1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Toshiba Windows 7 in Safe Mode

Discussion in 'Virus & Other Malware Removal' started by Frusterated, Jan 14, 2011.

Thread Status:
Not open for further replies.
  1. Frusterated

    Frusterated Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    3
    Hello,

    I have a laptop on life support here. Seems to have a nasty infection. Swelling, slight twitch, and pussing. And that's just my eyeballs.

    My machine is a Toshiba Satellite C650, 6 months old, with Windows 7 Home Premium. The problem started 4 days ago with a slow start up, normally 1 minute, but took maybe 10. I noticed Avast Antivirus failed to start and I couldn't start it, plus the settings were turned down and now had a password so I couldn't change them. Windows Defender failed to start and wouldn't run when I tried to start it. The computer quickly bogged down to the point where I had to hit the power button - a first. It slowly got worse until now I can't even get it to start in Normal Mode, or Safe Mode with Networking. I hope I haven't compounded the problem.

    Things I tried:
    Avast - manual scan
    System Restore, 3 or 4X - most recently giving me an error the System Restore failed to extract C:\Windows\System32\FNTCACHE.DAT
    vcleaner.exe - downloaded virus scanner
    Restored the system Registry to it's default values
    Performance scans on the memory
    MRT.exe - malware removal tool from Microsoft updated to Jan 2011
    manually searching for recently modified files
    Reinstalled Avast - but can't get online to update virus definitions

    What I found:
    spldr.sys - defective security driver

    Here are the log files


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:25:24 PM, on 13/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Safe mode
    Running processes:
    C:\Users\Graeme\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MyGarminAgent] C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 10950 bytes




    DDS (Ver_10-12-12.02) - NTFS_AMD64 MINIMAL
    Run by Graeme at 22:31:10.15 on 13/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3964.3400 [GMT -7:00]
    AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\Explorer.EXE
    C:\windows\system32\ctfmon.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\Users\Graeme\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.toshiba.ca/welcome
    uWindow Title = Presented by TOSHIBA Leading Innovation >>>
    uDefault_Page_URL = hxxp://www.toshiba.ca/welcome
    mStart Page = hxxp://www.toshiba.ca/welcome
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [MyGarminAgent] C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
    mRun-x64: [(Default)]
    mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
    mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    mRun-x64: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    ================= FIREFOX ===================
    FF - ProfilePath - C:\Users\Graeme\AppData\Roaming\Mozilla\Firefox\Profiles\3c94dc4z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://weather.ca.msn.com/local.aspx?wealocations=wc:CAXX0246&q=Lethbridge%2c+AB
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Graeme\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
    ============= SERVICES / DRIVERS ===============
    R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-5-1 9216]
    S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-13 121936]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-13 20048]
    S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-13 61008]
    S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
    S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-3 136176]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-13 40384]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-8-5 1038088]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-19 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
    S3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-5-1 35008]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-1 232992]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-5-1 51512]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    =============== Created Last 30 ================
    2011-01-13 21:25:09 61008 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
    2011-01-13 21:25:00 38848 ----a-w- C:\windows\avastSS.scr
    2011-01-12 09:17:32 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CDBEF1D4-A02A-4B38-AFA0-03DB77820B93}\mpengine.dll
    2011-01-12 06:39:06 46080 ----a-w- C:\windows\System32\atmlib.dll
    2011-01-12 06:39:06 367104 ----a-w- C:\windows\System32\atmfd.dll
    2011-01-12 06:39:06 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2011-01-12 06:39:06 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
    2011-01-12 06:39:05 395776 ----a-w- C:\windows\System32\webio.dll
    2011-01-12 06:39:05 314368 ----a-w- C:\windows\SysWow64\webio.dll
    2011-01-12 06:39:02 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2011-01-12 06:39:02 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2011-01-12 06:39:02 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2011-01-11 18:41:28 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-11 18:41:28 720896 ----a-w- C:\windows\System32\odbc32.dll
    2011-01-11 18:41:28 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
    2011-01-11 18:41:28 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-11 18:41:28 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-11 18:41:28 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-11 18:41:28 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-11 18:41:28 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-11 18:41:28 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-11 18:41:28 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-11 17:49:50 -------- d-----w- C:\Users\Graeme\AppData\Local\ElevatedDiagnostics
    ==================== Find3M ====================
    2010-10-19 17:41:44 270720 ------w- C:\windows\System32\MpSigStub.exe
    2010-09-24 06:20:04 981872 ----a-w- C:\Program Files (x86)\WeatherEye.dll
    2010-09-22 00:22:20 309104 ----a-w- C:\Program Files (x86)\WeatherEye.exe
    ============= FINISH: 22:33:25.39 ===============




