Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Wifi Virus? (ERR_CONNECTION_TIMEOUT) - only affects PC WIFI


  • This topic is locked This topic is locked
3 replies to this topic

#1 just_bri

just_bri

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 16 February 2015 - 07:16 PM

Hello! :)
 
My family computer has Win8.1 OS, with internal Wi-Fi Internet access. And for some strange reason, it now has limited access to the Internet.
 
When I try visiting most websites, the page loads and 20 seconds later I get an ERR_CONNECTION_TIMEOUT message. The same message pops up on multiple browsers (Firefox, Chrome, Internet Explorer).
 
We've had this issue since late January (and we've had lots of bad weather lately), so I thought it might clear up overtime. But the problem never resolved itself; we keep having the same issues every day.
 
Here are some other details:
  1. The family PC has two accounts: one is a kid account (with no administrative rights), and the other is an administrative account The kid account is used the most...so I'm wondering if some sort of malware came in through that account, despite it not having any administrative rights, and then it infected the entire PC.
     
  2. Non-PCs (tablets, smartphones, etc.) don't seem affected by this. They have full Internet access via Wi-Fi. (That said, it sounds like the issue is a bug that's targeting this PC specifically?)
     
  3. If I use an Ethernet cable (instead of Wi-Fi) on the PC, it will also have full Internet access.
Does this sound like the work of some malware? Or could actually be a really strange modem/Win8 problem??? I somehow don't think it's a technical issue.
 
I've attached my documentation in the code box below, and you can view the Addition attachment here:
Attached File  Addition.txt   26.22KB   1 downloads
 
:) Thanks in advance for the help!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Home (administrator) on DELLA on 16-02-2015 16:38:38
Running from C:\Users\Home\Desktop
Loaded Profiles: Home & Terry (Available profiles: Home & Terry)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\mqs\QcShm.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Farbar) C:\Users\Home\Desktop\01. FRST64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2575675143-314919561-431323313-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2575675143-314919561-431323313-1001\...\MountPoints2: {828ab5e4-feaa-11e3-8250-806e6f6e6963} - "E:\Msetup4.exe" 
HKU\S-1-5-21-2575675143-314919561-431323313-1001\...\MountPoints2: {8ed5ad30-7b2f-11e4-826b-9cad974a563c} - "D:\ZTE_Handset_USB_Driver.exe" 
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2575675143-314919561-431323313-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2575675143-314919561-431323313-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2575675143-314919561-431323313-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2575675143-314919561-431323313-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2575675143-314919561-431323313-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575675143-314919561-431323313-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575675143-314919561-431323313-1001 -> {B901748E-A165-4B71-B890-920BB22FCF34} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\dnk83m4k.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-06-28]

Chrome: 
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-06]
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-06]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-06]
CHR Extension: (Adblock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-21]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-06]
CHR Extension: (Google Sheets) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-06]
CHR Extension: (AdBlock Plus) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfcfceejhleedfbabanmaamfiagjhncj [2014-11-21]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-06]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 16:38 - 2015-02-16 16:39 - 00018399 _____ () C:\Users\Home\Desktop\FRST.txt
2015-02-16 16:38 - 2015-02-16 16:38 - 00000000 ___RD () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-16 16:38 - 2015-02-16 16:18 - 02085888 _____ (Farbar) C:\Users\Home\Desktop\01. FRST64.exe
2015-02-16 16:32 - 2015-02-16 16:32 - 00021564 _____ () C:\Users\Terry\Desktop\Addition.txt
2015-02-16 16:29 - 2015-02-16 16:38 - 00000000 ____D () C:\FRST
2015-02-16 16:29 - 2015-02-16 16:37 - 00022954 _____ () C:\Users\Terry\Desktop\FRST.txt
2015-02-16 16:28 - 2015-02-16 16:18 - 02085888 _____ (Farbar) C:\Users\Terry\Desktop\01. FRST64.exe
2015-02-16 16:25 - 2015-02-16 16:27 - 00000000 ____D () C:\Users\Terry\iStar
2015-02-16 13:41 - 2015-02-16 13:41 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2015-01-30 15:40 - 2015-01-30 15:40 - 00000000 ____D () C:\Users\Terry\AppData\Roaming\Mozilla
2015-01-30 15:40 - 2015-01-30 15:40 - 00000000 ____D () C:\Users\Terry\AppData\Local\Mozilla
2015-01-29 18:44 - 2015-01-29 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-20 21:18 - 2015-01-20 21:20 - 00000000 ____D () C:\Users\Terry\AppData\Local\CrashDumps
2015-01-20 20:04 - 2015-01-20 20:04 - 00001217 _____ () C:\Users\Terry\Desktop\Project64 1.6 - Shortcut.lnk
2015-01-20 19:52 - 2015-01-20 19:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2015-01-20 19:51 - 2015-01-20 19:52 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2015-01-20 19:47 - 2015-01-20 19:47 - 02080797 _____ (Project64 ) C:\Users\Terry\Downloads\project64_1.6.exe
2015-01-19 22:16 - 2014-12-31 06:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 16:38 - 2014-10-06 20:11 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 16:38 - 2014-06-28 05:02 - 01178551 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 16:38 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-16 16:37 - 2014-10-07 13:12 - 00000000 ____D () C:\Users\Terry\Documents\Bluetooth Folder
2015-02-16 16:34 - 2014-10-06 20:11 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 16:28 - 2014-10-07 13:16 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2575675143-314919561-431323313-1002
2015-02-16 16:26 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 16:25 - 2014-10-07 13:10 - 00000000 ____D () C:\Users\Terry
2015-02-16 16:24 - 2013-08-22 09:46 - 00025658 _____ () C:\Windows\setupact.log
2015-02-16 16:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 15:21 - 2014-10-06 13:38 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2575675143-314919561-431323313-1001
2015-02-16 15:19 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-16 13:42 - 2014-10-28 07:17 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{764FB79C-D4C6-439F-A619-5211B0038493}
2015-02-16 13:41 - 2014-06-28 05:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-10 16:59 - 2014-11-15 14:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-10 16:59 - 2014-11-15 14:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-10 16:58 - 2014-11-15 14:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-10 16:51 - 2014-10-06 20:09 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FF1753AA-BCAE-4055-A40D-76DCF6DD76AD}
2015-02-10 16:50 - 2014-12-28 08:59 - 01507328 _____ () C:\Users\Home\Documents\JobSearch_final.accdb
2015-02-08 19:54 - 2014-11-20 23:07 - 00000000 ____D () C:\Users\Home\Desktop\Bri
2015-02-07 20:36 - 2014-10-06 20:12 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 20:29 - 2014-10-06 20:11 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 20:29 - 2014-10-06 20:11 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 13:35 - 2014-10-21 14:15 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-06 13:19 - 2014-12-28 08:50 - 00000000 ____D () C:\Windows\AutoKMS
2015-02-03 14:31 - 2014-10-06 15:27 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-10-06 15:27 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 13:36 - 2015-01-04 20:08 - 00004940 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Della-Home Della
2015-01-20 20:04 - 2014-10-07 13:10 - 00000000 ____D () C:\Users\Terry\AppData\Local\VirtualStore
2015-01-20 19:58 - 1996-12-24 23:32 - 33554432 _____ () C:\Users\Terry\Downloads\WWF No Mercy (USA) (Rev A).n64
2015-01-20 19:29 - 2014-06-28 05:31 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-20 19:27 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-20 19:26 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 19:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-20 15:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-19 07:01 - 2014-10-06 14:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 19:13 - 2014-10-06 14:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-28 05:22 - 2014-06-28 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-28 05:21 - 2014-06-28 05:21 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-28 05:17 - 2014-06-28 05:18 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-28 05:18 - 2014-06-28 05:19 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-28 05:20 - 2014-06-28 05:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-06-28 05:16 - 2014-06-28 05:16 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\BJMYDGN.EXE
C:\Users\Home\AppData\Local\Temp\BJMYPRT.EXE
C:\Users\Home\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Home\AppData\Local\Temp\MSETUP4.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 13:17

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 just_bri

just_bri
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 18 February 2015 - 06:51 AM

TWO IMPORTANT THINGS:
1. I made a major typo in that second line. It should say:

When I try visiting most websites, the page ATTEMPTS to load and 20 seconds later I get an ERR_CONNECTION_TIMEOUT message.

 

...Nothing actually loads. Except Google.com, and occasionally Facebook. (See below.)

 

2. Using an Ethernet cable DOES NOT really work. (I was able to go to Facebook with it, and that's it. Every other website still gives the Timeout error.)



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 21 February 2015 - 07:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/567317 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 26 February 2015 - 07:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users