Jump to content

Recommended Posts

My Dell Laptop will not connect to the internet via wifi or ethernet cable.  My desk top, iphone and smart tv all work okay.  I tried using a wireless usb adapter  and that didn't work.  I'm pretty sure it's not a hardware problem.  I even swapped out another motherboard with the same result.  All other programs work although my computer takes a long time to boot up and it won't connect to the internet and wifi.

 

When I boot the computer on, It says, "Connection Status Unknown."  "Windows could not connect to the event notification service..."

 

Norton Symantic sends me the following message:  "Auto-Protect unexpected error - 0x000003E8."

 

It will not system restore.  It can not find restore points or they were erased.  I'm using my old desktop and haping that I can download diagnostic programs from memory stick to my laptop so that it can resolve the problem.  I was able to run a "Hijack This Log" using the memory stick.  Please see the attached log.  I also have old copies of Combo Fix and TDS Killer.  I'm not sure if these can be loaded to a disk and then run thru my DVD drive or flash drive.

 

Logfile of HijackThis v1.99.1
Scan saved at 1:36:15 PM, on 2/10/2014
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Virtual Account Numbers\CitiVAN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Tenda\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\OBroker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ZipDownloader\ZipDownloader.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Citi Virtual Account Numbers] C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [Virtual Account Numbers] C:\PROGRA~1\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ALUAlert] "C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [com.codeode.privacymantra] "C:\Program Files\Privacy Mantra 2.06\privacymantra.exe" -minimized
O4 - HKCU\..\Run: [EPSON Artisan 730 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE /FU "C:\Users\Gerry\AppData\Local\Temp\E_SE723.tmp" /EF "HKCU"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: Tenda Wireless Utility.lnk = C:\Program Files\Tenda\Common\RaUI.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 22 missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Tenda\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Tenda\Common\RaMediaServer.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

Any help in resolving this issue is appreciated.  I'll await a response and will follow your instructions to the best of my ability.. Thanks  closer2u

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

As you have a spare PC and a USB stick you can transfer the following tools to the sick PC desktop, run them and transfer the logs back and post in next reply:

 

Download Farbar Recovery Scan Tool and save it to your desktop via USB stick.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Kevin..

Link to post
Share on other sites

Kevin,

 

Thank you for your help.  The infected computer is my laptop not my desk top.  Attached are the logs you requested.  Let me know if this is what you wanted and how to proceed.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by Gerry (administrator) on GERRY-PC on 11-02-2014 01:35:18
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Ralink Technology, Corp.) C:\Program Files\Tenda\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files\Virtual Account Numbers\CitiVAN.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files\Virtual Account Numbers\CitiVAN.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Codeode) C:\Program Files\Privacy Mantra 2.06\privacymantra.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Tenda Technology, Corp.) C:\Program Files\Tenda\Common\RaUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Orbiscom Ltd.) C:\Windows\System32\OBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [1540096 2006-11-27] (Dell Inc.)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115816 2007-01-09] (Symantec Corporation)
HKLM\...\Run: [osCheck] - C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-12-03] (Symantec Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
HKLM\...\Run: [ECenter] - c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2006-10-13] (CyberLink Corp.)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )
HKLM\...\Run: [symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
HKLM\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [Citi Virtual Account Numbers] - C:\Program Files\Virtual Account Numbers\CitiVAN.exe [398336 2013-03-04] (Orbiscom Ltd. All rights reserved.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7766016 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM\...\Run: [Virtual Account Numbers] - C:\Program Files\Virtual Account Numbers\CitiVAN.exe [398336 2013-03-04] (Orbiscom Ltd. All rights reserved.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [ALUAlert] - C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [493176 2007-05-11] (Symantec Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [com.codeode.privacymantra] - C:\Program Files\Privacy Mantra 2.06\privacymantra.exe [958464 2009-03-28] (Codeode)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [EPSON Artisan 730 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\MountPoints2: {310b2ed7-055a-11dc-874d-806e6f6e6963} - E:\setup.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-30] (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://us-mg5.mail.yahoo.com/neo/launch?.rand=ad7ht97j05r2a&ufb=1#
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {40F38155-8BD8-427B-A34B-0822F8E97B2F} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=TV5rS-jBhYHunMV-RTNYkijycqE?q={searchTerms}
SearchScopes: HKCU - {FA7F210E-96FF-4B04-B8DE-EA3139D63B8C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {FB26DAB2-02C2-41A2-8428-B030E36FAB51} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll No File
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

