Jump to content

rosebria

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by rosebria

  1. Hello TwinHeadedEagle, Your latest fixlist.txt did the trick! We are back up and running. Great work and thank you very much. I have attached the fixlog.txt. Let me know any questions or concerns. Thanks again for all of your time, effort, and support. Fixlog.txt
  2. Attached. Thanks for the continued support. Addition.txt FRST.txt mbar-log-2014-12-15 (20-54-19).txt system-log.txt
  3. It reverts back to unselected. I tried selecting that option and unselecting the Proxy server, and they both revert back.
  4. Please see attached, let me know if there was something else for which you were looking.
  5. Hello - Thanks for the quick feedback and instruction. Please see attached for the Fixlog.txt file. Unfortunately still not able to use Chrome or Explorer after system reboot. Fixlog.txt
  6. Hello TwinHeadedEagle, Thanks for the reply and information. Apologies for copying and pasting, the assistant in the other thread said to do so. I have attached all of the files available, including the following: - FRST.txt from 13 December - Addition.txt from 13 December - CheckResults.txt from 13 December - MBAM Scan from 13 December, after reinstalled - **The 3 PUPs have since been quarantined - Fixlog from my original FRST and Addition scans and ouptuts, with 3 lines that were marked as 'Attention' Thanks again for your time and assistance. Addition.txt CheckResults.txt Fixlog_12-12-2014_13-42-45.txt FRST.txt MBAM Scan 12-12-2014.txt
  7. Hello, After initially posting in the Malwarebytes Anti-Malware Help forum for what I thought was a MBAM issue, the user expert assisted me with a few options and finally requested I post in this forum. The post is linked as follows: https://forums.malwarebytes.org/index.php?/topic/162189-proxy-server-isnt-responding-1270018800/ The history is as follows: I am new to the forum. I have had MBAM on my other PC for years with nothing but success. I recently loaded it onto my wife's laptop when she was having some popups, and as soon as we ran a scan, she lost use of Chrome and Explorer. My wife and I believe the popups and ads began when my wife tried installing Firefox. She never got it installed though. Thats when I installed MBAM to attempt to fix the issues, and now here we are. So she only has Chrome and Explorer available, and neither work. The error message from Explorer is "The proxy server isnt responding; Check your proxy settings127.0.0.1:8800." What happened after installation and running the first scan? The Proxy server box in LAN settings remains checked, even after unchecking it. My research indicates we are not the only one to have this issue, but unfortunately, I cannot find a firm solution. I did find that FarBar FRST tool seemed to be the tool of choice, so after loading it onto the laptop, I cleaned up a few items from the Addition.txt file that had 'Attention' next to them, but it unfortunately did not do anything for restored internet access. I also uninstalled MBAM. After some direciton from the user expert in the other forum, I cleaned and reinstalled MBAM, ran a scan, and found 3 PUPs which were removed. One of the items was "PastaQuote" PUP, which I believe I have seen attached to this issue in my research. However, after removed, still no use of Chrome or Explorer. I was then instructed to install the latest version of FRST and run a scan, and when I did, I noticed two interesting lines under the Internet heading: ProxyEnable: [HKLM] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800 These seem to be related to the Explorer error message I am getting. Anyway, it was requested in the other forum that I post my issue in this forum, and copy and paste the FRST.txt and Addition.txt output here, so please see the following: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014 Ran by srose (administrator) on PC35 on 13-12-2014 13:11:47 Running from C:\Users\srose\Desktop Loaded Profile: srose (Available profiles: srose & duke) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-02-27] (Alps Electric Co., Ltd.) HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKU\S-1-5-21-1264868995-123404291-3723747117-1272\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-1264868995-123404291-3723747117-1272\...\RunOnce: [Adobe Speed Launcher] => 1418494046 HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-06] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [HKLM] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800 HKU\S-1-5-21-1264868995-123404291-3723747117-1272\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\srose\AppData\Roaming\Mozilla\Firefox\Profiles\yqi9i3pf.default FF DefaultSearchEngine: Bing FF SelectedSearchEngine: Bing FF SearchEngineOrder.3: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP|https://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1264868995-123404291-3723747117-1272: @citrixonline.com/appdetectorplugin -> C:\Users\srose\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Users\srose\AppData\Roaming\Mozilla\Firefox\Profiles\yqi9i3pf.default\searchplugins\bingp.xml FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] Chrome: ======= CHR Profile: C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15] CHR Extension: (Google Drive) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15] CHR Extension: (YouTube) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15] CHR Extension: (Google Search) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15] CHR Extension: (Google Wallet) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-15] CHR Extension: (Gmail) - C:\Users\srose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2014-08-12] (Juniper Networks, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182584 2014-10-17] (AVG Technologies CZ, s.r.o.) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-10-28] (Juniper Networks) R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.) R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 13:11 - 2014-12-13 13:09 - 01111552 _____ (Farbar) C:\Users\srose\Desktop\FRST.exe 2014-12-13 11:35 - 2014-12-13 11:35 - 00028665 _____ () C:\Users\srose\Desktop\CheckResults.txt 2014-12-13 11:35 - 2014-12-13 10:36 - 01682416 _____ (Malwarebytes Corporation) C:\Users\srose\Desktop\mbam-check-2.1.1.1001.exe 2014-12-13 10:28 - 2014-12-13 10:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-13 10:28 - 2014-12-13 10:28 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-13 10:28 - 2014-12-13 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-13 10:28 - 2014-12-13 10:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-13 10:28 - 2014-12-13 10:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-12-13 10:28 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-13 10:28 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-13 10:28 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-13 10:27 - 2014-12-13 10:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\srose\Desktop\mbam-setup-2.0.4.1028.exe 2014-12-13 10:15 - 2014-12-13 10:12 - 00321848 _____ (Malwarebytes Corporation) C:\Users\srose\Desktop\mbam-clean-2.1.1.1001.exe 2014-12-12 13:01 - 2014-12-13 13:12 - 00011304 _____ () C:\Users\srose\Desktop\FRST.txt 2014-12-12 13:01 - 2014-12-12 17:26 - 00019234 _____ () C:\Users\srose\Desktop\Addition.txt 2014-12-12 10:42 - 2014-12-12 10:42 - 00000256 _____ () C:\DelFix.txt 2014-12-12 10:42 - 2014-12-12 10:42 - 00000000 ____D () C:\Windows\ERUNT 2014-12-12 10:39 - 2014-12-12 10:34 - 00709564 _____ () C:\Users\srose\Desktop\delfix_10.8.exe 2014-12-09 14:15 - 2014-12-09 14:15 - 00000000 ____D () C:\46bb64fc341001b080c3b9405d84e8 2014-12-09 14:13 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-09 14:13 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-09 14:13 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-09 14:13 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-09 14:13 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-09 14:13 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-11-28 12:39 - 2014-12-13 13:11 - 00000000 ____D () C:\FRST 2014-11-28 11:42 - 2014-11-28 11:42 - 00000000 __SHD () C:\Users\srose\AppData\Local\EmieBrowserModeList 2014-11-18 15:17 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-18 15:17 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-17 20:44 - 2014-11-17 20:44 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\srose\Downloads\mbam-setup-2.0.3.1025.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-13 13:10 - 2013-12-06 09:31 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-13 13:10 - 2013-12-06 09:28 - 01455380 _____ () C:\Windows\WindowsUpdate.log 2014-12-13 13:08 - 2014-08-24 19:27 - 00000000 ____D () C:\Users\srose\AppData\Roaming\Skype 2014-12-13 13:06 - 2014-07-15 09:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-13 13:06 - 2013-12-06 11:17 - 00122468 _____ () C:\Windows\PFRO.log 2014-12-13 13:06 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-13 13:06 - 2009-07-13 23:39 - 00057358 _____ () C:\Windows\setupact.log 2014-12-13 13:04 - 2014-07-21 12:29 - 00000562 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-1272.job 2014-12-13 13:04 - 2014-07-15 10:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-13 13:04 - 2014-07-15 09:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-13 12:15 - 2014-03-18 09:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-2147.job 2014-12-13 10:24 - 2009-07-13 23:34 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-13 10:24 - 2009-07-13 23:34 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-13 10:11 - 2013-12-07 07:54 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-12 12:59 - 2013-12-07 08:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-12 12:59 - 2013-12-07 08:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-12 10:29 - 2013-12-07 07:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 14:15 - 2013-12-06 09:39 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 14:15 - 2013-12-06 09:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-09 14:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-09 14:06 - 2014-07-15 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-12-09 14:06 - 2014-07-15 09:07 - 00000000 ____D () C:\Users\srose 2014-12-09 14:06 - 2009-07-14 02:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-12-09 14:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration 2014-12-09 14:05 - 2014-07-15 10:42 - 00000000 ____D () C:\Users\srose\Desktop\House 2014-12-09 13:29 - 2014-07-15 09:18 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-28 15:41 - 2014-07-15 09:32 - 00000000 ____D () C:\Users\srose\Outlook 2014-11-20 18:56 - 2014-07-15 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-17 22:03 - 2013-12-07 07:45 - 00000000 ____D () C:\Windows\PCHEALTH 2014-11-17 22:02 - 2014-10-17 10:27 - 00000000 ____D () C:\ProgramData\Systweak 2014-11-17 22:02 - 2014-10-17 10:26 - 00000000 ____D () C:\Users\srose\AppData\Roaming\Systweak 2014-11-17 22:01 - 2014-07-15 09:20 - 00000000 ____D () C:\Users\srose\Desktop\Baby 2014-11-17 21:27 - 2014-11-03 21:04 - 00000000 ____D () C:\Users\srose\Desktop\Sabrina Newborn 2014-11-14 14:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache 2014-11-14 13:02 - 2014-07-15 09:29 - 00084968 _____ () C:\Users\srose\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-14 13:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-14 12:54 - 2009-07-13 23:33 - 00331832 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 12:53 - 2014-07-15 10:13 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-14 12:37 - 2013-12-07 07:42 - 00000000 ____D () C:\ProgramData\Microsoft Help Some content of TEMP: ==================== C:\Users\duke\AppData\Local\Temp\ose00000.exe C:\Users\hpikula\AppData\Local\Temp\dsHostCheckerSetup.exe C:\Users\srose\AppData\Local\Temp\dsHostCheckerSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-13 12:04 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014 Ran by srose at 2014-12-13 13:12:26 Running from C:\Users\srose\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies) AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.4235 - AVG Technologies) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix) Citrix Online Launcher (HKLM\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.104 - ALPS ELECTRIC CO., LTD.) Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden GoToMeeting 7.0.3.1963 (HKU\S-1-5-21-1264868995-123404291-3723747117-1272\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline) iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.) Juniper Networks Host Checker (HKU\S-1-5-21-1264868995-123404291-3723747117-1272\...\Neoteris_Host_Checker) (Version: 8.0.6.32195 - Juniper Networks) Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.27757 - Juniper Networks) Juniper Networks Network Connect 8.0 (HKLM\...\Juniper Network Connect 8.0) (Version: 8.0.6.32195 - Juniper Networks) Juniper Networks Setup Client (HKU\S-1-5-21-1264868995-123404291-3723747117-1272\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks) Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - ) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1264868995-123404291-3723747117-1272_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\srose\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 16-10-2014 21:59:17 Scheduled Checkpoint 17-10-2014 14:11:58 Windows Update 17-10-2014 15:28:49 Installed Skype™ 6.3 03-11-2014 23:33:58 Scheduled Checkpoint 11-11-2014 14:22:21 Scheduled Checkpoint 14-11-2014 17:17:53 Windows Update 28-11-2014 16:23:01 Windows Update 09-12-2014 19:05:08 Restore Operation 09-12-2014 19:15:32 Windows Update 12-12-2014 15:41:04 Pre-Proxy Error Fix ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2014-10-17 10:18 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {42207D72-236F-4FF5-82BC-C3163E73492D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-1272 => C:\Users\srose\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe [2014-11-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: {978C0940-9A26-4B82-9CA7-ED99AE3E9811} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.) Task: {A1520555-FAF8-4B03-8B1C-FFC2F7035BD4} - System32\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-2147 => C:\Users\hpikula\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe [2014-03-18] (Citrix Online, a division of Citrix Systems, Inc.) Task: {B08FDBC0-7AC5-4741-8C20-D724FBDABE07} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C04A70D0-5843-4765-9980-913EA3AF5EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated) Task: {FFD42E6E-A0F6-470E-B9CD-771028BEE3C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-1272.job => C:\Users\srose\AppData\Local\Citrix\GoToMeeting\1963\g2mupdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264868995-123404291-3723747117-2147.job => C:\Users\hpikula\AppData\Local\Citrix\GoToMeeting\1312\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1792694361-1941163429-1910357514-500 - Administrator - Disabled) duke (S-1-5-21-1792694361-1941163429-1910357514-1000 - Administrator - Enabled) => C:\Users\duke Guest (S-1-5-21-1792694361-1941163429-1910357514-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= Name: Mass Storage Controller Description: Mass Storage Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1310 Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1310 Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7100994 Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7100994 Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7051 Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7051 Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12078300 System errors: ============= Error: (12/13/2014 01:06:58 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: DNPB) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (12/13/2014 01:06:39 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (12/13/2014 01:06:26 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain DNPB due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (12/13/2014 01:05:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (12/13/2014 11:14:24 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/13/2014 11:14:19 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/13/2014 11:14:15 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/13/2014 11:14:07 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/13/2014 11:14:04 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (12/13/2014 11:13:51 AM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Microsoft Office Sessions: ========================= Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1310 Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1310 Error: (12/13/2014 01:04:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7100994 Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7100994 Error: (12/13/2014 10:05:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7051 Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7051 Error: (12/12/2014 11:51:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/12/2014 05:25:16 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12078300 ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T6670 @ 2.20GHz Percentage of memory in use: 49% Total physical RAM: 3032.96 MB Available physical RAM: 1524.02 MB Total Pagefile: 6064.2 MB Available Pagefile: 4353.77 MB Total Virtual: 2047.88 MB Available Virtual: 1907.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:142.22 GB) NTFS Drive e: () (Removable) (Total:1.87 GB) (Free:1.14 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: C1886A77) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 7D3B3FE3) Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06) ==================== End Of Log ============================ ****************************************************************************************************************************************** Is it the LAN settings that are causing our issue, or is it something else? Thanks in advance for your assistance, looking forward to your reply and direction.
