Toshiba Windows 7 in Safe Mode

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Frusterated

Thread Starter
Joined
Jan 14, 2011
Messages
3
Hello,

I have a laptop on life support here. Seems to have a nasty infection. Swelling, slight twitch, and pussing. And that's just my eyeballs.

My machine is a Toshiba Satellite C650, 6 months old, with Windows 7 Home Premium. The problem started 4 days ago with a slow start up, normally 1 minute, but took maybe 10. I noticed Avast Antivirus failed to start and I couldn't start it, plus the settings were turned down and now had a password so I couldn't change them. Windows Defender failed to start and wouldn't run when I tried to start it. The computer quickly bogged down to the point where I had to hit the power button - a first. It slowly got worse until now I can't even get it to start in Normal Mode, or Safe Mode with Networking. I hope I haven't compounded the problem.

Things I tried:
Avast - manual scan
System Restore, 3 or 4X - most recently giving me an error the System Restore failed to extract C:\Windows\System32\FNTCACHE.DAT
vcleaner.exe - downloaded virus scanner
Restored the system Registry to it's default values
Performance scans on the memory
MRT.exe - malware removal tool from Microsoft updated to Jan 2011
manually searching for recently modified files
Reinstalled Avast - but can't get online to update virus definitions

What I found:
spldr.sys - defective security driver

Here are the log files


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:24 PM, on 13/01/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode
Running processes:
C:\Users\Graeme\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MyGarminAgent] C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10950 bytes




DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
Run by Graeme at 22:31:10.15 on 13/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3964.3400 [GMT -7:00]
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Users\Graeme\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.toshiba.ca/welcome
uWindow Title = Presented by TOSHIBA Leading Innovation >>>
uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.toshiba.ca/welcome
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MyGarminAgent] C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Graeme\AppData\Roaming\Mozilla\Firefox\Profiles\3c94dc4z.default\
FF - prefs.js: browser.startup.homepage - hxxp://weather.ca.msn.com/local.aspx?wealocations=wc:CAXX0246&q=Lethbridge%2c+AB
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Graeme\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
============= SERVICES / DRIVERS ===============
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-5-1 9216]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-13 121936]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-13 20048]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-13 61008]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-3 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-5 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-19 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-5-1 35008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-1 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-5-1 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
=============== Created Last 30 ================
2011-01-13 21:25:09 61008 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-01-13 21:25:00 38848 ----a-w- C:\windows\avastSS.scr
2011-01-12 09:17:32 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CDBEF1D4-A02A-4B38-AFA0-03DB77820B93}\mpengine.dll
2011-01-12 06:39:06 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-01-12 06:39:06 367104 ----a-w- C:\windows\System32\atmfd.dll
2011-01-12 06:39:06 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-01-12 06:39:06 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-01-12 06:39:05 395776 ----a-w- C:\windows\System32\webio.dll
2011-01-12 06:39:05 314368 ----a-w- C:\windows\SysWow64\webio.dll
2011-01-12 06:39:02 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2011-01-12 06:39:02 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2011-01-12 06:39:02 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2011-01-11 18:41:28 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 18:41:28 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-01-11 18:41:28 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-01-11 18:41:28 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-11 18:41:28 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-11 18:41:28 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 18:41:28 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 18:41:28 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-11 18:41:28 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 18:41:28 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-11 17:49:50 -------- d-----w- C:\Users\Graeme\AppData\Local\ElevatedDiagnostics
==================== Find3M ====================
2010-10-19 17:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe
2010-09-24 06:20:04 981872 ----a-w- C:\Program Files (x86)\WeatherEye.dll
2010-09-22 00:22:20 309104 ----a-w- C:\Program Files (x86)\WeatherEye.exe
============= FINISH: 22:33:25.39 ===============




GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-13 23:10:04
Windows 6.1.7600
Running: ns8dlge8.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???k????????????????t???tunnel??24???????????????????????k?k?k????X??????????v???????????o???\???????k??? ???e??????????? n??????6?????ily???????????k???????????????????????h??????p???????????.NTAMD64?L???k?kta???j??? ???????f?????????????,??&?????????????????? ???????j?????j???????,???????????????????????k?&??? ???????j?????j?? ????,??"?????f????????????`?j?j?j?k?k?k??*6to4mp??????????k?????j?&???????????h?j?k?j????????????????????t????????????????????3???????????????????A?????s?/??????????tunnel???????????? ??????????????????????????F??????1}???`?e?j?k????s????f?j?j?j?????e??FltMgr???1?????????????????????????s?/?????????????????????????s?????????????i?j?j?k???????????????????????s61???????????2???0?????????????????s??????6??????l??????????????7224?????u??0.0.0.0?,????????????y???????????????????????e??LegacyDriver?W?????? ????????????????????????????????????g??????p????????<???9???e???????????k?k?????~?~?}???????????????k??? ???????????????2?g?3???k???k??? ???????j?????j???????,??(???????????????????s????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???p????HIDClass??????Z??p?????????e?????????????????????u??.NT??? ??????????????????????????????????????????????????????q??Net???????????????????????<??p?????????n????? ???p???????????????????????*???*???????????p??????????????? [email protected]%SystemRoot%\system32\drivers\fvevol.sys,-100????????:??p????????h????????p?????????????o???????? ?????????????????system32\DRIVERS\FwLnk.sys????????????????????????????4??p????????h??????????f???????,???????????:??? ???????n???????????o??????????R?N???????????b??p?????????e???????????????????????????????p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???p?????????????o???????? ?????????????????system32\DRIVERS\FwLnk.sys????????????????????????????4??p????????h??????????f???????,???????????:??? ???????n???????????o??????????R?N???????????b??p?????????e???????????????????????????????p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q?????????Microsoft 1.1 UAA Function Driver for High Definition Audio Service?????system32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\http.sys,[email protected]??????????????? ??????????~????????<??p????????h??????????5.??????????????u?u?u?v????? ???????r?????p?????p???????????????????????????????p?????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q?????????Microsoft 1.1 UAA Function Driver for High Definition Audio Service?????system32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\http.sys,[email protected]??????????????? ??????????~????????<??p????????h??????????5.??????????????u?u?u?v????? ???????r?????p?????p???????????????????????????????p??????????????FileInfo?<??? ???????p???????????p???????????????????????????p??????????45000????????????????????p?p???????p????? ???[email protected]%SystemRoot%\system32\drivers\filetrace.sys,-10001
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?????????????0??0???????????????t????????????????????????????r???.???????.???8??Tdx?nsi???????????????????????8?????s????????????????????t??? ???????n???????????o????????(?4?^[email protected]%systemroot%\system32\drivers\hwpolicy.sys,-101??????????????????H??q?????????????????p?p??????????System32\Drivers\ksecpkg.sys?????????????????j?k?q?s?s [email protected]?????????t???????????*6to4mp?????? [email protected]%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?p??????????System32\Drivers\ksecpkg.sys?????????????????j?k?q?s?s [email protected]?????????t???????????*6to4mp?????? [email protected]%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??p????????n?????%SystemRoot%\System32\dnsext.dll????? ???????p???????????o?2???????????????????????????????????e????? ???????p???????????p?2???
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\[email protected] ???q?s???k?p?q????????8??q????????h?????? ???????p???????????q??????????N?I?????C?????N??q??????????????{719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}??????? ???????p???????????q??????????N?J??????2????N??q??????????????{5D9E0020-3761-4f36-90C8-38CE6511BD12}???????q??? ???????p???????????q??????????N?K???????????????N??q??????????????{7A67066E-193F-4D3A-82D3-322FEE5259DE}???????q??? ???????p???????????q??????????N?L???????????????N??q??????????????{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}???????q??? ???????p???????????q?,?????? ?>?M???????????????>??q??????????????C:\Windows\system32\msimsg.dll???????q??????????????????????? ???????p???????????q??????????N?N????H??????N??q??????????????{04D66358-C4A1-419B-8023-23B73902DE2C}??????? ???????p???????????q??????????N?O???????????N??q???????????????q????N??q???????????????q???q???q???q??????????????{973143DD-F3C7-4EF5-B156-544AC38C39B6}??????? ???????p???????????q??????????N?P?????????{7F9D83DE-8ABB-457F-98E8-4AD161449ECC}??????? ???????p???????????q??????????N?Q??????b????N