========================== Services (Whitelisted) =================

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-05-11] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-12-03] (Symantec Corporation)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-12-03] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2983544 2007-05-11] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1252232 2007-11-02] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-12-03] (Symantec Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1716224 2006-11-27] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-13] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20140115.001\IDSvix86.sys [287792 2013-09-17] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1168960 2011-11-10] (Ralink Technology Corp.)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-12-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247608 2007-03-27] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [276792 2007-03-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25400 2007-03-27] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11792 2006-12-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2007-05-30] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [144784 2006-12-03] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [38928 2006-12-03] (Symantec Corporation)
R0 symlcbrd; C:\Windows\System32\drivers\symlcbrd.sys [10344 2013-12-14] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37008 2006-12-03] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-12-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-12-03] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070623.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070623.007\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 01:25 - 2014-02-11 01:35 - 00000000 ____D () C:\FRST
2014-02-09 19:17 - 2014-02-09 19:17 - 00000000 ____D () C:\Qoobox
2014-02-08 12:23 - 2014-02-08 12:23 - 00000490 _____ () C:\Users\Gerry\Documents - Shortcut.lnk
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setupact.log
2014-01-29 21:28 - 2014-01-29 21:28 - 00000000 ____D () C:\ProgramData\Ralink
2014-01-29 21:27 - 2014-01-29 21:27 - 00001465 _____ () C:\Users\Public\Desktop\Tenda Wireless Utility.lnk
2014-01-29 21:25 - 2014-01-29 22:18 - 00008091 _____ () C:\Windows\system32\RaCoInst.log
2014-01-29 21:16 - 2014-01-29 21:16 - 00000000 ____D () C:\ProgramData\Tenda Driver
2014-01-29 21:16 - 2011-11-10 17:11 - 01168960 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2014-01-29 21:16 - 2011-11-10 16:55 - 00238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2014-01-29 21:16 - 2011-11-10 16:55 - 00014119 _____ () C:\Windows\system32\RaCoInst.dat
2014-01-29 21:15 - 2014-01-29 21:16 - 00000000 ____D () C:\Program Files\Cisco
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Tenda
2014-01-29 21:15 - 2011-09-16 16:19 - 00000450 _____ () C:\Windows\system32\DiagFunc.ini
2014-01-29 21:15 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2014-01-29 21:15 - 2011-05-04 13:54 - 00802880 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2014-01-29 21:15 - 2010-07-01 17:45 - 00119648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2014-01-29 21:15 - 2010-06-29 10:34 - 00480608 _____ () C:\Windows\system32\DiagFunc.dll
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Windows\system32\vmm32
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Accessories
2014-01-20 12:24 - 2014-01-20 12:24 - 01286627 _____ () C:\Users\Gerry\Downloads\Unconfirmed 135194.crdownload
2014-01-18 09:46 - 2014-01-18 09:46 - 00000206 _____ () C:\Users\Gerry\CD Drive - Shortcut.lnk
2014-01-14 14:54 - 2014-01-14 14:57 - 00009743 _____ () C:\Users\Gerry\Downloads\Owner_Statement_Simple.xlsx

==================== One Month Modified Files and Folders =======

2014-02-11 01:35 - 2014-02-11 01:25 - 00000000 ____D () C:\FRST
2014-02-11 01:24 - 2006-11-02 05:33 - 00703404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 00:17 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 00:17 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 16:00 - 2007-05-18 11:13 - 01337044 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 15:59 - 2007-05-18 11:50 - 00000000 ____D () C:\MDT
2014-02-10 15:58 - 2007-05-27 18:49 - 00013025 _____ () C:\Users\Gerry\AppData\Roaming\nvModes.001
2014-02-09 19:17 - 2014-02-09 19:17 - 00000000 ____D () C:\Qoobox
2014-02-09 18:35 - 2009-04-05 23:40 - 00001356 _____ () C:\Users\Gerry\AppData\Local\d3d9caps.dat
2014-02-08 12:23 - 2014-02-08 12:23 - 00000490 _____ () C:\Users\Gerry\Documents - Shortcut.lnk
2014-02-08 12:23 - 2007-05-24 23:23 - 00000000 ____D () C:\Users\Gerry
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setupact.log
2014-01-31 10:51 - 2007-05-26 00:16 - 00013025 _____ () C:\Users\Gerry\AppData\Roaming\nvModes.dat
2014-01-30 08:57 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-01-29 22:18 - 2014-01-29 21:25 - 00008091 _____ () C:\Windows\system32\RaCoInst.log
2014-01-29 21:28 - 2014-01-29 21:28 - 00000000 ____D () C:\ProgramData\Ralink
2014-01-29 21:27 - 2014-01-29 21:27 - 00001465 _____ () C:\Users\Public\Desktop\Tenda Wireless Utility.lnk
2014-01-29 21:16 - 2014-01-29 21:16 - 00000000 ____D () C:\ProgramData\Tenda Driver
2014-01-29 21:16 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Cisco
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Tenda
2014-01-29 21:15 - 2007-05-18 11:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Windows\system32\vmm32
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Accessories
2014-01-24 14:36 - 2007-05-18 11:27 - 00000000 ____D () C:\Program Files\Dell
2014-01-24 13:55 - 2007-06-08 06:06 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Corel
2014-01-22 17:52 - 2007-05-18 11:58 - 00059666 _____ () C:\Windows\PFRO.log
2014-01-22 09:36 - 2013-01-21 10:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 09:35 - 2011-12-19 09:49 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 09:35 - 2011-12-19 09:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 12:24 - 2014-01-20 12:24 - 01286627 _____ () C:\Users\Gerry\Downloads\Unconfirmed 135194.crdownload
2014-01-18 14:50 - 2011-12-19 09:54 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-18 14:34 - 2007-05-25 20:32 - 00000488 _____ () C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Gerry.job
2014-01-18 10:15 - 2007-05-24 23:28 - 00041472 _____ () C:\Users\Gerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 09:46 - 2014-01-18 09:46 - 00000206 _____ () C:\Users\Gerry\CD Drive - Shortcut.lnk
2014-01-17 11:13 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-17 11:11 - 2006-11-02 08:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 03:20 - 2013-07-30 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:10 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 14:57 - 2014-01-14 14:54 - 00009743 _____ () C:\Users\Gerry\Downloads\Owner_Statement_Simple.xlsx

