Solved Win64/Patched.A in Services.exe

[Broni]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box and paste it into the main textfield:
  

  :filefind
  afd.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[JMerlPE]

How long should the SystemLook take? It's been going for quite a while now.

 

[JMerlPE]

Here is the SystemLook log.

SystemLook 30.07.11 by jpshortstuff


Log created at 15:28 on 23/10/2012 by Jen

Administrator - Elevation successful



========== filefind ==========



Searching for "afd.sys"

C:\Windows\System32\drivers\AFD.SYS --a---- 22368 bytes [01:55 28/02/2012] [14:25 23/10/2012] 42B7E1AA0C7EC54652A50585793F1885

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys --a---- 499712 bytes [01:09 16/06/2011] [02:44 25/04/2011] 6EF20DDF3172E97D69F596FB90602F29

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [01:55 28/02/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys --a---- 499712 bytes [01:09 16/06/2011] [02:44 25/04/2011] FBFF8B7C9D116229E9208A0D1CAEB49B

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [01:55 28/02/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [14:19 09/07/2011] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys --a---- 499200 bytes [01:09 16/06/2011] [02:34 25/04/2011] D5B031C308A409A0A576BFF4CF083D30

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [01:55 28/02/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys --a---- 499200 bytes [01:09 16/06/2011] [03:09 25/04/2011] F4AD06143EAC303F55D0E86C40802976

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [01:55 28/02/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB



-= EOF =-

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys | C:\Windows\System32\drivers\AFD.SYS

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[JMerlPE]

Here is the Combofix log.

ComboFix 12-10-23.01 - Jen 10/23/2012 16:11:49.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1173 [GMT -4:00]
Running from: c:\users\Jen\Desktop\ComboFix-1.exe
Command switches used :: c:\users\Jen\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
.
.
2012-10-23 20:17 . 2012-10-23 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes
2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-22 12:58 . 2012-10-22 12:58 -------- d-----w- c:\programdata\Malwarebytes
2012-10-22 12:58 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-21 23:28 . 2012-10-21 23:28 -------- d-----w- C:\FRST
2012-10-21 22:37 . 2012-10-21 22:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-21 22:36 . 2012-10-21 22:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-21 22:09 . 2012-10-21 22:09 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-10-21 22:08 . 2012-10-21 22:09 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-10-21 14:36 . 2012-10-21 14:36 -------- d-----w- c:\users\Jen\AppData\Roaming\Leadertech
2012-10-21 14:29 . 2012-10-21 14:29 -------- d-----w- c:\program files (x86)\Infogrames Interactive
2012-10-21 14:28 . 2001-09-05 08:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-10-21 14:28 . 2001-09-05 08:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-10-21 14:28 . 2001-09-05 08:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-10-21 14:28 . 2001-09-05 08:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-10-17 17:48 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-17 17:19 . 2012-10-17 17:20 -------- d-----w- c:\programdata\TuneUp Software
2012-10-17 17:18 . 2012-10-17 17:30 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-10-14 01:58 . 2012-10-14 01:58 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-10 20:24 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-04 11:35 . 2012-06-06 19:55 20784 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-10-04 11:35 . 2012-10-04 11:35 -------- d-----w- c:\program files (x86)\Mobile Stream
2012-10-03 23:45 . 2012-10-03 23:45 -------- d-----w- c:\users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
2012-10-01 13:53 . 2012-10-01 13:53 -------- d-----w- c:\users\Jen\AppData\Roaming\YoudaGames
2012-09-27 01:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 15:40 . 2012-09-25 15:40 -------- d-----w- c:\users\Jen\AppData\Roaming\AVG2013
2012-09-25 15:38 . 2012-10-17 17:19 -------- d-----w- c:\users\Jen\AppData\Roaming\TuneUp Software
2012-09-25 15:36 . 2012-10-23 15:47 -------- d-----w- c:\programdata\AVG2013
2012-09-25 15:33 . 2012-09-25 16:40 -------- d-----w- c:\users\Jen\AppData\Local\Avg2013
2012-09-25 15:33 . 2012-09-25 15:33 -------- d-----w- c:\users\Jen\AppData\Local\MFAData
2012-09-24 17:21 . 2012-09-24 17:21 -------- d-----w- c:\users\Jen\AppData\Local\Xfinity.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 14:25 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-10-11 14:13 . 2010-04-05 16:08 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:40 . 2012-07-04 22:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:40 . 2011-06-06 02:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 13:54 . 2012-08-16 15:17 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-13 13:54 . 2010-09-27 19:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-23 03:34 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 03:34 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 03:34 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 03:34 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 03:34 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 03:34 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 03:34 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 03:34 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 03:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 03:34 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 03:34 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 03:34 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 03:34 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 03:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 03:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 03:34 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 03:34 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 03:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 03:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 03:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 03:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 14:58 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 14:58 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 14:58 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 14:58 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 17:01 . 2012-09-22 17:59 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2010-04-04 22:08 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2010-04-04 22:08 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 20:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-16 19:33 . 2012-08-16 19:33 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-16 19:14 . 2012-08-16 19:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-16 19:10 . 2010-04-05 00:20 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-08-02 17:58 . 2012-09-12 14:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 14:58 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-10-21 22:09 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magellan CmTray"="c:\program files (x86)\Content Manager\CmTray.exe" [2011-03-04 458752]
"DAEMON Tools Lite"="d:\dtools\DTLite.exe" [2012-04-17 3671872]
"RGSC"="d:\games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Steam"="d:\games\Steam\Steam.exe" [2012-08-16 1353080]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-08-20 2051]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-20 75048]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 135664]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-16 283200]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 VBoxDrv;VBox Support Driver;c:\program files (x86)\YouWave_Android\vb\VBoxDrv.sys [2011-11-20 202592]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-06-06 20784]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-11-25 151936]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 16:40]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 21:53]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-04 21:53]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001Core.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:31]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001UA.job
- c:\users\Jen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09242012
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2012-10-17 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:CSSQL05"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1001\Software\SecuROM\License information*]
"datasecu"=hex:f6,72,5f,ea,9a,65,3d,c9,d5,d0,f7,31,52,cd,02,32,59,2b,a4,d3,5e,
7b,ce,69,a8,1e,ae,a8,93,e1,9a,f0,9e,f5,ac,cf,e7,ad,74,3f,59,2a,f7,0c,43,d9,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-23 16:20:01
ComboFix-quarantined-files.txt 2012-10-23 20:20
ComboFix2.txt 2012-10-23 14:23
.
Pre-Run: 16,286,236,672 bytes free
Post-Run: 16,087,449,600 bytes free
.
- - End Of File - - 867FEBADF1299E1001C529946DC2A5AD

 

[Broni]

Is your internet connection back?

 

[JMerlPE]

Nope , there is still a yellow exclamation triangle on my network bars on the task bar.

 

[JMerlPE]

It says I am connected to my wireless network, but it is classified as an Unidentified error network with no Internet access. When I right click on the network and click 'status', both the IPv4 and IPv6 Connectivity both have no Internet access.

 

[Broni]

Post new FSS log.

 

[JMerlPE]

Farbar Service Scanner Version: 19-10-2012
Ran by Jen (administrator) on 23-10-2012 at 21:54:46
Running from "C:\Users\Jen\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-27 21:55] - [2011-12-28 00:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

 

[JMerlPE]

The first command prompt went fine but the 'netsh winsock reset catalog' could not be found.

 

[Broni]

What is the EXACT error message?

 

[JMerlPE]

My apologies, the exact message is " The system cannot find the file specified ".

 

[Broni]

Is there any file mentioned?

 

[JMerlPE]

No file is mentioned.

 

[Broni]

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

 

[JMerlPE]

When I ran the start repairs step, a Window kept popping up that said 'Execute processes remotely has stopped working - A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.'

After this, my only option is to click a button that says 'Close program'.

 

[Broni]

Do you have Windows 7 DVD?

 

[JMerlPE]

No I don't .

 

[Broni]

We can create one but before we go there I'd like to try couple more things...

Please, navigate to:
C:\Qoobox
Open ComboFix-quarantined-files.txt in a Notepad, copy everything, and paste into your next reply.

=============================================

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Devices (do NOT change any settings)
• List Users, Partitions and Memory size
• List Restore Points

Click Go and post the result.

 

[JMerlPE]

2012-10-23 20:18:14 . 2012-10-23 20:18:14 195 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ROC_ROC_NT.reg.dat
2012-10-23 15:56:42 . 2012-10-23 20:11:39 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-10-23 14:22:50 . 2012-10-23 14:22:50 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2012-10-23 14:22:49 . 2012-10-23 14:22:49 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-10-23 14:22:49 . 2012-10-23 14:22:49 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-10-23 14:22:49 . 2012-10-23 14:22:49 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-10-23 14:22:42 . 2012-10-23 14:22:42 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
2012-10-23 14:22:42 . 2012-10-23 14:22:42 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
2012-10-23 14:22:35 . 2012-10-23 14:22:35 290 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UCam_Menu.reg.dat
2012-10-23 14:22:35 . 2012-10-23 14:22:35 318 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdatePPShortCut.reg.dat
2012-10-23 14:22:34 . 2012-10-23 14:22:34 319 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdatePDRShortCut.reg.dat
2012-10-23 14:22:34 . 2012-10-23 14:22:34 305 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdateP2GoShortCut.reg.dat
2012-10-23 14:22:34 . 2012-10-23 14:22:34 310 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-UpdateLBPShortCut.reg.dat
2012-10-23 14:22:33 . 2012-10-23 20:18:11 90 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2012-10-23 14:22:33 . 2012-10-23 20:18:11 280 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7}.reg.dat
2012-10-23 14:22:32 . 2012-10-23 20:18:11 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457}.reg.dat
2012-10-23 14:22:32 . 2012-10-23 20:18:11 288 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2012-10-23 14:22:32 . 2012-10-23 20:18:10 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2012-10-23 14:22:31 . 2012-10-23 14:22:31 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat
2012-10-23 14:13:41 . 2012-10-23 14:13:41 1,150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nvsvc.reg.dat
2012-10-23 14:13:29 . 2012-10-23 20:15:13 20,132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-10-23 14:06:03 . 2012-10-23 20:10:23 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-28 01:55:16 . 2012-10-23 14:25:02 22,368 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\AFD.SYS.vir
2011-07-10 18:14:31 . 2011-07-10 18:14:31 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2011-01-11 15:58:38 . 2010-04-08 14:52:20 271,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir
2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe.vir
2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe.vir
2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe.vir
2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe.vir
2009-05-19 13:16:16 . 2009-05-19 13:16:16 222,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe.vir
2000-10-05 17:24:42 . 2000-10-05 17:24:42 156,742 ----a-w- C:\Qoobox\Quarantine\C\Windows\desktop\README_106.doc.vir

 

[JMerlPE]

Here is the Minitoolbox log.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jen (administrator) on 25-10-2012 at 07:27:47
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
EasyTether Network Adapter = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
System Quarantine State . . . . . : Not Restricted


Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : EasyTether Network Adapter
Physical Address. . . . . . . . . : 02-00-54-74-68-72
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : C4-17-FE-CA-D0-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.md.comcast.net.
Description . . . . . . . . . . . : Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-24-54-5F-42-1E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4698BC4D-B655-4798-A71E-112C05E59322}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F625E639-3111-4A99-B27E-A26EAAC010D2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for –^_˜˜˜_•:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
24...02 00 54 74 68 72 ......EasyTether Network Adapter
19...c4 17 fe ca d0 62 ......Atheros AR9285 Wireless Network Adapter
12...00 24 54 5f 42 1e ......Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================


========================= Event log errors: ===============================

Application errors:
==================
Error: (10/24/2012 05:24:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0xe00
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x1180
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x1304
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x1b90
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x142c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0xd70
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x1be4
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x1e70
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x12dc
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (10/24/2012 05:24:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Faulting module name: MotoHelperService.exe, version: 2.2.26.0, time stamp: 0x50004e68
Exception code: 0xc0000005
Fault offset: 0x0000481f
Faulting process id: 0x15b8
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3


System errors:
=============
Error: (10/24/2012 05:28:23 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service failed to start due to the following error:
%%1053

Error: (10/24/2012 05:28:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Motorola Device Manager Service service to connect.

Error: (10/24/2012 05:24:47 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:46 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:42 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:41 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:40 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:39 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:38 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/24/2012 05:24:36 PM) (Source: Service Control Manager) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/17/2011 05:14:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3992 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/17/2011 04:48:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2504 seconds with 2040 seconds of active time. This session ended with a crash.

Error: (06/05/2010 11:15:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3956.55 MB
Available physical RAM: 2747.47 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 6576.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:100 GB) (Free:22.59 GB) NTFS
2 Drive d: () (Fixed) (Total:350.66 GB) (Free:282.59 GB) NTFS
5 Drive g: (MotoCast) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:14.74 GB) (Free:9.04 GB) FAT32
7 Drive I: (MOT) (Removable) (Total:8 GB) (Free:2.96 GB) FAT32

========================= Users: ========================================

User accounts for \\JEN-PC

Administrator Guest Jen

========================= Restore Points ==================================

23-10-2012 20:10:30 ComboFix created restore point
24-10-2012 20:46:41 Tweaking.com - Windows Repair
24-10-2012 20:56:23 Tweaking.com - Windows Repair

**** End of log ****

 

[Broni]

Go to your computer manufacturer site and download network drivers (ethernet and wireless).
Then go to Control Panel>Device Manager.
Uninstall current network drivers install new ones.

 

[JMerlPE]

There was no change after installing the new drivers.