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller????????????????????????????????????????????????????????????????????????????t???LocalSystem?????????????????t?????????????????????????N????????????e???????????????g??????<???????????h????????????????????e????.NT?????? ????????????????????????&[email protected]%systemroot%\system32\srvsvc.dll,-100????????Z???????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%systemroot%\system32\srvsvc.dll,-101??????? ??????????????????????????????????????????????????????????????t????????????:?????????? ????????????????????????????e??SamSS?Srv?????????,?????????????????????????????????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?SeLoadDriverPrivilege???????????????????????????????????????????????????????? ???????????????????????????????????????s??? ?????????????????????????????????????????????s????? ????????????????????????????H??????????????y???????????*?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ?????????????????????????????:??????????????????????? ????????????????????????????:?B??? ???????????? B?????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????????????????o???????????????????v???????G???????????~???????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSC
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????????????????? ????????????????????????????:?B??? ???????????? B?????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????????????????o???????????????????v???????G???????????~???????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSCFlags=0?MaxUses=4294967295?Path=
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permissions=0?Remark=Journal Note Writer?ShareName=Printer2?Type=1??me??CSCFlags=0?MaxUses=4294967295?Path=HP Deskjet F4400 series,LocalsplOnly?Permissions=0?Remark=HP Deskjet F4400 series?ShareName=Printer3?Type=1????????h??????????t????H?X??????4???????????????????? ??????? ??????? ????????????????i????????l?x??????X???$?????????????????????????????????? ??????????????????????????.????????l?x??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????????????????????????????? ???????????????????????????????????????e???????????????????0??????????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S????`????????????e????Link-Layer Topology Discovery Mappe
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S????`????????????e????Link-Layer Topology Discovery Mapper I/O Driver???????0?????????p????? ???????????????????????????????????????????????????????????????????????????\????????????e????5.2??????????????????2?????????????g??????8???????????h?????system32\DRIVERS\lltdio.sys????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\[email protected] ????????system32\DRIVERS\netbios.sys??????$????????????e????NetBIOS Interface???????????????p????????/??????????????????NetBIOSGroup??????$????????????n????NetBIOS Interface???????????????????????????????????t???? ???????????????????????????????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????e????????????????s??????????????????????? ?????????????????????????????????? ????????????????????s???a??????????????? [email protected]%SystemRoot%\system32\drivers\netbt.sys,-2?????????W??????g??????????????6???????????h?????System32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\netbt.sys,-1?????Tcpip????????????????????????????????????????????????????????????e??Tdx?tcpip???????????????????????????????????????????????????????????? ?????????????????????9??????"??????????e????????????????????s??????????????1??8&???????????V??e0?
Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ??????????????<???????????h?????system32\DRIVERS\L1C62x64.sys??????????????????e????NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller????LocalSystem??????? ?????????p?????????????????????????N????????????e??????????????????????????????????????s?????????????????????????????? ????????????????????????&[email protected]%systemroot%\system32\srvsvc.dll,-100????????Z???????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%systemroot%\system32\srvsvc.dll,-101??????? ??????????????????????????????????????????????????????????????t????????????:?????????? ????????????????????????????e??SamSS?Srv?????????,?????????????????????????????????????????????????????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?SeLoadDriverPrivilege???????????????????????????????????????????????????????? ???????????????????????????????????????s??? ?????????????????????????????????????????????s????? ????????????????????????????H??????????????y?
Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ?????????????????????????????????????:??????????????????????? ????????????????????????????:?B??? ???????????? B??????????????????????????~??????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????o???????????????????v???????G???????????????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0?????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0???????????????.??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permiss
Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ????????????????????? ????????????????????????????:?B??? ???????????? B??????????????????????????~??????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????o???????????????????v???????G???????????????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0?????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0???????????????.??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permissions=0?Remark=Journal Note Writer?ShareN
Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ??????????h???????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]%systemroot%\system32\wkssvc.dll,-101??????????????????? 8?????????????????NT AUTHORITY\NetworkService??????????????????????????????????:???:??????????????t??????? ?????????????,???????????????????<??????????????e??Bowser?MRxSmb10?MRxSmb20?NSI?????????????????????????????????s??ep??????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????\Device\Smb_Tcpip_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip_{3D9FA833-5FAE-4DA5-AC61-D1336A6F4860}?\Device\Smb_Tcpip_{DFA88CF0-2EAD-49AE-A81B-4041C7AC0E4D}?\Device\Smb_Tcpip6_{6BB04E5B-D44B-49B9-979D-F6560CB4FC8B}?\Device\Smb_Tcpip6_{6E57A0DF-D3A9-485F-BBCE-84109038733E}?\Device\Smb_Tcpip6_{CD4BE8C1-25F0-40B8-8AE4-DB8C55B29481}?\Device\Smb_Tcpip6_{498656F4-43CC-4E0C-972B-C77F40852333}?\Device\Smb_Tcpip6_{DA47C90C-8369-48DD-9606-4CB5A5F7EBEC}?\Device\Smb_Tcpip6_{8879F1E3-234A-4938-AAEE-58
Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????\Device\Smb_Tcpip_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip_{3D9FA833-5FAE-4DA5-AC61-D1336A6F4860}?\Device\Smb_Tcpip_{DFA88CF0-2EAD-49AE-A81B-4041C7AC0E4D}?\Device\Smb_Tcpip6_{6BB04E5B-D44B-49B9-979D-F6560CB4FC8B}?\Device\Smb_Tcpip6_{6E57A0DF-D3A9-485F-BBCE-84109038733E}?\Device\Smb_Tcpip6_{CD4BE8C1-25F0-40B8-8AE4-DB8C55B29481}?\Device\Smb_Tcpip6_{498656F4-43CC-4E0C-972B-C77F40852333}?\Device\Smb_Tcpip6_{DA47C90C-8369-48DD-9606-4CB5A5F7EBEC}?\Device\Smb_Tcpip6_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip6_{4DA3A93C-7B6C-401B-BC5C-69E83F8C7AFF}?\Device\Smb_Tcpip6_{ED0422CE-9874-4462-B93B-CCAA3414007C}?\Device\Smb_Tcpip6_{FBFB6FC0-ABFE-4046-9F8D-5E9BFC06B496}?\Device\Smb_Tcpip6_{9C80EAEE-9FD4-4060-90D0-EC07F342E7D6}?\Device\Smb_Tcpip6_{9164EAE3-4667-4A2F-BDD5-9B0CE9A2F6B6}?\Device\Smb_Tcpip6_{C7500E8C-4557-4D8B-B8AE-C08C5B4CC06C}?\Device\Smb_Tcpip6_{170ED2BF
Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S???????????0??0???????????????t??????????????????????????????????g??????8???????????h?????system32\DRIVERS\lltdio.sys???????`????????????e????Link-Layer Topology Discovery Mapper I/O Driver??????????????????2???? ????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet004\services\NetBIOS\[email protected] ??????????????:???????????h?????system32\DRIVERS\netbios.sys??????$????????????e????NetBIOS Interface???????????????????????????????p???NetBIOSGroup??????$????????????n????NetBIOS Interface???????????????????????? ???????????????????????????????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????e????????????????s??????????????????????????????? ?????????????????????????????????? ????????????????????s???a??? [email protected]%SystemRoot%\system32\drivers\netbt.sys,-2?????????????????p???PNP_TDI???????6???????????h?????System32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\netbt.sys,-1?????Tcpip???????????????????????????????????????t?????????????????????????????????????????????????????????????????R???????????h?????\SystemRoot\system32\DRIVERS\nfrd960.sys????????????????????????????p???SCSI Miniport?????V??????????????d?
---- Files - GMER 1.0.15 ----
File C:\Windows\inf\stexstor.PNF 15656 bytes
File C:\Windows\inf\sti.inf 35022 bytes
File C:\Windows\inf\sti.PNF 34204 bytes
File C:\Windows\inf\tape.inf 77596 bytes
File C:\Windows\inf\tape.PNF 90764 bytes
File C:\Windows\inf\TAPISRV 0 bytes
File C:\Windows\inf\TAPISRV\0000 0 bytes
File C:\Windows\inf\TAPISRV\0000\tapiperf.ini 2724 bytes
File C:\Windows\inf\TAPISRV\0409 0 bytes
File C:\Windows\inf\TAPISRV\0409\tapiperf.ini 2724 bytes
File C:\Windows\inf\TAPISRV\perfctr.h 1015 bytes
File C:\Windows\inf\tdibth.inf 8874 bytes
File C:\Windows\inf\tdibth.PNF 11560 bytes
File C:\Windows\inf\TermService 0 bytes
File C:\Windows\inf\TermService\0000 0 bytes
File C:\Windows\inf\TermService\0000\tslabels.ini 25350 bytes
File C:\Windows\inf\TermService\0409 0 bytes
File C:\Windows\inf\TermService\0409\tslabels.ini 25350 bytes
File C:\Windows\inf\TermService\tslabels.h 3013 bytes
File C:\Windows\inf\tpm.inf 8852 bytes
File C:\Windows\inf\tpm.PNF 12156 bytes
File C:\Windows\inf\transfercable.inf 15490 bytes
File C:\Windows\inf\transfercable.PNF 12628 bytes
File C:\Windows\inf\tsprint.inf 4134 bytes
File C:\Windows\inf\tsprint.PNF 6892 bytes
File C:\Windows\inf\ts_generic.inf 4166 bytes
File C:\Windows\inf\ts_generic.PNF 8784 bytes
File C:\Windows\inf\ts_wpdmtp.inf 11310 bytes
File C:\Windows\inf\ts_wpdmtp.PNF 13328 bytes
---- EOF - GMER 1.0.15 ----



I'm already seeing some problems here and I don't even know what this stuff means. But I don't have any idea ho to fix it.

Frusterated
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top