Some content of TEMP:
====================
C:\Users\Gerry\AppData\Local\Temp\air3742.exe
C:\Users\Gerry\AppData\Local\Temp\_is12F8.exe

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014 01
Ran by Gerry at 2014-02-11 01:35:49
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
AOL Install (Version: 1.0.0 - America Online, Inc)
AppCore (Version: 1 - Symantec Corporation) Hidden
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AV (Version: 1 - Symantec Corporation) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
ccCommon (Version: 106.1.1.4 - Symantec) Hidden
CCleaner (Version: 2.36 - Piriform)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HDA D110 MDC V.92 Modem (Version:  - )
Corel Paint Shop Pro Photo XI (Version: 11.003.0000 - Corel Inc)
Corel Snapfire Plus (Version: 1.003.0000 - Corel)
Dell Resource CD (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (Version: 2.2.09085 - Dell)
Dell System Customization Wizard (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (Version: 4.102.15.57 - Dell Inc.)
DellSupport (Version: 6.0.3030 - Dell)
Digital Line Detect (Version: 1.21 - BVRP Software, Inc)
Documentation & Support Launcher (Version: 1.00.0000 - Dell Inc.)
EarthLink Setup Files (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
EPSON Artisan 730 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
Epson Connect (Version:  - )
Epson Customer Participation (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (Version: 2.05.00 - SEIKO EPSON CORPORATION)
EPSON Scan (Version:  - Seiko Epson Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
Games, Music, & Photos Launcher (Version: 1.00.0000 - Dell Inc.)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Desktop (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Internet Service Offers Launcher (Version: 1.00.0000 - Dell Inc.)
iTunes (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (Version: 6.0.240 - Oracle)
Java 7 Update 5 (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.53 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5 - Symantec Corporation)
LTCM Client (Version: 1.20.3792 - Leader Technologies Inc)
MediaDirect (Version: 4.7 - Dell)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (Version: 1.0.17.8 - Dell)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (Version: 2.5.41 - BVRP Software, Inc)
Norton AntiVirus (Version: 14.1.0.27 - Symantec Corporation) Hidden
Norton Confidential Browser Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (Version: 10.1.0.26 - Symantec Corporation)
Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 10.1.0.26 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.1.2.11 - Symantec Corporation) Hidden
NVIDIA Drivers (Version:  - )
OutlookAddinSetup (Version: 1.0.0 - CyberLink)
Privacy Mantra 2.06 (Version:  - )
QuickSet (Version: 7.2.11 - Dell Inc.)
QuickTime (Version: 7.71.80.42 - Apple Inc.)
Roxio Creator Audio (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (Version: 3.3.0 - Roxio)
Roxio Creator Copy (Version: 3.3.0 - Roxio)
Roxio Creator Data (Version: 3.3.0 - Roxio)
Roxio Creator DE (Version: 3.3.0 - Roxio)
Roxio Creator Tools (Version: 3.3.0 - Roxio)
Roxio Express Labeler (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (Version: 3.0.0 - Roxio)
SigmaTel Audio (Version: 5.10.5102.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SPBBC 32bit (Version: 3.1.1.4 - Symantec Corporation) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Symantec Real Time Storage Protection Component (Version: 10.1.5.4 - Symantec Corporation) Hidden
SymNet (Version: 7.1.0.27 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (Version: 9.0.1.3 - Synaptics)
Tenda Wireless LAN Card (Version: 1.5.12.0 - Tenda)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
URL Assistant (Version:  - )
User's Guides (Version:  - )
Virtual Account Numbers (Version: 1.0.6.0 - Citi) Hidden
Virtual Account Numbers (Version: 3.8.0.0 - Citi)
Yahoo! Install Manager (Version:  - )
Yahoo! Toolbar (Version:  - )
ZipDownloader (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {366DE781-755A-42DA-9156-B151A301B5AC} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3CA3ECED-475B-4952-B99F-2DF6451059C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {52986707-4AD9-4B4F-92E2-5AA976545C04} - System32\Tasks\Norton Internet Security - Run Full System Scan - Gerry => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2006-12-03] (Symantec Corporation)
Task: {58587894-2AE1-4EFA-BD81-C90239F6FFE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-19] (Google Inc.)
Task: {6AAEB4C3-4D8D-44B7-B530-9F2404DFBCE8} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {6F3AA5D8-741E-4399-9D0D-D876909A331D} - System32\Tasks\Microsoft\Windows\RestartManager\{90424D66-2E1F-48bc-ABCD-7E6740CDAD6B} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {BC100217-0A6D-4089-BC6C-8BC604492CE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {D3C93726-6116-40D3-9D75-6FFC51DBAB90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-19] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {FE29F158-3D26-493B-AE86-00CBE16B1766} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Gerry.job => C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

==================== Loaded Modules (whitelisted) =============

2007-05-18 11:27 - 2006-11-27 17:55 - 00065536 _____ () C:\Windows\system32\bcmwlrmt.dll
2006-11-08 19:47 - 2006-11-08 19:47 - 00091680 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2007-05-18 11:27 - 2006-11-27 17:55 - 00065536 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-05-05 06:28 - 2012-12-06 13:38 - 00039424 _____ () C:\Program Files\Virtual Account Numbers\VANRes.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-29 21:27 - 2011-05-04 19:53 - 01058664 _____ () C:\Program Files\Tenda\Common\RaWLAPI.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #11
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #18
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #12
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #26
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 1747 has occurred.

The authentication service is unknown.


==================== Memory info ===========================

Percentage of memory in use: 82%
Total physical RAM: 1021.71 MB
Available physical RAM: 173.75 MB
Total Pagefile: 2305.73 MB
Available Pagefile: 972.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:137 GB) (Free:0.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.46 GB) NTFS
Drive f: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 58000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=137 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 121 MB) (Disk ID: 00000000)

 

 

Farbar Service Scanner Version: 02-02-2014
Ran by Gerry (administrator) on 11-02-2014 at 01:40:04
Running from "F:\"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

  Please, let me know how to proceed.  Thank you for your help.  Gerry

Link to post
Share on other sites

Hiya Gerry,

 

I see references to Combofix, did you run that tool yourself?

 

Ok do the following, again you will need the use of the spare PC and USB to transfer tools to the Laptop Desktop...

 

Download attached fixlist.txt file and transfer it to the Laptop Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

When FRST fix completes re-boot and see if the connection is restored.

 

If the connection is restored d/l and run ESET service repair tool, if the connection is not restored transfer with USB...

 

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save and Transfer it to your Laptop Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Whatever happens post fresh logs from FRST and FSS...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Kevin,

 

Thanks for the help.  Followed your instructions with some success.  I still have some issues but the laptop is now accessing the internet.  I've been running around all day and won't be home until after midnight.  Will post the logs you requested and update you on how things went either real late tonight or tomorrow.

 

Once again, thanks for the help.  You guys are amazing.

 

Gerry

Link to post
Share on other sites

Keven,

 

I'm finally back home.

 

No, I did not run Combofix on my laptop.  I had the program on there when I used it to fix a problem on my desktop and transferred it to the memory stick.

 

I ran all your instructions from the desktop to the memory stick and then to the laptop. 

 

I was able to restore the connection to the internet after FRST fix.  The computer did not reboot by itself but locked up.  When I shut it down and restarted the connection was there and my wifi worked.

 

I tried to run ESET repair tool from the laptop but it gave me an error message and would not run.  I was able to run ESET from the memory stick.

 

Attached are the log files that you requested.  I hope this is what you need.  I have some other issues with the computer that I have listed after the log files.  Perhaps some of these will be addressed after reviewing the logs. 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by Gerry at 2014-02-11 11:18:43 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION.
cmd: netsh winsock reset
C:\Users\Gerry\AppData\Local\Temp\air3742.exe
C:\Users\Gerry\AppData\Local\Temp\_is12F8.exe
End
*****************

Winsock: Missing Catalog9 entry, broken internet access. <===== ATTENTION. => Winsock will be renumbered.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Users\Gerry\AppData\Local\Temp\air3742.exe => Moved successfully.
C:\Users\Gerry\AppData\Local\Temp\_is12F8.exe => Moved successfully.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by Gerry (administrator) on GERRY-PC on 11-02-2014 12:39:20
Running from F:\
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Ralink Technology, Corp.) C:\Program Files\Tenda\Common\RaRegistry.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files\Virtual Account Numbers\CitiVAN.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Orbiscom Ltd. All rights reserved.) C:\Program Files\Virtual Account Numbers\CitiVAN.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Codeode) C:\Program Files\Privacy Mantra 2.06\privacymantra.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Tenda Technology, Corp.) C:\Program Files\Tenda\Common\RaUI.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Orbiscom Ltd.) C:\Windows\System32\OBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-17] (Synaptics, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [1540096 2006-11-27] (Dell Inc.)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115816 2007-01-09] (Symantec Corporation)
HKLM\...\Run: [osCheck] - C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-12-03] (Symantec Corporation)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
HKLM\...\Run: [ECenter] - c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2006-10-13] (CyberLink Corp.)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-10-09] ( )
HKLM\...\Run: [symantec PIF AlertEng] - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
HKLM\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [Citi Virtual Account Numbers] - C:\Program Files\Virtual Account Numbers\CitiVAN.exe [398336 2013-03-04] (Orbiscom Ltd. All rights reserved.)
HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7766016 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-12-13] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LTCM Client] - C:\Program Files\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM\...\Run: [Virtual Account Numbers] - C:\Program Files\Virtual Account Numbers\CitiVAN.exe [398336 2013-03-04] (Orbiscom Ltd. All rights reserved.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [sigmatelSysTrayApp] - C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [com.codeode.privacymantra] - C:\Program Files\Privacy Mantra 2.06\privacymantra.exe [958464 2009-03-28] (Codeode)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\Run: [EPSON Artisan 730 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHQA.EXE [212480 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-741311009-463962571-1667769170-1000\...\MountPoints2: {310b2ed7-055a-11dc-874d-806e6f6e6963} - E:\setup.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-30] (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.yahoo.com/?mkg=015
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://us-mg5.mail.yahoo.com/neo/launch?.rand=ad7ht97j05r2a&ufb=1#
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {40F38155-8BD8-427B-A34B-0822F8E97B2F} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=TV5rS-jBhYHunMV-RTNYkijycqE?q={searchTerms}
SearchScopes: HKCU - {FA7F210E-96FF-4B04-B8DE-EA3139D63B8C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
SearchScopes: HKCU - {FB26DAB2-02C2-41A2-8428-B030E36FAB51} URL = http://www.flickr.com/search/?q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Virtual Account Numbers Helper - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO: No Name - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation)
BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll No File
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Wallet) - C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

========================== Services (Whitelisted) =================

R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554616 2007-05-11] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-12-03] (Symantec Corporation)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-12-03] (Symantec Corporation)
R3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2983544 2007-05-11] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108648 2007-01-09] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2007-11-28] (Symantec Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] ()
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1252232 2007-11-02] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-12-03] (Symantec Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1716224 2006-11-27] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-13] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20140115.001\IDSvix86.sys [287792 2013-09-17] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1168960 2011-11-10] (Ralink Technology Corp.)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-12-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247608 2007-03-27] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [276792 2007-03-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25400 2007-03-27] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11792 2006-12-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2007-05-30] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [144784 2006-12-03] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [38928 2006-12-03] (Symantec Corporation)
R0 symlcbrd; C:\Windows\System32\drivers\symlcbrd.sys [10344 2013-12-14] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [37008 2006-12-03] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-12-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-12-03] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog32.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070623.007\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070623.007\NAVEX15.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 12:17 - 2014-02-11 12:17 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-02-11 11:50 - 2014-02-11 12:05 - 00691486 _____ () C:\Users\Gerry\Downloads\ServicesRepair (1).exe
2014-02-11 11:49 - 2014-02-11 12:05 - 04009167 _____ () C:\Users\Gerry\Downloads\ServicesRepair.exe
2014-02-11 01:25 - 2014-02-11 12:39 - 00000000 ____D () C:\FRST
2014-02-09 19:17 - 2014-02-09 19:17 - 00000000 ____D () C:\Qoobox
2014-02-08 12:23 - 2014-02-08 12:23 - 00000490 _____ () C:\Users\Gerry\Documents - Shortcut.lnk
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setupact.log
2014-01-29 21:28 - 2014-01-29 21:28 - 00000000 ____D () C:\ProgramData\Ralink
2014-01-29 21:27 - 2014-01-29 21:27 - 00001465 _____ () C:\Users\Public\Desktop\Tenda Wireless Utility.lnk
2014-01-29 21:25 - 2014-01-29 22:18 - 00008091 _____ () C:\Windows\system32\RaCoInst.log
2014-01-29 21:16 - 2014-01-29 21:16 - 00000000 ____D () C:\ProgramData\Tenda Driver
2014-01-29 21:16 - 2011-11-10 17:11 - 01168960 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28u.sys
2014-01-29 21:16 - 2011-11-10 16:55 - 00238944 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInst.dll
2014-01-29 21:16 - 2011-11-10 16:55 - 00014119 _____ () C:\Windows\system32\RaCoInst.dat
2014-01-29 21:15 - 2014-01-29 21:16 - 00000000 ____D () C:\Program Files\Cisco
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Tenda
2014-01-29 21:15 - 2011-09-16 16:19 - 00000450 _____ () C:\Windows\system32\DiagFunc.ini
2014-01-29 21:15 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2014-01-29 21:15 - 2011-05-04 13:54 - 00802880 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2014-01-29 21:15 - 2010-07-01 17:45 - 00119648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2014-01-29 21:15 - 2010-06-29 10:34 - 00480608 _____ () C:\Windows\system32\DiagFunc.dll
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Windows\system32\vmm32
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Accessories
2014-01-20 12:24 - 2014-01-20 12:24 - 01286627 _____ () C:\Users\Gerry\Downloads\Unconfirmed 135194.crdownload
2014-01-18 09:46 - 2014-01-18 09:46 - 00000206 _____ () C:\Users\Gerry\CD Drive - Shortcut.lnk
2014-01-14 14:54 - 2014-01-14 14:57 - 00009743 _____ () C:\Users\Gerry\Downloads\Owner_Statement_Simple.xlsx

==================== One Month Modified Files and Folders =======

2014-02-11 12:39 - 2014-02-11 01:25 - 00000000 ____D () C:\FRST
2014-02-11 12:38 - 2007-05-18 11:13 - 01366396 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 12:29 - 2011-12-19 09:49 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 12:29 - 2007-05-18 11:50 - 00000000 ____D () C:\MDT
2014-02-11 12:28 - 2007-05-27 18:49 - 00013025 _____ () C:\Users\Gerry\AppData\Roaming\nvModes.001
2014-02-11 12:25 - 2013-01-21 10:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 12:25 - 2011-12-19 09:48 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 12:25 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 12:25 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 12:25 - 2006-11-02 07:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 12:17 - 2014-02-11 12:17 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2014-02-11 12:13 - 2013-01-21 10:55 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-11 12:13 - 2013-01-21 10:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-11 12:05 - 2014-02-11 11:50 - 00691486 _____ () C:\Users\Gerry\Downloads\ServicesRepair (1).exe
2014-02-11 12:05 - 2014-02-11 11:49 - 04009167 _____ () C:\Users\Gerry\Downloads\ServicesRepair.exe
2014-02-11 01:24 - 2006-11-02 05:33 - 00703404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-09 19:17 - 2014-02-09 19:17 - 00000000 ____D () C:\Qoobox
2014-02-09 18:35 - 2009-04-05 23:40 - 00001356 _____ () C:\Users\Gerry\AppData\Local\d3d9caps.dat
2014-02-08 12:23 - 2014-02-08 12:23 - 00000490 _____ () C:\Users\Gerry\Documents - Shortcut.lnk
2014-02-08 12:23 - 2007-05-24 23:23 - 00000000 ____D () C:\Users\Gerry
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-08 09:47 - 2014-02-08 09:47 - 00000000 _____ () C:\Windows\setupact.log
2014-01-31 10:51 - 2007-05-26 00:16 - 00013025 _____ () C:\Users\Gerry\AppData\Roaming\nvModes.dat
2014-01-30 08:57 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-01-29 22:18 - 2014-01-29 21:25 - 00008091 _____ () C:\Windows\system32\RaCoInst.log
2014-01-29 21:28 - 2014-01-29 21:28 - 00000000 ____D () C:\ProgramData\Ralink
2014-01-29 21:27 - 2014-01-29 21:27 - 00001465 _____ () C:\Users\Public\Desktop\Tenda Wireless Utility.lnk
2014-01-29 21:16 - 2014-01-29 21:16 - 00000000 ____D () C:\ProgramData\Tenda Driver
2014-01-29 21:16 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Cisco
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Windows\system32\RaLanguages
2014-01-29 21:15 - 2014-01-29 21:15 - 00000000 ____D () C:\Program Files\Tenda
2014-01-29 21:15 - 2007-05-18 11:27 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Windows\system32\vmm32
2014-01-24 14:36 - 2014-01-24 14:36 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Accessories
2014-01-24 14:36 - 2007-05-18 11:27 - 00000000 ____D () C:\Program Files\Dell
2014-01-24 13:55 - 2007-06-08 06:06 - 00000000 ____D () C:\Users\Gerry\AppData\Roaming\Corel
2014-01-22 17:52 - 2007-05-18 11:58 - 00059666 _____ () C:\Windows\PFRO.log
2014-01-20 12:24 - 2014-01-20 12:24 - 01286627 _____ () C:\Users\Gerry\Downloads\Unconfirmed 135194.crdownload
2014-01-18 14:50 - 2011-12-19 09:54 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-18 14:34 - 2007-05-25 20:32 - 00000488 _____ () C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Gerry.job
2014-01-18 10:15 - 2007-05-24 23:28 - 00041472 _____ () C:\Users\Gerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-18 09:46 - 2014-01-18 09:46 - 00000206 _____ () C:\Users\Gerry\CD Drive - Shortcut.lnk
2014-01-17 11:11 - 2006-11-02 08:01 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-16 03:20 - 2013-07-30 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:10 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 14:57 - 2014-01-14 14:54 - 00009743 _____ () C:\Users\Gerry\Downloads\Owner_Statement_Simple.xlsx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-11 12:32