  8. Hello 1PW, Answers to your questions are as follows: 1. Not sure? This is my wife's work laptop. 2. This laptop is used at home and for work. Although my wife is on work leave right now, so not using it for work. 3. No. 4. Computer is acting fine, as far as I can see. Just cannot use Chrome or Explorer. 5. This laptop originally started having popups, ads, etc. when my wife tried installing Firefox. She never got it installed though. Thats when I installed MBAM to attempt to fix the issues, and now here we are. So she only has Chrome and Explorer available, and neither work. What am I missing here with your questions? Do you think there is something else causing the internet connectivity issue, or just not sure if we should remove the proxy lines from the registry? Thanks for your continued assistance.
  9. Hello 1PW, Thanks again for the reply and information. The issue is unfortunately still not resolved, even after removing the 3 files detected by MBAM and rebooting. Good call on the out of date FRST. I installed a revision from a flashdrive I downloaded today on another machine. I ran another scan and attached the FRST.txt and Addition.txt. I did notice two interesting lines under the Internet heading: ProxyEnable: [HKLM] => ProxyEnable is set. ProxyServer: [HKLM] => http=127.0.0.1:8800;https=127.0.0.1:8800 Are these of concern? Anway, your further direction is appreciated to get access back. Thanks in advance, again, for your continued time and support. Addition.txt FRST.txt
  10. Hello 1PW, Thanks for the quick reply and direction. I have attached the same FRST.txt and Addition.txt I attached to my original post (after I ran the fixlist), and also included the CheckResults.txt. I could not find the fixlist.txt file, but I have attached the fixlog.txt file to show the 3 files added to the fixlist file. Finally, I followed your instructions of MBAM Clean Removal Process, resinstalled it via a flashdrive, and ran a scan. The scan did pick up 3 "Non-malware items", and I attached the log to this scan also. I assume I should be removing these, but did not want to do any additional removal until I had your instruction. The "PastaQuote" PUP is a name I have seen attached to this sort of issue in my internet research, so this potetially may be the root cause? Anyway, to summarize, I have included the FRST.txt, Addition.txt, CheckResults.txt, my first and only fixlog.txt, and the MBAM scan log. Thanks again for your support, looking forward to your reply and further direction. Addition.txt CheckResults.txt Fixlog_12-12-2014_13-42-45.txt FRST.txt MBAM Scan 12-12-2014.txt
  11. Hello - New to the forum. I have had MBAM on my other PC for years with nothing but success. I recently loaded it onto my wife's laptop when she was having some popups, and as soon as we used it, she lost use of Chrome and Explorer. The error message from Explorer is "The proxy server isnt responding; Check your proxy settings127.0.0.1:8800." What happened after installation and running the first scan? The Proxy server box in LAN settings remains checked, even after unchecking it. My research indicates we are not the only one to have this issue, but unfortunately, I cannot find a firm solution. I did find that FarBar FRST tool seemed to be the tool of choice, so after loading it onto the laptop, I cleaned up a few items from the Addition.txt file that had 'Attention' next to them, but it unfortunately did not do anything for restored internet access. I also uninstalled MBAM. Can someone please assist in what to do here, and what caused this with the MBAM installation? I have attached the latest FRST.txt and Addition.txt. I guess now we need to find the root cause files and create another fixlist.txt, correct? Thanks for your time and support on this issue. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.