Laptop freezing multiple times daily - moved by Jintan

[DRayner]

Tried running gmer but every time I click on only non ms files, the laptop says gmer has stopped working and closes the program. Running eset momentarily

[Jintan]

Sure sounds like malware still active. Let's see if Eset gives us a hint.

[DRayner]

I tried running eset in safemode but it needs to connect to the internet and in safe mode the laptop doesn't connect. It asks if the proxy settings are correct but all the spaces are empty

[Jintan]

At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

[DRayner]

Tried that and when I loaded the scan the computer shut off. Repeated the process with the same result at the same point, just before the scan began. It said the scan had already run but when I tried it before it never finished. I think it was going to begin where it left off when it froze before.

[Jintan]

Open RogueKiller again. When it opens and finishes it's initial scan, click:

Fix DNS

Then close RogueKiller. Reboot, and try Eset again normal mode.

[DRayner]

followed the steps and ran eset successfully but it said no threats were found

[Jintan]

Very good. Gmer has been updated. Please delete your existing copy, and download a new one from here.

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[DRayner]

GMER 2.0.18437 - http://www.gmer.net
Rootkit scan 2013-01-07 08:12:24
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232.89GB
Running: kfyqfge7.exe; Driver: C:\Users\TOSHIBA\AppData\Local\Temp\awdirfob.sys


---- Modules - GMER 2.0 ----

Module \SystemRoot\system32\ntoskrnl.exe fffff80002450000-fffff80002968000 (5341184 bytes)
Module \SystemRoot\system32\hal.dll fffff8000240a000-fffff80002450000 (286720 bytes)
Module \SystemRoot\system32\kdcom.dll fffffa6000604000-fffffa600060e000 (40960 bytes)
Module \SystemRoot\system32\mcupdate_GenuineIntel.dll fffffa600060e000-fffffa6000649000 (241664 bytes)
Module \SystemRoot\system32\PSHED.dll fffffa6000649000-fffffa600065d000 (81920 bytes)
Module \SystemRoot\system32\CLFS.SYS fffffa600065d000-fffffa60006ba000 (380928 bytes)
Module \SystemRoot\system32\CI.dll fffffa60006ba000-fffffa600076c000 (729088 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys fffffa6000801000-fffffa60008c3000 (794624 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS fffffa60008c3000-fffffa60008d3000 (65536 bytes)
Module \SystemRoot\system32\drivers\acpi.sys fffffa60008d3000-fffffa6000929000 (352256 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS fffffa6000929000-fffffa6000932000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys fffffa6000932000-fffffa600093c000 (40960 bytes)
Module \SystemRoot\system32\drivers\pci.sys fffffa600093c000-fffffa600096c000 (196608 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys fffffa600096c000-fffffa6000981000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\compbatt.sys fffffa6000981000-fffffa6000985000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\BATTC.SYS fffffa6000985000-fffffa6000991000 (49152 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys fffffa6000991000-fffffa60009a5000 (81920 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys fffffa600076c000-fffffa60007d2000 (417792 bytes)
Module \SystemRoot\system32\drivers\intelide.sys fffffa60009a5000-fffffa60009ad000 (32768 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS fffffa60009ad000-fffffa60009bd000 (65536 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys fffffa60009bd000-fffffa60009d0000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\iaStor.sys fffffa6000a0c000-fffffa6000b10000 (1064960 bytes)
Module \SystemRoot\system32\drivers\atapi.sys fffffa6000b10000-fffffa6000b18000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS fffffa6000b18000-fffffa6000b3c000 (147456 bytes)
Module \SystemRoot\system32\drivers\msahci.sys fffffa6000b3c000-fffffa6000b46000 (40960 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys fffffa6000b46000-fffffa6000b8d000 (290816 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys fffffa6000b8d000-fffffa6000ba1000 (81920 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys fffffa6000c03000-fffffa6000c8a000 (552960 bytes)
Module \SystemRoot\system32\drivers\ndis.sys fffffa6000e09000-fffffa6000fcc000 (1847296 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys fffffa6000c8a000-fffffa6000cda000 (327680 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS fffffa6000cda000-fffffa6000d33000 (364544 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys fffffa600100e000-fffffa6001182000 (1523712 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys fffffa6001182000-fffffa60011ae000 (180224 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys fffffa6001209000-fffffa6001389000 (1572864 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys fffffa6001389000-fffffa60013cd000 (278528 bytes)
Module \SystemRoot\system32\DRIVERS\TVALZ_O.SYS fffffa60013cd000-fffffa60013d2000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\tos_sps64.sys fffffa6000d33000-fffffa6000dba000 (552960 bytes)
Module \SystemRoot\System32\Drivers\spldr.sys fffffa60013d2000-fffffa60013da000 (32768 bytes)
Module \SystemRoot\System32\Drivers\mup.sys fffffa60013da000-fffffa60013ec000 (73728 bytes)
Module \SystemRoot\System32\drivers\ecache.sys fffffa60011ae000-fffffa60011da000 (180224 bytes)
Module \SystemRoot\system32\drivers\disk.sys fffffa60013ec000-fffffa6001400000 (81920 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS fffffa6000fcc000-fffffa6000ff8000 (180224 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys fffffa60011da000-fffffa60011e4000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\tunnel.sys fffffa6002309000-fffffa6002316000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\tunmp.sys fffffa6002316000-fffffa600231f000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\FwLnk.sys fffffa600231f000-fffffa6002327000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys fffffa6002327000-fffffa600233a000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\CmBatt.sys fffffa600233a000-fffffa600233f000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\tosrfec.sys fffffa600233f000-fffffa6002349000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\atikmdag.sys fffffa6002401000-fffffa600294e000 (5558272 bytes)
Module \SystemRoot\System32\drivers\dxgkrnl.sys fffffa6002a0f000-fffffa6002af2000 (929792 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys fffffa6002af2000-fffffa6002b02000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys fffffa6002b02000-fffffa6002bef000 (970752 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys fffffa6002bef000-fffffa6002bfb000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS fffffa600294e000-fffffa6002994000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys fffffa6002994000-fffffa60029a5000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlh64.sys fffffa60029a5000-fffffa60029f5000 (327680 bytes)
Module \SystemRoot\system32\DRIVERS\NETwLv64.sys fffffa6002c06000-fffffa6003341000 (7581696 bytes)
Module \SystemRoot\system32\DRIVERS\ohci1394.sys fffffa6003341000-fffffa6003353000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\1394BUS.SYS fffffa6003353000-fffffa6003363000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\sdbus.sys fffffa6003363000-fffffa6003383000 (131072 bytes)
Module \SystemRoot\system32\DRIVERS\rimmpx64.sys fffffa6003383000-fffffa6003398000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\rimspx64.sys fffffa6003398000-fffffa60033af000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\rixdpx64.sys fffffa6002349000-fffffa60023a0000 (356352 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys fffffa60033af000-fffffa60033c5000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys fffffa60033c5000-fffffa60033d3000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys fffffa60023a0000-fffffa60023f5000 (348160 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS fffffa60033d3000-fffffa60033d5000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys fffffa60033d5000-fffffa60033e1000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\tdcmdpst.sys fffffa60033e1000-fffffa60033eb000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys fffffa6000dba000-fffffa6000dd6000 (114688 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys fffffa60033eb000-fffffa60033f2000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys fffffa6000ba1000-fffffa6000bda000 (233472 bytes)
Module \SystemRoot\system32\DRIVERS\storport.sys fffffa600340a000-fffffa6003467000 (380928 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS fffffa6003467000-fffffa6003474000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys fffffa6003474000-fffffa6003497000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys fffffa6003497000-fffffa60034a3000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys fffffa6003536000-fffffa6003546000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys fffffa6003546000-fffffa6003564000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\rassstp.sys fffffa6003564000-fffffa600357c000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys fffffa6003589000-fffffa600359c000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys fffffa600359c000-fffffa600359e000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys fffffa600359e000-fffffa60035d2000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys fffffa60035d2000-fffffa60035dd000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys fffffa60035dd000-fffffa60035ed000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys fffffa60034a3000-fffffa60034eb000 (294912 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS fffffa60034eb000-fffffa60034ff000 (81920 bytes)
Module \SystemRoot\system32\drivers\RtHDMIVX.sys fffffa60034ff000-fffffa6003526000 (159744 bytes)
Module \SystemRoot\system32\drivers\portcls.sys fffffa600360d000-fffffa6003648000 (241664 bytes)
Module \SystemRoot\system32\drivers\drmk.sys fffffa6003648000-fffffa600366b000 (143360 bytes)
Module \SystemRoot\system32\drivers\ksthunk.sys fffffa600366b000-fffffa6003671000 (24576 bytes)
Module \SystemRoot\system32\drivers\RTKVHD64.sys fffffa6003671000-fffffa60037bb000 (1351680 bytes)
Module \SystemRoot\system32\DRIVERS\smserial.sys fffffa6003a09000-fffffa6003b3b000 (1253376 bytes)
Module \SystemRoot\system32\drivers\modem.sys fffffa6003b3b000-fffffa6003b4a000 (61440 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS fffffa6003b4a000-fffffa6003b54000 (40960 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS fffffa6003b54000-fffffa6003b5d000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS fffffa6003b68000-fffffa6003b70000 (32768 bytes)
Module \SystemRoot\System32\drivers\vga.sys fffffa6003b70000-fffffa6003b7e000 (57344 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS fffffa6003b7e000-fffffa6003ba3000 (151552 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys fffffa6003ba3000-fffffa6003bac000 (36864 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys fffffa6003bac000-fffffa6003bb5000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS fffffa6003bb5000-fffffa6003bc0000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS fffffa6003bc0000-fffffa6003bd1000 (69632 bytes)
Module \SystemRoot\System32\DRIVERS\rasacd.sys fffffa6003bd1000-fffffa6003bda000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tdx.sys fffffa6003bda000-fffffa6003bf7000 (118784 bytes)
Module \SystemRoot\system32\DRIVERS\smb.sys fffffa60037bb000-fffffa60037d6000 (110592 bytes)
Module \SystemRoot\system32\drivers\afd.sys fffffa600380d000-fffffa6003878000 (438272 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys fffffa6003878000-fffffa60038bc000 (278528 bytes)
Module \SystemRoot\system32\DRIVERS\pacer.sys fffffa60038bc000-fffffa60038da000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys fffffa60038da000-fffffa60038e9000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys fffffa60038e9000-fffffa6003904000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys fffffa6003904000-fffffa6003951000 (315392 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys fffffa6003951000-fffffa600396d000 (114688 bytes)
Module \SystemRoot\system32\drivers\nsiproxy.sys fffffa600396d000-fffffa6003979000 (49152 bytes)
Module \SystemRoot\System32\Drivers\dfsc.sys fffffa6003979000-fffffa6003996000 (118784 bytes)
Module \SystemRoot\System32\Drivers\UVCFTR_S.SYS fffffa6003996000-fffffa60039a1000 (45056 bytes)
Module \SystemRoot\System32\Drivers\usbvideo.sys fffffa60039a1000-fffffa60039cb000 (172032 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys fffffa60039cb000-fffffa60039d9000 (57344 bytes)
Module \SystemRoot\System32\Drivers\dump_iaStor.sys fffffa6002200000-fffffa6002304000 (1064960 bytes)
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS fffffa60039d9000-fffffa60039f1000 (98304 bytes)
Module \SystemRoot\System32\win32k.sys fffff96000020000-fffff960002d8000 (2850816 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys fffffa60039f1000-fffffa60039fd000 (49152 bytes)
Module \SystemRoot\system32\drivers\usbaudio.sys fffffa60037d6000-fffffa60037ef000 (102400 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys fffffa6003800000-fffffa6003809000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS fffffa60035ed000-fffffa60035ff000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys fffffa6003b5d000-fffffa6003b68000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\monitor.sys fffffa60011e4000-fffffa60011f7000 (77824 bytes)
Module \SystemRoot\System32\TSDDD.dll fffff96000470000-fffff9600047a000 (40960 bytes)
Module \SystemRoot\System32\cdd.dll fffff960006d0000-fffff960006e1000 (69632 bytes)
Module \SystemRoot\system32\drivers\luafv.sys fffffa6000dd6000-fffffa6000df8000 (139264 bytes)
Module \SystemRoot\system32\drivers\WudfPf.sys fffffa6000bda000-fffffa6000bf3000 (102400 bytes)
Module \SystemRoot\system32\drivers\spsys.sys fffffa6004e02000-fffffa6004e9c000 (630784 bytes)
Module \SystemRoot\system32\DRIVERS\lltdio.sys fffffa6004e9c000-fffffa6004eb0000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\nwifi.sys fffffa6004eb0000-fffffa6004ee4000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys fffffa6004ee4000-fffffa6004eef000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\rspndr.sys fffffa6004eef000-fffffa6004f07000 (98304 bytes)
Module \SystemRoot\system32\drivers\HTTP.sys fffffa6004f07000-fffffa6004faa000 (667648 bytes)
Module \SystemRoot\System32\DRIVERS\srvnet.sys fffffa6004faa000-fffffa6004fd3000 (167936 bytes)
Module \SystemRoot\system32\DRIVERS\bowser.sys fffffa6004fd3000-fffffa6004ff1000 (122880 bytes)
Module \SystemRoot\System32\drivers\mpsdrv.sys fffffa60009d0000-fffffa60009ea000 (106496 bytes)
Module \SystemRoot\system32\drivers\mrxdav.sys fffffa60007d2000-fffffa60007f9000 (159744 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys fffffa6005807000-fffffa6005830000 (167936 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb10.sys fffffa6005830000-fffffa6005879000 (299008 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb20.sys fffffa6005879000-fffffa6005898000 (126976 bytes)
Module \SystemRoot\System32\DRIVERS\srv2.sys fffffa6005898000-fffffa60058ca000 (204800 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys fffffa60058ca000-fffffa600595d000 (602112 bytes)
Module \SystemRoot\system32\drivers\peauth.sys fffffa6005a03000-fffffa6005ab9000 (745472 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS fffffa6005ab9000-fffffa6005ac4000 (45056 bytes)
Module \SystemRoot\System32\drivers\tcpipreg.sys fffffa6005ac4000-fffffa6005ad4000 (65536 bytes)
Module \SystemRoot\system32\drivers\tdtcp.sys fffffa6005ad4000-fffffa6005ae1000 (53248 bytes)
Module \SystemRoot\System32\DRIVERS\tssecsrv.sys fffffa6005ae1000-fffffa6005aef000 (57344 bytes)
Module \SystemRoot\System32\Drivers\RDPWD.SYS fffffa6005aef000-fffffa6005b2b000 (245760 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys fffffa6005b2b000-fffffa6005b47000 (114688 bytes)
Module \??\C:\Users\TOSHIBA\AppData\Local\Temp\awdirfob.s ys fffffa6005b49000-fffffa6005b59000 (65536 bytes)
Module \Windows\System32\ntdll.dll 0000000076ed0000-0000000077056000 (1597440 bytes)
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\wininit.exe [664] 000007fefd640000
Library ? (*** suspicious ***) @ C:\Windows\system32\lsm.exe [752] 000007fefeb70000
Library ? (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [916] 0000000074520000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe [996] 0000000074ad0000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1048] 000007fefd5b0000
Library ? (*** suspicious ***) @ C:\Windows\system32\SLsvc.exe [1204] 000007fefca00000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1908] 00000000020b0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [1948] 000007fefc290000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1108] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1684] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [1700] 0000000077090000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1416] 000007fefe9e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2276] 000007feff140000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2332] 0000000072590000
Library ? (*** suspicious ***) @ C:\Windows\system32\TODDSrv.exe [2356] 000007fefc290000
Library ? (*** suspicious ***) @ C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2384] 000007fefd900000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2404] 000007fefe9e0000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2544] 000007fefc290000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [2580] 000007fefdcd0000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe [2684] 000007fefc290000
Library ? (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [600] 000007fefc290000
Library ? (*** suspicious ***) @ C:\Windows\RAVCpl64.exe [3076] 000007fefa700000
Library ? (*** suspicious ***) @ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [3096] 000007feff170000
Library ? (*** suspicious ***) @ C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [3132] 000007feff140000
Library ? (*** suspicious ***) @ C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [3156] 000007feff170000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3256] 000000006e680000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe [3268] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [3392] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [3408] 000007fefeb70000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [3428] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3524] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe [3336] 0000000077090000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4676] 000007fef8740000

---- Services - GMER 2.0 ----

Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Windows\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati External Event Utility
Service Atierecord
Service C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) [MANUAL] atikmdag
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service BTHPORT
Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (Service of ConfigFree./TOSHIBA CORPORATION) [AUTO] ConfigFree Service
Service C:\Windows\system32\DRIVERS\E1G6032E.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\system32\DRIVERS\FwLnk.sys (TOSHIBA Firmware Linkage 64-bit Driver/TOSHIBA Corporation) [MANUAL] FwLnk
Service C:\Windows\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Windows\system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
Service C:\Windows\system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc.) [MANUAL] iPod Service
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\DRIVERS\NETw4v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw4v64
Service C:\Windows\system32\DRIVERS\NETwLv64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETwLv64
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service Outlook
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service C:\Windows\system32\DRIVERS\rimmpx64.sys (RICOH MMC Driver/REDC) [AUTO] rimmptsk
Service C:\Windows\system32\DRIVERS\rimspx64.sys (RICOH MS

[DRayner]

Driver/REDC) [AUTO] rimsptsk
Service C:\Windows\system32\DRIVERS\rixdpx64.sys (RICOH xD SM Driver/REDC) [AUTO] rismxdp
Service C:\Windows\system32\drivers\RtHDMIVX.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] RTHDMIAzAudService
Service C:\Windows\system32\DRIVERS\Rtlh64.sys (Realtek 8136/8168/8169 NDIS6 64-bit Driver /Realtek ) [MANUAL] RTL8169
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies) [AUTO] SkypeUpdate
Service C:\Windows\system32\DRIVERS\smserial.sys (Motorola SM56 Modem WDM Driver/Motorola Inc.) [MANUAL] smserial
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\Windows\system32\DRIVERS\tap0901.sys (TAP-Win32 Virtual Network Driver/The OpenVPN Project) [MANUAL] tap0901
Service C:\Windows\system32\DRIVERS\tdcmdpst.sys (Toshiba ODD Writing Driver For x64./TOSHIBA Corporation.) [MANUAL] tdcmdpst
Service C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Navi Support Service/TOSHIBA Corporation) [AUTO] TNaviSrv
Service C:\Windows\system32\TODDSrv.exe (TDCSrv Application/TOSHIBA Corporation) [AUTO] TODDSrv
Service C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Power Saver/TOSHIBA Corporation) [AUTO] TosCoSrv
Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA Bluetooth Service/TOSHIBA CORPORATION) [AUTO] TOSHIBA Bluetooth Service
Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TosIPCSrv.exe/TOSHIBA Corporation) [AUTO] TOSHIBA SMART Log Service
Service [MANUAL] Tosrfcom
Service C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Bluetooth EC Driver/TOSHIBA Corporation) [MANUAL] tosrfec
Service Tosrfusb
Service C:\Windows\system32\DRIVERS\tos_sps64.sys (tos_sps2/TOSHIBA Corporation) [BOOT] tos_sps64
Service C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver/TOSHIBA Corporation) [BOOT] TVALZ
Service C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (ULCDRSvr/Ulead Systems, Inc.) [AUTO] UleadBurningHelper
Service C:\Windows\system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UMPass
Service C:\Windows\System32\Drivers\usbaapl64.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL64
Service C:\Windows\System32\Drivers\UVCFTR_S.SYS (UVCFTR_S.sys/Chicony Electronics Co., Ltd.) [MANUAL] UVCFTR
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service Windows Workflow Foundation 3.0.0.0
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [MANUAL] WMPNetworkSvc
Service WSearchIdxPi

---- EOF - GMER 2.0 ----

[Jintan]

I have run the new Gmer scan on a few systems, and get results that include a few "Library ? (*** suspicious ***) @" references. May be Gmer needs to tweak things a little.

Bring me up to date on your system - what problems still remain we need to correct please?

[DRayner]

It does seem to be working better and I actually found it asleep the other day which I haven't been able to do in a long time (would go to the change user screen). But I am still missing the internet protocol 4/6 when going into the status-properties of my internet connection so I cannot change dns server numbers. How can I get that back.

[Jintan]

Playing this by ear since I am not on a Vista system right now.

Control Panel - Network Connections (or similar) - Change adapter settings.

Right click the connection you are using, and select Properties.

Click Install, and select Protocol.

You should then see options to install IPv4 and 6. Select them, Apply/OK, Apply/Ok your way back out. Then reboot.

Hopefully those steps are enough in the ballpark to allow you to complete them.

[DRayner]

I tried that. I was able to get the protocols back when I set my reset my computer to earlier settings before coming to you for help, but when I try to get them back it says 'Could not add the requested feature. The error is: the system cannot find the file specified.'

[Jintan]

There are at least two suggested remedies for this problem.

Code:

@ECHO OFF
if exist Regsearch1.txt del /q Regsearch1.txt
regedit /e Regsearch1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network"
Notepad Regsearch1.txt

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open. Save that somewhere where you can find it again.

---------

Go to Start Search, type regedit in the Start Search box. Regedit.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator".

In the Registry Editor, navigate to the following key (use the "+" symbols in the left panel to expand the tree entries):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Network

In the right hand column, locate the value Config. Right click it, and select Delete. Close the Registry Editor, then reboot.

Check on changing the protocols setting after that please.

If something goes terribly awry (and it shouldn't), just rename that Regsearch1.txt you created earlier to Regsearch1.reg, then right click it and allow it to merge with the registry to restore the previous settings.