==================== End Of Log ============================

Farbar Service Scanner Version: 02-02-2014
Ran by Gerry (administrator) on 11-02-2014 at 12:44:38
Running from "F:\"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

Kevin,

 

Some other issues:

 

Still getting the error from Norton Symantec. - "Auto-protect unexpected error- X000003E8"

When I try to free up space on my laptop with disk cleanup it stalls,  Says:  "Scanning: system error memory dump files."

I get a Pop Up tells me to check my computer security settings.

My computer is pretty slow and takes a long time to boot up.  What's the best way to save files to another hard drive or storage source?  Are there programs that I should remove from my computer that are prone to a virus?  Will this speed up my computer?

As I recall, I had  a hibernate function on my Vista start menu but now I only have a sleep mode.  Did an update occur which eliminated this function? 

 

 

I appreciate all your help and await further instructions.  Thanks again, Gerry

Link to post
Share on other sites

The connection fix was done by FRST rebuilding the winsock, a re-boot was required to complete. As the system locked and you did the re-boot manually the fix was completed, hence a connection...

 

Do the following:

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

Kevin,

 

I looked at all the programs that were installed on my laptop and did not find Combofix.  Perhaps, it showed up on the log because it was on the memory stick.

 

I downloaded Combofix to my desktop.  Somehow, I downloaded it twice.  Went into remove programs and tryed to remove one of the copies, it wasn't there.  I sent onc of the copies to the desktop.

 

I tryed to disable my Norton Internet Security but have little success. On the Norton Protection Center status  there is a red x next to Virus protection, spyware definitions and protection update.  There is a green check mark next to inbound firewall and the other items. I'm unable to disable the inbound firewall.    I went to the Connecting to the Internet tab and noticed that  a red x appeared next to  the "Advanced Firewall."  Green check mark appears next to the other items.

 

The Norton subscription is out of date.  A red x appears over the yellow icon on the menu bar.  Should I just uninstall it from my computer?  I'm thinking of installing another virus program like AVG.

 

Also, should I shut off the Windows firewall before running Combofix.  How long does it stay off?

 

Do I have to shut down any of these  programs:

CCleaner

Privacy mantra

Live Updates from Symantec

 

Let me know how to proceed.  Don't want to run Combofix until I'm sure I have all virus protection off.

 

Thanks again,   Gerry

Link to post
Share on other sites

If Norton is outdated probably best option is to remove it altogether before running Combofix. An uninstall tool is available here: https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us;jsessionid=75199E0DC2D3EC79EB09E116A8D5298A.4?pvid=f-ho  The other tools you post will not affect CF...

Link to post
Share on other sites

Use the "more reply options" tab under the main reply box. A new reply box will open, under that box is the "Attach Files" options, use "Browse" to find the log file, should be here C:\Combofix.txt make sure to use the "Attach this File" tab to attach the file to your reply....

 

 

Kevin

Link to post
Share on other sites

Kevin,

 

Attached is the ComboFix.txt.

 

So far, I'm still using Chrome as my default browser.  Don't know if auto run was turned off after running Combofix.  I don't have a problem turning on manually, as long as they work.  Please, let me know what virus protection to put on the laptop to protect it once you etermine it is running clean. 

 

I'll await further instructions.  Sorry for the delay.  Thanks  Gerry

ComboFix.txt

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Kevin,

 

I closed my browsers and opened notepad.  I typed in ClearJavaCache:: and saved it to CFScript.txt as pictured.  I dragged this file to the Combofix shortcut on my desktop.  It then ran another scan and generated another Combofix log.  I'm not sure I did this correctly. 

 

Was there something else I should have done.  I didn't see any green install type lines when I dragged the CFScript.txt file to the cat icon on my desktop.  I have to run some errands for the next couple hours.  I'll run the scan from ESET when I get back.  Let me know if it sounds like the log that was generated cleared the Java cache.  Thanks   Gerry

Link to post
Share on other sites

Kevin,

 

Here are the CF and ESET logs.  When I ran ESET it never gave me an option "to make sure that the option remove found threats is unticked" or any of the other options.  It just began scanning.  Took about an hour and a half to complete.  Found the two threats.

 

Let me know if this looks right to you and how to proceed.   Also, would like to know what actually caused this problem and what virus protection program would be good.  I heard both AVG and avast were good.  What browser would you recommend?

 

Thanks again.  Await your instructions.   Gerry

ESET SCAN.txt

ComboFix.txt

Link to post
Share on other sites

Kevin:

 

I can not get the file to attach to this reply.  I search for the C:/ComboFix.txt file and the revised  ComboFix log  shows up in ComboFix - Notepad.  I can't find this file anywhere else on my computer.   When I try to save the notepad file to my computer it says that it already exists and do you want to replace.  I click yes, and it says, "C:\ComboFix.txt file - Make sure that the path and file name are correct."

 

I don't know how to get this notepad file to save to my computer and attach the file to the reply.  I know I'm doing something wrong.  Sorry for the delay.

Thanks

Gerry

Link to post
Share on other sites

The computer seems to be running faster and working fine.  It use to lock up quite a bit.  There appears to be more security pop ups when using the internet.  Is this because I'm using IE as my browser or will these appear if I use Chrome?

 

What was the virus or trojan that exactly blocked my internet connection and slowed down my computer?

 

I'm concerned that I need to have a virus protection program on the computer to protect it from malware, viruses and trojans.  I heard that AVG and avast were good and could be downloaded for free.  As of now, I think I only have Windows Defender?  Is my computer vulnerable to trojans and things?  What do you recommend?

 

I'm currently using Chrome as my browser.  Is one browser or another more prone to malware attacks?  What do you recommend?

 

Also, my hard drive is almost full and I'm planning on backing it up to free up space. Is this why my computer was running slow or was it because of some type of virus or infection?  It seems to be much more responsive.

 

Last, I noticed about 2 months ago that I no longer had the hibernate function on my start menu, just sleep.  Was there an update that removed this from Vista?

 

Please provide me with any procedures or recommendations to keep my computer running smoothly.  Is there a security scan that I should do periodically? 

 

I appreciate all your help  Thank you very much!

Gerry

Link to post
Share on other sites

My computer appears to be working fine.  I seems to be working a bit faster and not locking up.  I am getting more security popups before directed to another site when browsing the internet.

 

What virus actually caused my computer to lose connection to the internet and run so slowly?

 

I have Windows Defender on my computer but do not have a virus protection program.  I have heard that AVG and avast are good anti virus programs that can be downloaded for free.  What do you recommend?  Is there a periodic scan that I should do to prevent and check for Malware?

 

What browser do you recommend?  Is Chrome or Firefox safer than Internet Explorer?

 

I noticed about 2 months ago that "hibernate" was no longer on my start menu just "sleep."  Was this changed by an update?

 

My C Hard drive is almost full.  Is this what caused my computer to run slow and lock up, or was it some type of virus.  It seems to be working fine now.

I know that I have too many questions but I really appreciate your help and want to make sure that my laptop continues to perform like it appears to be doing now.

 

Thanks for all your help.

Gerry

Link to post
Share on other sites

Yep one or two questions for me to answer...

 

Hard drive space, In order for Windows to operate normally and efficiently there must be a minimum of 15% free space available, any less will cause problems.... You have major issues and must create some free space on C:\ drive ASAP....

 

Internet connection, That was lost due to a damaged Winsock, there can be several reasons for that. Infection/malware or could be damaged during malware/infection removal. read at the following link for information: http://en.wikipedia.org/wiki/Winsock

 

Hibernation, Go to following link for fix instructions: http://www.howtogeek.com/howto/windows-vista/re-enable-hibernate-option-in-windows-vista/

 

Regarding security, yes an AV program and FW are absolutely essential. Windows Defender for Vista does not have an AV component.... I give my set up for Windows 7,  this is the same for Vista...

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

 

I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above..

 

To clean up do the following:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know what issues/concerns remain....

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Kevin,

 

I saved FRST on both the memory stick, F: Drive and see the file on my laptop at the (OS)C:\FRST location on the computer.  There are three folders  (Hives, Logs, and Quarantine). 

I searched my laptop but did not see any fixlist.txt files.  I believe these are on the memory stick, F:Drive.  Should I just proceed and attach fixlist.txt to the location on the C Drive where FRST is located and then proceed in that the fixlist.txt files are on the memory stick?

 

i assume that all this can be done before I download any of the AV programs that you recommend and that should be done after running Delfix.

 

Also, mystereously I noticed that my C Hard Drive has 92 or 136 GB free.  I seem to still have all the pictures and downloads that were on my computer previously.  How did so much space appear?

Link to post
Share on other sites

C:\FRST is actually the folder related to the tool FRST.exe, do not do anything with the folder for now.

 

The instructions I gave are to remove FRST.exe and its Folder, before we do that the Quarantine folder which resides in C:\FRST has to be removed using FRST.exe.

 

So the script I compiled and attached to my last reply has to be saved to the same place as the tool FRST, do not save it in the folder of the same name.

 

As you have FRST.exe saved to your USB stick named as F:\ then the file that was attached to my last reply fixlist.txt must be save in the same place.... F:\  Obviously the USB stick has to be plugged in and active.

 

Then run the instructions as I posted in my last reply....

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.