-18 22:30:04 65536 --sha-w- c:\users\leventcanyas\ntuser.dat{a71a6e24-ab07-11df-b806-002243feab3f}.TM.blf
    2010-08-18 20:26:28 524288 ---ha-w- C:\1005HA.ROM
    2010-08-12 20:26:33 0 d-sh--w- c:\windows\system32\%APPDATA%
    2010-08-12 20:13:27 65536 --sha-w- c:\users\leventcanyas\ntuser.dat{bffb6dbf-a64b-11df-8fee-90e6ba5b6e77}.TM.blf
    2010-08-12 20:13:27 524288 --sha-w- c:\users\leventcanyas\ntuser.dat{bffb6dbf-a64b-11df-8fee-90e6ba5b6e77}.TMContainer00000000000000000002.regtrans-ms
    2010-08-12 20:13:27 524288 --sha-w- c:\users\leventcanyas\ntuser.dat{bffb6dbf-a64b-11df-8fee-90e6ba5b6e77}.TMContainer00000000000000000001.regtrans-ms
    2010-08-12 09:47:54 0 d--h--w- C:\$AVG
    2010-08-12 07:30:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-08-12 07:29:46 0 d-----w- c:\programdata\AVG Security Toolbar
    2010-08-12 07:29:37 0 d-----w- c:\programdata\avg9
    2010-08-12 07:29:37 0 d-----w- c:\program files\AVG
    2010-08-01 00:58:23 0 d-----w- c:\program files\Trend Micro
    2010-07-23 21:58:44 0 d-----w- c:\programdata\WD_SmartWareCommon
    2010-07-23 21:58:17 0 d-sh--w- C:\aws
    2010-07-23 20:19:49 131 ----a-w- c:\windows\CRC.INI
    2010-07-23 19:53:03 0 d-----w- c:\program files\COMODO
    2010-07-23 19:39:19 0 d-----w- c:\programdata\SecTaskMan
    2010-07-23 19:39:10 0 d-----w- c:\program files\Security Task Manager
    2010-07-23 15:06:14 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-07-23 15:06:14 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-07-23 02:06:53 68120 ----a-w- c:\windows\system32\PxSecure.dll
    2010-07-23 02:06:51 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2010-07-23 02:06:51 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
    2010-07-23 02:06:45 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
    2010-07-23 02:06:44 0 d-----w- c:\program files\Prevx
    2010-07-23 02:06:07 0 d-----w- c:\programdata\PrevxCSI
    ==================== Find3M ====================
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-06-22 02:47:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-22 02:47:21 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-22 02:47:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2010-02-16 18:36:03 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-10 06:10:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2010-02-10 06:10:12 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2010-02-10 06:10:12 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2010-02-10 06:10:12 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    ============= FINISH: 21:22:39.90 ===============
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-19 22:33:27
    Windows 6.1.7600
    Running: 25mhrb8d (2).exe; Driver: C:\Users\LEVENT~1\AppData\Local\Temp\kwqiqkow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x915F1A30]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x915F1A80]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x915F2000]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x915F1E90]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x915F1B20]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x915F19E0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x915F21A0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x915F1BC0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x915F1C10]
    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820443F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202D2D8
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202C898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820441DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820446F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820451A8
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8A9A4B9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8A9A49C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8A9A4AFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81C5D599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C81F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 81C897AC 4 Bytes [30, 1A, 5F, 91] {XOR [EDX], BL; POP EDI; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 34C 81C8985C 4 Bytes [80, 1A, 5F, 91] {SBB BYTE [EDX], 0x5f; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 81C899F8 4 Bytes [00, 20, 5F, 91] {ADD [EAX], AH; POP EDI; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 508 81C89A18 4 Bytes JMP E0E72A9E
    .text ntkrnlpa.exe!RtlSidHashLookup + 54C 81C89A5C 4 Bytes [20, 1B, 5F, 91] {AND [EBX], BL; POP EDI; XCHG ECX, EAX}
    .text ...
    .text peauth.sys A4169C9D 28 Bytes [DE, ED, 0F, 00, 0B, 14, C6, ...]
    .text peauth.sys A4169CC1 28 Bytes [DE, ED, 0F, 00, 0B, 14, C6, ...]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\windows\Explorer.EXE[3860] ntdll.dll!NtWriteFile 77685EB0 5 Bytes JMP 6C837450 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    .text C:\windows\Explorer.EXE[3860] kernel32.dll!CreateThread 7731281D 5 Bytes JMP 6C8369A0 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    .text C:\windows\Explorer.EXE[3860] USER32.dll!SetWindowTextW 76208267 5 Bytes JMP 6C837110 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243feab3f
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243feab3f (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-19 22:33:27
    Windows 6.1.7600
    Running: 25mhrb8d (2).exe; Driver: C:\Users\LEVENT~1\AppData\Local\Temp\kwqiqkow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x915F1A30]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0x915F1A80]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0x915F2000]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0x915F1E90]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x915F1B20]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x915F19E0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0x915F21A0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x915F1BC0]
    SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x915F1C10]
    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820443F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202D2D8
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202C898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820441DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820446F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82044F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820451A8
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8A9A4B9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8A9A49C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8A9A4AFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81C5D599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C81F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 81C897AC 4 Bytes [30, 1A, 5F, 91] {XOR [EDX], BL; POP EDI; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 34C 81C8985C 4 Bytes [80, 1A, 5F, 91] {SBB BYTE [EDX], 0x5f; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 81C899F8 4 Bytes [00, 20, 5F, 91] {ADD [EAX], AH; POP EDI; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 508 81C89A18 4 Bytes JMP E0E72A9E
    .text ntkrnlpa.exe!RtlSidHashLookup + 54C 81C89A5C 4 Bytes [20, 1B, 5F, 91] {AND [EBX], BL; POP EDI; XCHG ECX, EAX}
    .text ...
    .text peauth.sys A4169C9D 28 Bytes [DE, ED, 0F, 00, 0B, 14, C6, ...]
    .text peauth.sys A4169CC1 28 Bytes [DE, ED, 0F, 00, 0B, 14, C6, ...]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\windows\Explorer.EXE[3860] ntdll.dll!NtWriteFile 77685EB0 5 Bytes JMP 6C837450 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    .text C:\windows\Explorer.EXE[3860] kernel32.dll!CreateThread 7731281D 5 Bytes JMP 6C8369A0 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    .text C:\windows\Explorer.EXE[3860] USER32.dll!SetWindowTextW 76208267 5 Bytes JMP 6C837110 C:\windows\system32\PxSecure.dll (Prevx Security Library/Prevx)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243feab3f
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243feab3f (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. SaintAnger77

    SaintAnger77 Thread Starter

    Joined:
    Aug 19, 2010
    Messages:
    2
    I forgot to mention also that my FN keys are not all working, namely the ones that control the sound, the wireless/bluetooth/, and the task manager. I dont know if this was something that I did but the system restores that I performed did not help with this either.
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    33,884
    Hiya and welcome to Tech Support Guy :)

    Sorry for the lateness in a reply, but these forums are very busy :(

    Are you still having this problem? If so, can you post a fresh DDS log.

    Regards

    eddie
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/944594

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice