Win64/Patched.A in Services.exe

Solved
By JMerlPE
Oct 21, 2012
  1. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :filefind
      afd.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  2. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    How long should the SystemLook take? It's been going for quite a while now.
  3. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the SystemLook log.

    SystemLook 30.07.11 by jpshortstuff


    Log created at 15:28 on 23/10/2012 by Jen

    Administrator - Elevation successful



    ========== filefind ==========



    Searching for "afd.sys"

    C:\Windows\System32\drivers\AFD.SYS --a---- 22368 bytes [01:55 28/02/2012] [14:25 23/10/2012] 42B7E1AA0C7EC54652A50585793F1885

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [01:09 16/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [01:55 28/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [01:09 16/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [01:55 28/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [14:19 09/07/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [01:09 16/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [01:55 28/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [01:09 16/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976

    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [01:55 28/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB



    -= EOF =-
  4. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys | C:\Windows\System32\drivers\AFD.SYS
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  5. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the Combofix log.

    ComboFix 12-10-23.01 - Jen 10/23/2012 16:11:49.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1173 [GMT -4:00]
    Running from: c:\users\Jen\Desktop\ComboFix-1.exe
    Command switches used :: c:\users\Jen\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --> c:\windows\System32\drivers\AFD.SYS
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-23 20:17 . 2012-10-23 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes
    2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-22 12:58 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-21 23:28 . 2012-10-21 23:28 -------- d-----w- C:\FRST
    2012-10-21 22:37 . 2012-10-21 22:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-10-21 22:36 . 2012-10-21 22:36 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-21 22:09 . 2012-10-21 22:09 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-10-21 22:08 . 2012-10-21 22:09 -------- d-----w- c:\program files (x86)\Mega Codec Pack
    2012-10-21 14:36 . 2012-10-21 14:36 -------- d-----w- c:\users\Jen\AppData\Roaming\Leadertech
    2012-10-21 14:29 . 2012-10-21 14:29 -------- d-----w- c:\program files (x86)\Infogrames Interactive
    2012-10-21 14:28 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-10-21 14:28 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-10-21 14:28 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-10-21 14:28 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-10-17 17:48 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-17 17:19 . 2012-10-17 17:20 -------- d-----w- c:\programdata\TuneUp Software
    2012-10-17 17:18 . 2012-10-17 17:30 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-10-14 01:58 . 2012-10-14 01:58 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-10 20:24 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-04 11:35 . 2012-06-06 19:55 20784 ----a-w- c:\windows\system32\drivers\easytthr.sys
    2012-10-04 11:35 . 2012-10-04 11:35 -------- d-----w- c:\program files (x86)\Mobile Stream
    2012-10-03 23:45 . 2012-10-03 23:45 -------- d-----w- c:\users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
    2012-10-01 13:53 . 2012-10-01 13:53 -------- d-----w- c:\users\Jen\AppData\Roaming\YoudaGames
    2012-09-27 01:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-25 15:40 . 2012-09-25 15:40 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013
    2012-09-25 15:38 . 2012-10-17 17:19 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software
    2012-09-25 15:36 . 2012-10-23 15:47 -------- d-----w- c:\programdata\AVG2013
    2012-09-25 15:33 . 2012-09-25 16:40 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013
    2012-09-25 15:33 . 2012-09-25 15:33 -------- d-----w- c:\users\Jen\AppData\Local\MFAData
    2012-09-24 17:21 . 2012-09-24 17:21 -------- d-----w- c:\users\Jen\AppData\Local\Xfinity.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-23 14:25 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
    2012-10-11 14:13 . 2010-04-05 16:08 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 16:40 . 2012-07-04 22:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 16:40 . 2011-06-06 02:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 13:54 . 2012-08-16 15:17 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-13 13:54 . 2010-09-27 19:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-24 11:15 . 2012-09-23 03:34 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-23 03:34 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-23 03:34 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-23 03:34 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-23 03:34 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-23 03:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-23 03:34 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-23 03:34 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-23 03:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-23 03:34 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-23 03:34 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-23 03:34 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-23 03:34 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-23 03:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-23 03:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-23 03:34 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-23 03:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-23 03:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-23 03:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-23 03:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-23 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-23 03:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 14:58 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 14:58 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 14:58 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 14:58 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01 . 2012-09-22 17:59 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01 . 2010-04-04 22:08 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2010-04-04 22:08 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 17:38 . 2012-10-10 20:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-16 19:33 . 2012-08-16 19:33 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
    2012-08-16 19:14 . 2012-08-16 19:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-08-16 19:10 . 2010-04-05 00:20 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-08-02 17:58 . 2012-09-12 14:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 14:58 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
    @="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
    [HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
    2012-10-21 22:09 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Magellan CmTray"="c:\program files (x86)\Content Manager\CmTray.exe" [2011-03-04 458752]
    "DAEMON Tools Lite"="d:\dtools\DTLite.exe" [2012-04-17 3671872]
    "RGSC"="d:\games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
    "Steam"="d:\games\Steam\Steam.exe" [2012-08-16 1353080]
    "MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-08-20 2051]
    "EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
    "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
    "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-20 75048]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
    "APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
    R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
    R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-16 283200]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
    S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
    S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
    S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-06-06 20784]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-25 151936]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 16:40]
    .
    2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 21:53]
    .
    2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 21:53]
    .
    2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001Core.job
    - c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:31]
    .
    2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001UA.job
    - c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09242012
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - ExtSQL: 2012-10-17 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$CSSQL05]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:CSSQL05"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1001\Software\SecuROM\License information*]
    "datasecu"=hex:f6,72,5f,ea,9a,65,3d,c9,d5,d0,f7,31,52,cd,02,32,59,2b,a4,d3,5e,
    7b,ce,69,a8,1e,ae,a8,93,e1,9a,f0,9e,f5,ac,cf,e7,ad,74,3f,59,2a,f7,0c,43,d9,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.9"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-23 16:20:01
    ComboFix-quarantined-files.txt 2012-10-23 20:20
    ComboFix2.txt 2012-10-23 14:23
    .
    Pre-Run: 16,286,236,672 bytes free
    Post-Run: 16,087,449,600 bytes free
    .
    - - End Of File - - 867FEBADF1299E1001C529946DC2A5AD
  6. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Is your internet connection back?
  7. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Nope :(, there is still a yellow exclamation triangle on my network bars on the task bar.
  8. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    It says I am connected to my wireless network, but it is classified as an Unidentified error network with no Internet access. When I right click on the network and click 'status', both the IPv4 and IPv6 Connectivity both have no Internet access.
  9. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Post new FSS log.
  10. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Farbar Service Scanner Version: 19-10-2012
    Ran by Jen (administrator) on 23-10-2012 at 21:54:46
    Running from "C:\Users\Jen\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-27 21:55] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  11. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
  12. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    The first command prompt went fine but the 'netsh winsock reset catalog' could not be found.
  13. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    What is the EXACT error message?
     
  14. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    My apologies, the exact message is " The system cannot find the file specified ".
  15. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Is there any file mentioned?
  16. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    No file is mentioned.
  17. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
  18. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    When I ran the start repairs step, a Window kept popping up that said 'Execute processes remotely has stopped working - A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.'

    After this, my only option is to click a button that says 'Close program'.
  19. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Do you have Windows 7 DVD?
  20. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    No I don't :(.
  21. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    We can create one but before we go there I'd like to try couple more things...

    Please, navigate to:
    C:\Qoobox
    Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.

    =============================================

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    • List Restore Points
    Click Go and post the result.
  22. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    2012-10-23 20:18:14 . 2012-10-23 20:18:14 195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ROC_ROC_NT.reg.dat
    2012-10-23 15:56:42 . 2012-10-23 20:11:39 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
    2012-10-23 14:22:50 . 2012-10-23 14:22:50 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
    2012-10-23 14:22:49 . 2012-10-23 14:22:49 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
    2012-10-23 14:22:49 . 2012-10-23 14:22:49 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
    2012-10-23 14:22:49 . 2012-10-23 14:22:49 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
    2012-10-23 14:22:42 . 2012-10-23 14:22:42 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
    2012-10-23 14:22:42 . 2012-10-23 14:22:42 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
    2012-10-23 14:22:35 . 2012-10-23 14:22:35 290 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UCam_Menu.reg.dat
    2012-10-23 14:22:35 . 2012-10-23 14:22:35 318 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdatePPShortCut.reg.dat
    2012-10-23 14:22:34 . 2012-10-23 14:22:34 319 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdatePDRShortCut.reg.dat
    2012-10-23 14:22:34 . 2012-10-23 14:22:34 305 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdateP2GoShortCut.reg.dat
    2012-10-23 14:22:34 . 2012-10-23 14:22:34 310 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdateLBPShortCut.reg.dat
    2012-10-23 14:22:33 . 2012-10-23 20:18:11 90 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
    2012-10-23 14:22:33 . 2012-10-23 20:18:11 280 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7}.reg.dat
    2012-10-23 14:22:32 . 2012-10-23 20:18:11 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457}.reg.dat
    2012-10-23 14:22:32 . 2012-10-23 20:18:11 288 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
    2012-10-23 14:22:32 . 2012-10-23 20:18:10 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
    2012-10-23 14:22:31 . 2012-10-23 14:22:31 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
    2012-10-23 14:13:41 . 2012-10-23 14:13:41 1,150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nvsvc.reg.dat
    2012-10-23 14:13:29 . 2012-10-23 20:15:13 20,132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2012-10-23 14:06:03 . 2012-10-23 20:10:23 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2012-02-28 01:55:16 . 2012-10-23 14:25:02 22,368 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\AFD.SYS.vir
    2011-07-10 18:14:31 . 2011-07-10 18:14:31 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
    2011-01-11 15:58:38 . 2010-04-08 14:52:20 271,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir
    2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe.vir
    2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe.vir
    2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe.vir
    2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe.vir
    2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe.vir
    2000-10-05 17:24:42 . 2000-10-05 17:24:42 156,742 ----a-w- C:\Qoobox\Quarantine\C\Windows\desktop\README_106.doc.vir
  23. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    Here is the Minitoolbox log.

    MiniToolBox by Farbar Version: 23-07-2012
    Ran by Jen (administrator) on 25-10-2012 at 07:27:47
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    ========================= Hosts content: =================================

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
    Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
    EasyTether Network Adapter = Local Area Connection 3 (Media disconnected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Jen-PC
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    System Quarantine State . . . . . : Not Restricted


    Ethernet adapter Local Area Connection 3:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : EasyTether Network Adapter
    Physical Address. . . . . . . . . : 02-00-54-74-68-72
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
    Physical Address. . . . . . . . . : C4-17-FE-CA-D0-62
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . : hsd1.md.comcast.net.
    Description . . . . . . . . . . . : Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
    Physical Address. . . . . . . . . : 00-24-54-5F-42-1E
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{4698BC4D-B655-4798-A71E-112C05E59322}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{F625E639-3111-4A99-B27E-A26EAAC010D2}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host yahoo.com. Please check the name and try again.
    Server: UnKnown
    Address: 127.0.0.1

    Ping request could not find host bleepingcomputer.com. Please check the name and try again.

    Pinging with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for –^_˜˜˜_•:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    24...02 00 54 74 68 72 ......EasyTether Network Adapter
    19...c4 17 fe ca d0 62 ......Atheros AR9285 Wireless Network Adapter
    12...00 24 54 5f 42 1e ......Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
    1...........................Software Loopback Interface 1
    25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    1 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================


    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (10/24/2012 05:24:47 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0xe00
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:46 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x1180
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:42 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x1304
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:41 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x1b90
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:40 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x142c
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:39 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0xd70
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:37 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x1be4
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:36 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x1e70
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:35 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x12dc
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3

    Error: (10/24/2012 05:24:34 PM) (Source: Application Error) (User: )
    Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
    Exception code: 0xc0000005
    Fault offset: 0x0000481f
    Faulting process id: 0x15b8
    Faulting application start time: 0xMotoHelperService.exe0
    Faulting application path: MotoHelperService.exe1
    Faulting module path: MotoHelperService.exe2
    Report Id: MotoHelperService.exe3


    System errors:
    =============
    Error: (10/24/2012 05:28:23 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service failed to start due to the following error:
    %%1053

    Error: (10/24/2012 05:28:18 PM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Motorola Device Manager Service service to connect.

    Error: (10/24/2012 05:24:47 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:46 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:42 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:41 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:40 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:39 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:38 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

    Error: (10/24/2012 05:24:36 PM) (Source: Service Control Manager) (User: )
    Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (04/17/2011 05:14:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3992 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (04/17/2011 04:48:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2504 seconds with 2040 seconds of active time. This session ended with a crash.

    Error: (06/05/2010 11:15:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


    ========================= Devices: ================================


    ========================= Memory info: ===================================

    Percentage of memory in use: 30%
    Total physical RAM: 3956.55 MB
    Available physical RAM: 2747.47 MB
    Total Pagefile: 7911.29 MB
    Available Pagefile: 6576.59 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3959.2 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:100 GB) (Free:22.59 GB) NTFS
    2 Drive d: () (Fixed) (Total:350.66 GB) (Free:282.59 GB) NTFS
    5 Drive g: (MotoCast) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
    6 Drive h: () (Removable) (Total:14.74 GB) (Free:9.04 GB) FAT32
    7 Drive I: (MOT) (Removable) (Total:8 GB) (Free:2.96 GB) FAT32

    ========================= Users: ========================================

    User accounts for \\JEN-PC

    Administrator Guest Jen

    ========================= Restore Points ==================================

    23-10-2012 20:10:30 ComboFix created restore point
    24-10-2012 20:46:41 Tweaking.com - Windows Repair
    24-10-2012 20:56:23 Tweaking.com - Windows Repair

    **** End of log ****
  24. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Go to your computer manufacturer site and download network drivers (ethernet and wireless).
    Then go to Control Panel>Device Manager.
    Uninstall current network drivers install new ones.
  25. JMerlPE

    JMerlPE Newcomer, in training Topic Starter Posts: 45

    There was no change after installing the new drivers.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.