    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-13 23:10:04
    Windows 6.1.7600
    Running: ns8dlge8.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???k????????????????t???tunnel??24???????????????????????k?k?k????X??????????v???????????o???\???????k??? ???e??????????? n??????6?????ily???????????k???????????????????????h??????p???????????.NTAMD64?L???k?kta???j??? ???????f?????????????,??&?????????????????? ???????j?????j???????,???????????????????????k?&??? ???????j?????j?? ????,??"?????f????????????`?j?j?j?k?k?k??*6to4mp??????????k?????j?&???????????h?j?k?j????????????????????t????????????????????3???????????????????A?????s?/??????????tunnel???????????? ??????????????????????????F??????1}???`?e?j?k????s????f?j?j?j?????e??FltMgr???1?????????????????????????s?/?????????????????????????s?????????????i?j?j?k???????????????????????s61???????????2???0?????????????????s??????6??????l??????????????7224?????u??0.0.0.0?,????????????y???????????????????????e??LegacyDriver?W?????? ????????????????????????????????????g??????p????????<???9???e???????????k?k?????~?~?}???????????????k??? ???????????????2?g?3???k???k??? ???????j?????j???????,??(???????????????????s????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???p????HIDClass??????Z??p?????????e?????????????????????u??.NT??? ??????????????????????????????????????????????????????q??Net???????????????????????<??p?????????n????? ???p???????????????????????*???*???????????p??????????????? [email protected]%SystemRoot%\system32\drivers\fvevol.sys,-100????????:??p????????h????????p?????????????o???????? ?????????????????system32\DRIVERS\FwLnk.sys????????????????????????????4??p????????h??????????f???????,???????????:??? ???????n???????????o??????????R?N???????????b??p?????????e???????????????????????????????p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???p?????????????o???????? ?????????????????system32\DRIVERS\FwLnk.sys????????????????????????????4??p????????h??????????f???????,???????????:??? ???????n???????????o??????????R?N???????????b??p?????????e???????????????????????????????p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q?????????Microsoft 1.1 UAA Function Driver for High Definition Audio Service?????system32\DRIVERS\HDAudBus.sys?DAudB[email protected]%SystemRoot%\system32\drivers\http.sys,[email protected]??????????????? ??????????~????????<??p????????h??????????5.??????????????u?u?u?v????? ???????r?????p?????p???????????????????????????????p?????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?q??????????????t???system32\drivers\HTTP.sys?????????????????????(???????????????????????????????????????????:??p????????h?????????????aswRdr??????USB???(??? ?Net??+???????+??? ???????n???????????o??????????2?O????G????Microsoft UAA Bus Driver for High Definition Audio????????????18??????<??p????????h?????system32\drivers\HdAudio.sys?????????p?????????e??????<??p???????????????????d??? ???????n??????????????????????V?Q?????????Microsoft 1.1 UAA Function Driver for High Definition Audio Service?????system32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\http.sys,[email protected]??????????????? ??????????~????????<??p????????h??????????5.??????????????u?u?u?v????? ???????r?????p?????p???????????????????????????????p??????????????FileInfo?<??? ???????p???????????p???????????????????????????p??????????45000????????????????????p?p???????p????? ???[email protected]%SystemRoot%\system32\drivers\filetrace.sys,-10001
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?????????????0??0???????????????t????????????????????????????r???.???????.???8??Tdx?nsi???????????????????????8?????s????????????????????t??? ???????n???????????o????????(?4?^[email protected]%systemroot%\system32\drivers\hwpolicy.sys,-101??????????????????H??q?????????????????p?p??????????System32\Drivers\ksecpkg.sys?????????????????j?k?q?s?s [email protected]?????????t???????????*6to4mp?????? [email protected]%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???p?p??????????System32\Drivers\ksecpkg.sys?????????????????j?k?q?s?s [email protected]?????????t???????????*6to4mp?????? [email protected]%SystemRoot%\System32\dnsapi.dll,-101???????????p??????p????p?p?p???p???p????????????????h??p????????h?????%SystemRoot%\system32\svchost.exe -k NetworkService???????N??p?????????n?[email protected]%SystemRoot%\System32\dnsapi.dll,-102??????? 8??p??????????????NT AUTHORITY\NetworkService????????????????????????????p0??????p????????????????t??????? ?????????????,??p???????????????????p???????????e??????????????????????? F??p???????????????p????b??p??????????????????SeChangeNotifyPrivilege?SeCreateGlobalPrivilege??????????????????????????????p?p?p?p?p?p?p?p?p?p?p?p????? ???????p?????p?????p?2??????,?F??? ???????????%SystemRoot%\System32\dnsrslvr.dll????????????????????????????????B??p????????n?????%SystemRoot%\System32\dnsext.dll????? ???????p???????????o?2???????????????????????????????????e????? ???????p???????????p?2???
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\[email protected] ???q?s???k?p?q????????8??q????????h?????? ???????p???????????q??????????N?I?????C?????N??q??????????????{719BE4ED-E9BC-4DD8-A7CF-C85CE8E4975D}??????? ???????p???????????q??????????N?J??????2????N??q??????????????{5D9E0020-3761-4f36-90C8-38CE6511BD12}???????q??? ???????p???????????q??????????N?K???????????????N??q??????????????{7A67066E-193F-4D3A-82D3-322FEE5259DE}???????q??? ???????p???????????q??????????N?L???????????????N??q??????????????{155CB334-3D7F-4ff1-B107-DF8AFC3C0363}???????q??? ???????p???????????q?,?????? ?>?M???????????????>??q??????????????C:\Windows\system32\msimsg.dll???????q??????????????????????? ???????p???????????q??????????N?N????H??????N??q??????????????{04D66358-C4A1-419B-8023-23B73902DE2C}??????? ???????p???????????q??????????N?O???????????N??q???????????????q????N??q???????????????q???q???q???q??????????????{973143DD-F3C7-4EF5-B156-544AC38C39B6}??????? ???????p???????????q??????????N?P?????????{7F9D83DE-8ABB-457F-98E8-4AD161449ECC}??????? ???????p???????????q??????????N?Q??????b????N
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller????????????????????????????????????????????????????????????????????????????t???LocalSystem?????????????????t?????????????????????????N????????????e???????????????g??????<???????????h????????????????????e????.NT?????? ????????????????????????&[email protected]%systemroot%\system32\srvsvc.dll,-100????????Z???????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%systemroot%\system32\srvsvc.dll,-101??????? ??????????????????????????????????????????????????????????????t????????????:?????????? ????????????????????????????e??SamSS?Srv?????????,?????????????????????????????????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?SeLoadDriverPrivilege???????????????????????????????????????????????????????? ???????????????????????????????????????s??? ?????????????????????????????????????????????s????? ????????????????????????????H??????????????y???????????*?????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ?????????????????????????????:??????????????????????? ????????????????????????????:?B??? ???????????? B?????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????????????????o???????????????????v???????G???????????~???????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSC
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] ????????????????????? ????????????????????????????:?B??? ???????????? B?????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????????????????o???????????????????v???????G???????????~???????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSCFlags=0?MaxUses=4294967295?Path=
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ?????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0??????????????.??????????????????????????????????? ??????????????????????????????????????????????????????????????????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permissions=0?Remark=Journal Note Writer?ShareName=Printer2?Type=1??me??CSCFlags=0?MaxUses=4294967295?Path=HP Deskjet F4400 series,LocalsplOnly?Permissions=0?Remark=HP Deskjet F4400 series?ShareName=Printer3?Type=1????????h??????????t????H?X??????4???????????????????? ??????? ??????? ????????????????i????????l?x??????X???$?????????????????????????????????? ??????????????????????????.????????l?x??
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????????????????????????????? ???????????????????????????????????????e???????????????????0??????????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S????`????????????e????Link-Layer Topology Discovery Mappe
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S????`????????????e????Link-Layer Topology Discovery Mapper I/O Driver???????0?????????p????? ???????????????????????????????????????????????????????????????????????????\????????????e????5.2??????????????????2?????????????g??????8???????????h?????system32\DRIVERS\lltdio.sys????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\[email protected] ????????system32\DRIVERS\netbios.sys??????$????????????e????NetBIOS Interface???????????????p????????/??????????????????NetBIOSGroup??????$????????????n????NetBIOS Interface???????????????????????????????????t???? ???????????????????????????????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????e????????????????s??????????????????????? ?????????????????????????????????? ????????????????????s???a??????????????? [email protected]%SystemRoot%\system32\drivers\netbt.sys,-2?????????W??????g??????????????6???????????h?????System32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\netbt.sys,-1?????Tcpip????????????????????????????????????????????????????????????e??Tdx?tcpip???????????????????????????????????????????????????????????? ?????????????????????9??????"??????????e????????????????????s??????????????1??8&???????????V??e0?
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ??????????????<???????????h?????system32\DRIVERS\L1C62x64.sys??????????????????e????NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller????LocalSystem??????? ?????????p?????????????????????????N????????????e??????????????????????????????????????s?????????????????????????????? ????????????????????????&[email protected]%systemroot%\system32\srvsvc.dll,-100????????Z???????????h?????%SystemRoot%\system32\svchost.exe -k [email protected]%systemroot%\system32\srvsvc.dll,-101??????? ??????????????????????????????????????????????????????????????t????????????:?????????? ????????????????????????????e??SamSS?Srv?????????,?????????????????????????????????????????????????????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?SeLoadDriverPrivilege???????????????????????????????????????????????????????? ???????????????????????????????????????s??? ?????????????????????????????????????????????s????? ????????????????????????????H??????????????y?
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ?????????????????????????????????????:??????????????????????? ????????????????????????????:?B??? ???????????? B??????????????????????????~??????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????o???????????????????v???????G???????????????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0?????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0???????????????.??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permiss
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanServer\[email protected] ????????????????????? ????????????????????????????:?B??? ???????????? B??????????????????????????~??????????????????%SystemRoot%\system32\srvsvc.dll?????????????????????????????????????o???????????????????v???????G???????????????????????e?????????nab???????????????????????e???????????*???*???????????l???????????????????????u???????????.??? ???????????????9??? ???????????????????????????????,??????????????????????????????????? ???????4??????6????????????????????1??????????????g6??????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????CSCFlags=768?MaxUses=4294967295?Path=C:\windows\system32\spool\drivers?Permissions=0?Remark=Printer Drivers?ShareName=print$?Type=0?????CSCFlags=0?MaxUses=4294967295?Path=C:\USERS\PUBLIC\DOCUMENTS?Permissions=0?Remark=?ShareName=SharedDocs?Type=0???????????????.??????CSCFlags=0?MaxUses=4294967295?Path=Journal Note Writer,LocalsplOnly?Permissions=0?Remark=Journal Note Writer?ShareN
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ??????????h???????????h?????%SystemRoot%\System32\svchost.exe -k [email protected]%systemroot%\system32\wkssvc.dll,-101??????????????????? 8?????????????????NT AUTHORITY\NetworkService??????????????????????????????????:???:??????????????t??????? ?????????????,???????????????????<??????????????e??Bowser?MRxSmb10?MRxSmb20?NSI?????????????????????????????????s??ep??????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????\Device\Smb_Tcpip_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip_{3D9FA833-5FAE-4DA5-AC61-D1336A6F4860}?\Device\Smb_Tcpip_{DFA88CF0-2EAD-49AE-A81B-4041C7AC0E4D}?\Device\Smb_Tcpip6_{6BB04E5B-D44B-49B9-979D-F6560CB4FC8B}?\Device\Smb_Tcpip6_{6E57A0DF-D3A9-485F-BBCE-84109038733E}?\Device\Smb_Tcpip6_{CD4BE8C1-25F0-40B8-8AE4-DB8C55B29481}?\Device\Smb_Tcpip6_{498656F4-43CC-4E0C-972B-C77F40852333}?\Device\Smb_Tcpip6_{DA47C90C-8369-48DD-9606-4CB5A5F7EBEC}?\Device\Smb_Tcpip6_{8879F1E3-234A-4938-AAEE-58
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ????????????????????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeAuditPrivilege?????????????????????????????????\Device\Smb_Tcpip_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip_{3D9FA833-5FAE-4DA5-AC61-D1336A6F4860}?\Device\Smb_Tcpip_{DFA88CF0-2EAD-49AE-A81B-4041C7AC0E4D}?\Device\Smb_Tcpip6_{6BB04E5B-D44B-49B9-979D-F6560CB4FC8B}?\Device\Smb_Tcpip6_{6E57A0DF-D3A9-485F-BBCE-84109038733E}?\Device\Smb_Tcpip6_{CD4BE8C1-25F0-40B8-8AE4-DB8C55B29481}?\Device\Smb_Tcpip6_{498656F4-43CC-4E0C-972B-C77F40852333}?\Device\Smb_Tcpip6_{DA47C90C-8369-48DD-9606-4CB5A5F7EBEC}?\Device\Smb_Tcpip6_{8879F1E3-234A-4938-AAEE-5891DE6CFAF5}?\Device\Smb_Tcpip6_{4DA3A93C-7B6C-401B-BC5C-69E83F8C7AFF}?\Device\Smb_Tcpip6_{ED0422CE-9874-4462-B93B-CCAA3414007C}?\Device\Smb_Tcpip6_{FBFB6FC0-ABFE-4046-9F8D-5E9BFC06B496}?\Device\Smb_Tcpip6_{9C80EAEE-9FD4-4060-90D0-EC07F342E7D6}?\Device\Smb_Tcpip6_{9164EAE3-4667-4A2F-BDD5-9B0CE9A2F6B6}?\Device\Smb_Tcpip6_{C7500E8C-4557-4D8B-B8AE-C08C5B4CC06C}?\Device\Smb_Tcpip6_{170ED2BF
    Reg HKLM\SYSTEM\ControlSet004\services\LanmanWorkstation\[email protected] ????????????????????????????? ??????????????????????????????N????????????r??? 2?????????????????\Device\LanmanRedirector??????????4?????????????Microsoft Windows [email protected]%systemroot%\system32\wkssvc.dll,-102????????F?????????????????%SystemRoot%\System32\ntlanman.dll??????????????????????????????? ????????????????????????????0?B??? ???????????? B?????????????????%SystemRoot%\System32\wkssvc.dll?????????????????????????????????????????????????d???????????????????????e??????????????????????????????????????????????????????ms??????????????????????????????????????? ????????????????????????????&????????????????????????????????y????? ???????????????????????????????????????g??? ?????????????????????,?????? ?`????????S???????????0??0???????????????t??????????????????????????????????g??????8???????????h?????system32\DRIVERS\lltdio.sys???????`????????????e????Link-Layer Topology Discovery Mapper I/O Driver??????????????????2???? ????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet004\services\NetBIOS\[email protected] ??????????????:???????????h?????system32\DRIVERS\netbios.sys??????$????????????e????NetBIOS Interface???????????????????????????????p???NetBIOSGroup??????$????????????n????NetBIOS Interface???????????????????????? ???????????????????????????????????????e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????e????????????????s??????????????????????????????? ?????????????????????????????????? ????????????????????s???a??? [email protected]%SystemRoot%\system32\drivers\netbt.sys,-2?????????????????p???PNP_TDI???????6???????????h?????System32\DRIVERS\[email protected]%SystemRoot%\system32\drivers\netbt.sys,-1?????Tcpip???????????????????????????????????????t?????????????????????????????????????????????????????????????????R???????????h?????\SystemRoot\system32\DRIVERS\nfrd960.sys????????????????????????????p???SCSI Miniport?????V??????????????d?
    ---- Files - GMER 1.0.15 ----
    File C:\Windows\inf\stexstor.PNF 15656 bytes
    File C:\Windows\inf\sti.inf 35022 bytes
    File C:\Windows\inf\sti.PNF 34204 bytes
    File C:\Windows\inf\tape.inf 77596 bytes
    File C:\Windows\inf\tape.PNF 90764 bytes
    File C:\Windows\inf\TAPISRV 0 bytes
    File C:\Windows\inf\TAPISRV\0000 0 bytes
    File C:\Windows\inf\TAPISRV\0000\tapiperf.ini 2724 bytes
    File C:\Windows\inf\TAPISRV\0409 0 bytes
    File C:\Windows\inf\TAPISRV\0409\tapiperf.ini 2724 bytes
    File C:\Windows\inf\TAPISRV\perfctr.h 1015 bytes
    File C:\Windows\inf\tdibth.inf 8874 bytes
    File C:\Windows\inf\tdibth.PNF 11560 bytes
    File C:\Windows\inf\TermService 0 bytes
    File C:\Windows\inf\TermService\0000 0 bytes
    File C:\Windows\inf\TermService\0000\tslabels.ini 25350 bytes
    File C:\Windows\inf\TermService\0409 0 bytes
    File C:\Windows\inf\TermService\0409\tslabels.ini 25350 bytes
    File C:\Windows\inf\TermService\tslabels.h 3013 bytes
    File C:\Windows\inf\tpm.inf 8852 bytes
    File C:\Windows\inf\tpm.PNF 12156 bytes
    File C:\Windows\inf\transfercable.inf 15490 bytes
    File C:\Windows\inf\transfercable.PNF 12628 bytes
    File C:\Windows\inf\tsprint.inf 4134 bytes
    File C:\Windows\inf\tsprint.PNF 6892 bytes
    File C:\Windows\inf\ts_generic.inf 4166 bytes
    File C:\Windows\inf\ts_generic.PNF 8784 bytes
    File C:\Windows\inf\ts_wpdmtp.inf 11310 bytes
    File C:\Windows\inf\ts_wpdmtp.PNF 13328 bytes
    ---- EOF - GMER 1.0.15 ----



    I'm already seeing some problems here and I don't even know what this stuff means. But I don't have any idea ho to fix it.

    Frusterated
     

    Attached Files:

  2. Frusterated

    Frusterated Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    3
    Still Frusterated...
     
  3. Frusterated

    Frusterated Thread Starter

    Joined:
    Jan 14, 2011
    Messages:
    3
    Reformatted and reinstalled everything. Thanks anyways

    Not so,

    Frustrated Anymore
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974761

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice