Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hardwired internet does not connect


  • This topic is locked This topic is locked
16 replies to this topic

#1 alexguy96

alexguy96

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 02 December 2012 - 09:27 PM

The computer connected to the router directly does not function (shows yellow warning triangle saying that there is no internet access) while other devices on the network work fine.

I tried using ipconfig /release and /renew but it states "the RPC server is unavailable". I looked in the services.msc and found DHCP and a few others cannot start up. Tried sfc /scannow but just replaced the system files for the custom theme I had installed.

I use the Realtek PCIe GBE family controller with the latest driver installed. I also looked into my motherboard's BIOS settings (a Biostar TZ77XE3 because I have a custom built computer) and found that any settings related the LAN PCI were enabled. If it matters, I have a 2Wire 3600HGV gateway.

I believe it is related to a virus because a few weeks ago I had to clean my services.exe file that was infected using ComboFix. Everything was working fine when I was using a network adapter, until I switched to directly connecting it to my gateway, in which it couldn't connect.

Here's a Fabar Services Scanner log:
Farbar Service Scanner Version: 01-12-2012 02
Ran by Alex (administrator) on 02-12-2012 at 18:19:34
Running from "C:\Users\Alex\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 03 December 2012 - 01:12 PM

Hello alexguy96,

Welcome to the forum.

I see from the log that the system should not have internet connection. I suspect there are more issues that should be taken care of too. But before troubleshooting the connection issue and other possible issues I would like to check the system for malware and make a back up of the registry.

Please refrain from doing any fix or making any changes to the system from now on until we are done unless you decide you can do the rest on your own. Thank you.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 December 2012 - 05:50 PM

Thank you for the help. I am currently away from my computer until the weekend and I am just letting you know that I am not inactive, so ADMINS please do not close this thread down, thanks.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 03 December 2012 - 06:39 PM

Thanks for letting me know. I will keep the topic open. Please post the log when ready.

#5 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 December 2012 - 07:25 PM

Alright I'm back, here are the results:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012
Ran by SYSTEM at 07-12-2012 19:22:21
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-06-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-10-05] ()
HKU\Alex\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3389080 2012-11-06] (Electronic Arts)
HKU\Alex\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1353080 2012-08-14] (Valve Corporation)
HKU\Alex\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Alex\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [958392 2012-06-08] (Samsung)
HKU\Alex\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Alex\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\Alex\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Alex\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-06-01] (Google Inc.)
HKU\Alex\...\Policies\system: [DisableLockWorkstation] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\Alex\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Alex\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (No File)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-03] ()
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
1 BIOS; \??\C:\Windows\system32\drivers\BIOS64.sys [14136 2011-08-08] (BIOSTAR Group)
1 BS_I2cIo; C:\Windows\System32\Drivers\BS_I2cIo.sys [26472 2006-12-28] (BIOSTAR Group)
1 BS_I2cIo; C:\Windows\SysWow64\Drivers\BS_I2cIo.sys [17024 2008-06-16] (BIOSTAR Group)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-03] (DT Soft Ltd)
3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2010-12-20] (MCCI)
3 ss_bmdfl; C:\Windows\System32\Drivers\ss_bmdfl.sys [18944 2010-12-20] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\Drivers\ss_bmdm.sys [161280 2010-12-20] (MCCI Corporation)
3 ss_bserd; C:\Windows\System32\Drivers\ss_bserd.sys [128000 2010-12-20] (MCCI Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-07 16:00 - 2012-12-07 16:00 - 01461029 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2012-12-02 15:19 - 2012-12-02 15:19 - 00004029 ____A C:\Users\Alex\Desktop\FSS.txt
2012-12-02 15:19 - 2012-12-02 15:18 - 00696065 ____A (Farbar) C:\Users\Alex\Desktop\FSS.exe
2012-12-02 11:37 - 2012-12-02 11:37 - 00000527 ____A C:\Users\Alex\Desktop\balls3u.txt
2012-12-01 18:15 - 2012-10-25 14:20 - 00769168 ____A (Realtek ) C:\Windows\System32\Drivers\Rt64win7.sys
2012-12-01 18:15 - 2012-10-25 14:20 - 00107552 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RTNUninst64.dll
2012-12-01 18:15 - 2012-10-25 14:20 - 00074344 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\RtNicProp64.dll
2012-12-01 18:12 - 2012-12-01 18:12 - 00000000 ____D C:\Users\Alex\Desktop\Install_Win7_7065_11232012
2012-12-01 18:11 - 2012-12-01 18:11 - 05987440 ____A C:\Users\Alex\Desktop\Install_Win7_7065_11232012.zip
2012-11-28 00:22 - 2012-12-01 18:23 - 00001974 ____A C:\Windows\PFRO.log
2012-11-25 19:54 - 2012-11-25 19:54 - 03818848 ____A C:\Users\Alex\Downloads\battlelog-web-plugins_2.1.2_104.exe
2012-11-25 19:54 - 2012-11-25 19:54 - 00000000 ____D C:\Users\Alex\AppData\Local\ESN
2012-11-22 11:26 - 2012-11-20 19:32 - 2199491803 ____A C:\Users\Alex\Desktop\Casino Royale 2006 HD 720p.mp4
2012-11-20 14:56 - 2012-11-20 15:05 - 00000000 ____D C:\Users\Alex\Downloads\James Bond-Casino Royale 2006 HD 720p BRRip 5.1AAC x264-ILPruny
2012-11-18 20:51 - 2012-11-18 20:56 - 83487736 ____A C:\Users\Alex\Downloads\Family.Guy.S11E05.HDTV.x264-LOL.mp4
2012-11-17 22:00 - 2012-12-07 16:13 - 00000482 ____A C:\Windows\setupact.log
2012-11-17 22:00 - 2012-11-17 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-11-17 17:39 - 2012-11-17 17:39 - 04011968 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup324.exe
2012-11-17 17:36 - 2012-11-17 17:36 - 00089160 ____A C:\ComboFix.txt
2012-11-17 17:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-17 17:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-17 17:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-17 17:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-17 17:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-17 17:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-17 17:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-17 17:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-17 17:13 - 2012-11-17 17:36 - 00000000 ____D C:\Qoobox
2012-11-17 17:13 - 2012-11-17 17:35 - 00000000 ____D C:\Windows\erdnt
2012-11-17 17:13 - 2012-11-17 17:13 - 05002404 ____R (Swearware) C:\Users\Alex\Downloads\ComboFix.exe
2012-11-17 09:46 - 2012-11-17 09:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-17 09:40 - 2012-12-01 12:26 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2
2012-11-17 09:37 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2012-11-17 09:37 - 2009-02-24 15:35 - 00255552 ____A (MagicISO, Inc.) C:\Windows\System32\Drivers\mcdbus.sys
2012-11-17 09:36 - 2012-11-17 09:36 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PowerISO
2012-11-17 00:11 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-17 00:10 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-17 00:10 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-17 00:10 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-17 00:07 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-17 00:07 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-17 00:07 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-17 00:07 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-17 00:07 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-17 00:07 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-17 00:07 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-17 00:07 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-17 00:07 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-17 00:07 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-17 00:07 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-17 00:07 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-17 00:07 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-17 00:07 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-17 00:07 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-17 00:07 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-17 00:07 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-17 00:07 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-17 00:07 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-17 00:07 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-17 00:07 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-17 00:07 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-17 00:07 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-17 00:07 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-17 00:07 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-17 00:07 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-17 00:07 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-17 00:07 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-17 00:07 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-17 00:07 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-17 00:07 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-17 00:07 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-17 00:01 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-17 00:01 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-17 00:01 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-17 00:01 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-17 00:01 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 00:01 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-17 00:01 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-17 00:01 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 17:05 - 2012-11-16 22:40 - 00000000 ____D C:\Users\Alex\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
2012-11-16 12:46 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 12:46 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-16 12:46 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 12:46 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 12:46 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 12:45 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-16 12:45 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-16 12:45 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-16 12:45 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-16 12:45 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-16 12:45 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-16 12:45 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-16 12:45 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 12:45 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-16 12:45 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-16 12:45 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-16 12:45 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-16 12:45 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 12:45 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll


==================== One Month Modified Files and Folders =======

2012-12-07 19:20 - 2012-12-07 19:20 - 00000000 ____D C:\FRST
2012-12-07 16:14 - 2012-06-02 12:31 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-07 16:13 - 2012-11-17 22:00 - 00000482 ____A C:\Windows\setupact.log
2012-12-07 16:12 - 2012-07-09 20:11 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2012-12-07 16:11 - 2009-07-13 21:08 - 00021690 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-07 16:11 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-07 16:00 - 2012-12-07 16:00 - 01461029 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2012-12-07 15:23 - 2012-06-01 15:29 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-02 15:19 - 2012-12-02 15:19 - 00004029 ____A C:\Users\Alex\Desktop\FSS.txt
2012-12-02 15:18 - 2012-12-02 15:19 - 00696065 ____A (Farbar) C:\Users\Alex\Desktop\FSS.exe
2012-12-02 11:37 - 2012-12-02 11:37 - 00000527 ____A C:\Users\Alex\Desktop\balls3u.txt
2012-12-02 09:17 - 2009-07-13 20:45 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-02 09:17 - 2009-07-13 20:45 - 00010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-01 19:33 - 2012-06-02 05:03 - 01359966 ____A C:\Windows\WindowsUpdate.log
2012-12-01 18:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-01 18:23 - 2012-11-28 00:22 - 00001974 ____A C:\Windows\PFRO.log
2012-12-01 18:15 - 2012-06-01 14:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-01 18:15 - 2012-06-01 14:41 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-12-01 18:12 - 2012-12-01 18:12 - 00000000 ____D C:\Users\Alex\Desktop\Install_Win7_7065_11232012
2012-12-01 18:11 - 2012-12-01 18:11 - 05987440 ____A C:\Users\Alex\Desktop\Install_Win7_7065_11232012.zip
2012-12-01 17:19 - 2012-07-06 14:13 - 00773412 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-12-01 17:19 - 2009-07-13 21:13 - 00773412 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-01 17:14 - 2012-06-03 09:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\uTorrent
2012-12-01 17:07 - 2012-06-01 15:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-01 17:04 - 2012-06-01 15:19 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-01 17:04 - 2012-06-01 15:19 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-01 16:41 - 2012-02-13 21:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227640647-3459843092-1356551924-1000UA.job
2012-12-01 12:26 - 2012-11-17 09:40 - 00000000 ____D C:\Program Files (x86)\Call of Duty Black Ops 2
2012-12-01 07:30 - 2012-06-01 14:43 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2012-11-30 18:41 - 2012-02-13 21:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-227640647-3459843092-1356551924-1000Core.job
2012-11-30 14:19 - 2012-10-26 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-30 14:14 - 2012-06-01 16:04 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-30 14:13 - 2012-06-01 15:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-30 14:13 - 2012-06-01 15:19 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-28 13:21 - 2012-06-24 19:09 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2012-11-28 00:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-28 00:23 - 2012-07-09 20:15 - 00000000 ___RD C:\Users\Alex\Dropbox
2012-11-28 00:22 - 2012-06-01 14:43 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2012-11-25 20:01 - 2012-06-01 22:04 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-11-25 20:01 - 2012-06-01 22:01 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-11-25 20:01 - 2012-06-01 22:01 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-11-25 19:54 - 2012-11-25 19:54 - 03818848 ____A C:\Users\Alex\Downloads\battlelog-web-plugins_2.1.2_104.exe
2012-11-25 19:54 - 2012-11-25 19:54 - 00000000 ____D C:\Users\Alex\AppData\Local\ESN
2012-11-25 19:54 - 2012-06-01 22:02 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-11-20 19:32 - 2012-11-22 11:26 - 2199491803 ____A C:\Users\Alex\Desktop\Casino Royale 2006 HD 720p.mp4
2012-11-20 15:05 - 2012-11-20 14:56 - 00000000 ____D C:\Users\Alex\Downloads\James Bond-Casino Royale 2006 HD 720p BRRip 5.1AAC x264-ILPruny
2012-11-19 12:47 - 2012-06-16 17:03 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2012-11-18 20:56 - 2012-11-18 20:51 - 83487736 ____A C:\Users\Alex\Downloads\Family.Guy.S11E05.HDTV.x264-LOL.mp4
2012-11-17 22:00 - 2012-11-17 22:00 - 00000000 ____A C:\Windows\setuperr.log
2012-11-17 17:40 - 2012-06-03 20:45 - 00000000 ____D C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
2012-11-17 17:39 - 2012-11-17 17:39 - 04011968 ____A (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup324.exe
2012-11-17 17:39 - 2012-08-18 08:35 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-17 17:39 - 2012-06-05 13:20 - 00000000 ____D C:\Program Files\CCleaner
2012-11-17 17:36 - 2012-11-17 17:36 - 00089160 ____A C:\ComboFix.txt
2012-11-17 17:36 - 2012-11-17 17:13 - 00000000 ____D C:\Qoobox
2012-11-17 17:36 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-11-17 17:36 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-11-17 17:35 - 2012-11-17 17:13 - 00000000 ____D C:\Windows\erdnt
2012-11-17 17:32 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-17 17:13 - 2012-11-17 17:13 - 05002404 ____R (Swearware) C:\Users\Alex\Downloads\ComboFix.exe
2012-11-17 17:04 - 2012-06-02 15:11 - 00000000 __SHD C:\Users\Alex\AppData\Roaming\B0BEE4
2012-11-17 09:52 - 2012-06-09 05:04 - 00000000 ____D C:\Users\Alex\AppData\Local\SKIDROW
2012-11-17 09:46 - 2012-11-17 09:46 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-17 09:36 - 2012-11-17 09:36 - 00000000 ____D C:\Users\Alex\AppData\Roaming\PowerISO
2012-11-17 00:33 - 2012-06-01 15:09 - 00064008 ____A C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 00:31 - 2009-07-13 20:45 - 00299336 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-17 00:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-17 00:14 - 2012-06-22 12:17 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-17 00:01 - 2012-06-01 16:31 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-16 22:40 - 2012-11-16 17:05 - 00000000 ____D C:\Users\Alex\Downloads\Call.of.Duty.Black.Ops.II-SKIDROW
2012-11-10 02:18 - 2012-06-24 19:09 - 00000000 ____D C:\Users\All Users\Skype
2012-11-09 14:17 - 2012-06-01 15:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-08 17:25 - 2012-10-05 11:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-08 17:25 - 2012-09-03 16:13 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-08 17:25 - 2012-06-01 15:40 - 00000000 ____D C:\Users\All Users\AVG Secure Search


ZeroAccess:
C:\Windows\Installer\{379bcf1a-8224-8022-9a72-8d521819ba1c}
C:\Windows\Installer\{379bcf1a-8224-8022-9a72-8d521819ba1c}\L
C:\Windows\Installer\{379bcf1a-8224-8022-9a72-8d521819ba1c}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-25 00:00:17
Restore point made on: 2012-11-26 00:00:18
Restore point made on: 2012-11-27 00:00:17
Restore point made on: 2012-11-28 00:00:17
Restore point made on: 2012-11-29 00:00:15
Restore point made on: 2012-11-30 00:00:13
Restore point made on: 2012-12-01 00:00:13
Restore point made on: 2012-12-01 17:14:44
Restore point made on: 2012-12-01 18:14:05
Restore point made on: 2012-12-01 18:15:12

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8157.07 MB
Available physical RAM: 7348.79 MB
Total Pagefile: 8155.21 MB
Available Pagefile: 7341 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:187.22 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:18.63 GB) (Free:18.53 GB) NTFS
5 Drive h: () (Removable) (Total:11.26 GB) (Free:4.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 18 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 11 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 18 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Backup NTFS Partition 18 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 11 GB 0 B

==================================================================================

Disk: 3
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-11-24 21:46

==================== End Of Log =============================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 07 December 2012 - 07:42 PM

FYI: When we are both online and you remain viewing the topic, to see my reply you have to use F5 key to refresh the web page otherwise you continue to see your own reply until you exit viewing the topic. The site doesn't automatically refreshes the page when a reply is posted.

You may run all the steps from normal mode. No need to go to recovery mode any more. To run FRST64 just double-click it.

  • Please download Attached File  fixlist.txt   59bytes   6 downloads
    Save it to your flash drive where FRST64 is located.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please download Attached File  AFD.reg   1.64KB   4 downloads
    First save it to your desktop.
    Double-click it and confirm the prompt to allow to merge.
  • Important: Restart.
  • After restart please check your internet connection and tell me if you have connection.


#7 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 December 2012 - 09:41 PM

Still no internet access after running AFD.reg.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2012
Ran by Alex at 2012-12-07 21:34:51 Run:1
Running from G:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Windows\Installer\{379bcf1a-8224-8022-9a72-8d521819ba1c} moved successfully.

==== End of Fixlog ====

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 07 December 2012 - 10:02 PM

All the following steps should be done in normal mode while you are connected to internet.

I'm going to sleep now and will post back tomorrow after reviewing the logs.

  • Please run Farbar Service Scanner the same way you ran it the first time you posted the topic and post the log it makes.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List installed programs.
    • List Devices (only check the box and let the default radio button as it is).
    Click Go and copy and paste the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • There is a combofix log on the root of C drive (start => Computer => open drive C, you see will see ComboFix.txt). Please attach it to your reply.


#9 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 07 December 2012 - 10:15 PM

FSS LOG:
Farbar Service Scanner Version: 01-12-2012 02
Ran by Alex (administrator) on 07-12-2012 at 22:09:20
Running from "C:\Users\Alex\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

RESULT.TXT LOG:
MiniToolBox by Farbar Version: 25-11-2012
Ran by Alex (administrator) on 07-12-2012 at 22:11:01
Running from "C:\Users\Alex\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AlexGame-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-97-5A-00-84-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd86:9283:ffac:4c78%26(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.76.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
26...b8 97 5a 00 84 89 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.76.120 276
169.254.76.120 255.255.255.255 On-link 169.254.76.120 276
169.254.255.255 255.255.255.255 On-link 169.254.76.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.76.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.76.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
26 276 fe80::/64 On-link
26 276 fe80::dd86:9283:ffac:4c78/128
On-link
1 306 ff00::/8 On-link
26 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2012 09:37:11 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/07/2012 09:32:36 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/07/2012 07:11:52 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 10:31:46 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 10:16:20 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 09:36:04 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 09:23:22 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 08:47:49 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 08:36:17 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (11/28/2012 03:00:14 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service IP Helper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (12/07/2012 10:11:07 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (12/07/2012 10:11:06 PM) (Source: Service Control Manager) (User: )
Description: The HTTP service failed to start due to the following error:
%%22

Error: (12/07/2012 10:09:39 PM) (Source: DCOM) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (12/07/2012 10:09:33 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.

Error: (12/07/2012 10:09:33 PM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147952450.

Error: (12/07/2012 09:53:10 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/07/2012 09:53:10 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%1058

Error: (12/07/2012 09:53:10 PM) (Source: Service Control Manager) (User: )
Description: The Ancillary Function Driver for Winsock service failed to start due to the following error:
%%1058

Error: (12/07/2012 09:53:05 PM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (12/07/2012 09:53:05 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (12/07/2012 09:37:11 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/07/2012 09:32:36 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/07/2012 07:11:52 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 10:31:46 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 10:16:20 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 09:36:04 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 09:23:22 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 08:47:49 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (12/01/2012 08:36:17 PM) (Source: Schedule)(User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (11/28/2012 03:00:14 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service IP Helper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


CodeIntegrity Errors:
===================================
Date: 2012-11-17 20:27:43.386
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-17 20:27:43.355
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
ARMA 2
ARMA 2: Operation Arrowhead
Assassin's Creed Revelations (Version: 1.00)
Auslogics Disk Defrag (Version: version 3.4)
AVG 2013 (Version: 13.0.2634)
AVG 2013 (Version: 13.0.2793)
AVG 2013 (Version: 2013.0.2793)
AVG Security Toolbar
Battlefield 2 (Version: 1.5.0.0)
Battlefield 3™ (Version: 1.4.0.0)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 2.1.2)
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
BattlEye Uninstall
Best Buy pc app (Version: 3.5.1.2)
Blacklight: Retribution
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
CCleaner (Version: 3.24)
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DiRT 3
Dropbox (Version: 1.4.9)
ESN Sonar (Version: 0.70.4)
Far Cry 2
Google Chrome (Version: 23.0.1271.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35132)
Intel® Management Engine Components (Version: 8.0.0.1351)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2618)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.6.0)
Java SE Development Kit 7 Update 5 (64-bit) (Version: 1.7.0.50)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (64-bit) (Version: 2.1.1)
JavaFX 2.1.1 (Version: 2.1.1)
JavaFX 2.1.1 SDK (64-bit) (Version: 2.1.1)
League of Legends (Version: 1.3)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Medal of Honor ™ (Version: 1.0.0.0)
Medal of Honor™ Warfighter (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
Notepad++ (Version: 6.1.8)
Octoshape add-in for Adobe Flash Player
Origin (Version: 9.0.13.2142)
Portal
Portal 2
PunkBuster Services (Version: 0.991)
Rapture3D 2.4.8 Game
Realtek Ethernet Controller Driver (Version: 7.65.1025.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6559)
Samsung Kies (Version: 2.3.2.12054_20)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
Six Updater (Version: 2.09.7016)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
System Requirements Lab for Intel (Version: 4.5.5.0)
Team Fortress 2
Tseries BIOS Update
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Vegas Pro 11.0 (Version: 11.0.370)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

========================= Devices: ================================

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


**** End of log ****

Attached Files



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 08 December 2012 - 08:09 AM

Afd driver service is not running. Unless we get it running there will be no connection. We restored the missing registry keys and its file is also legit.

  • Can you confirm that after running ComboFix you had internet connection?
  • Please download Attached File  fix64.reg   794bytes   3 downloads
    Double-click it and confirm the prompt to allow to merge.
  • We need to rule out AVG interference. Uninstall the following programs:

    Any instance of AVG 2013
    AVG Security Toolbar

    Note: To have proper protection, as soon as you get your connection back you need to install AVG or any other antivirus.
  • Download and run the AVG Uninstaller. This makes sure there is not AVG leftover.
  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.
  • Please download ServicesRepair and save it to your desktop.

    • Double-click ServicesRepair.exe.
    • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
    • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • After restart run MiniToolBox, check:

    "List IP Configuration"
    "List Winsock Entries"
    "List Devices" (leave the default radio button as it is).
    "List Restore Points".

    Click "Go" and post the log it makes.
  • Then run Farbar Service Scanner as before and post the log it makes.


#11 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 December 2012 - 12:05 PM

After I ran ComboFix, I was on a wireless connection and it worked fine. I moved the router to my computer in the house and that's when it stopped working.
FSS:
Farbar Service Scanner Version: 01-12-2012 02
Ran by Alex (administrator) on 08-12-2012 at 12:00:49
Running from "C:\Users\Alex\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

RESULT:
MiniToolBox by Farbar Version: 25-11-2012
Ran by Alex (administrator) on 08-12-2012 at 12:01:46
Running from "C:\Users\Alex\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AlexGame-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-97-5A-00-84-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd86:9283:ffac:4c78%26(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.76.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{4CA96868-4234-40DE-9E28-273D57BD056B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
26...b8 97 5a 00 84 89 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.76.120 276
169.254.76.120 255.255.255.255 On-link 169.254.76.120 276
169.254.255.255 255.255.255.255 On-link 169.254.76.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.76.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.76.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
26 276 fe80::/64 On-link
26 276 fe80::dd86:9283:ffac:4c78/128
On-link
1 306 ff00::/8 On-link
26 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Devices: ================================

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Restore Points ==================================

26-11-2012 08:00:10 Windows Update
27-11-2012 08:00:10 Windows Update
28-11-2012 08:00:10 Windows Update
29-11-2012 08:00:11 Windows Update
30-11-2012 08:00:10 Windows Update
01-12-2012 08:00:10 Windows Update
02-12-2012 01:14:38 Windows Update
02-12-2012 02:13:55 Removed Realtek Ethernet Controller Driver
02-12-2012 02:15:09 Installed Realtek Ethernet Controller Driver
08-12-2012 16:48:07 Removed AVG 2013
08-12-2012 16:49:25 Removed AVG 2013

**** End of log ****

#12 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 December 2012 - 12:12 PM

ADWCLEANER:
# AdwCleaner v2.011 - Logfile created 12/08/2012 at 11:55:04
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Alex - ALEXGAME-PC
# Boot Mode : Normal
# Running from : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Alex\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\pvt6g3nf.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"6i0+27nC86VdYv4WoD62A23UZGdsfF+ZT/fv3rJNUlM=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[S1].txt - [2506 octets] - [08/12/2012 11:55:04]

########## EOF - C:\AdwCleaner[S1].txt - [2566 octets] ##########

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 08 December 2012 - 05:47 PM

  • Please run Farbar Service Scanner.
    Type the following in the edit box after "Search:"

    afd.sys

    Click Search Files button and post the log (FSS.txt) it makes to your reply or rename it to FSS1.txt to post it later.
  • Run Farbar Service Scanner again. This time type afd in the edit box and press "Export Service". Please post the log to your reply.


#14 alexguy96

alexguy96
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 08 December 2012 - 06:21 PM

Farbar Service Scanner Version: 01-12-2012 02
Ran by Alex (administrator) on 08-12-2012 at 18:15:49
Windows 7 Ultimate Service Pack 1 (X64)

************************************************
======== Search: "AFD.sys" =========

C:\Windows\System32\drivers\afd.sys
[2012-06-01 18:38] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2012-06-01 18:38] - [2011-12-27 23:01] - 0498176 ____A (Microsoft Corporation) 36A14FD1A23F57046361733B792CA8DB

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2012-06-01 18:38] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2012-06-02 18:12] - [2010-11-20 04:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2012-06-01 18:38] - [2011-12-27 23:01] - 0499200 ____A (Microsoft Corporation) CCA39961E76B491DDF44B1E90FC8971D

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2012-06-01 18:38] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2009-07-13 18:21] - [2009-07-13 18:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC

====== End Of Search ======

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd]
"BootFlags"=dword:00000001
"DisplayName"="@%systemroot%\\system32\\drivers\\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,\
00,69,00,76,00,65,00,72,00,73,00,5c,00,61,00,66,00,64,00,2e,00,73,00,79,00,\
73,00,00,00
"Description"="@%systemroot%\\system32\\drivers\\afd.sys,-1000"
"ErrorControl"=dword:00000001
"Start"=dword:00000001
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Enum]
"0"="Root\\LEGACY_AFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\afd\Parameters]

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:44 AM

Posted 09 December 2012 - 01:21 PM

There is nothing wrong with afd registry service and the file. We don't know for sure if it starts and then gets shut down or doesn't start at all. We will see.

  • Please delete the following file:

    C:\Windows\Ntbtlog.txt
  • Restart your computer. Press F8 at the operating system menu. The Advanced Boot Options menu appears.
    On the Advanced Boot Options menu, select Enable Boot Logging and let the computer boots. Windows creates a new Ntbtlog.txt.
  • Please attach the following file to your reply: C:\Windows\Ntbtlog.txt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users