Jump to content

Recommended Posts

I'm working on a friends PC. I very competant in computer repair and in software security. Not this time. Friend complains that they can't get to the internet. If I open up Internet Explorer I get "The proxy server isn't responding" error. It list a proxy setting of 127.0.0.1:8800. Chrome behaves similar. I get a "Unable to connect to the proxy server" error.

 

Here is the list of the steps I used so far before I came here:

 

1. Uninstalled Search Protect by Conduit among other questionable programs.

2. Attempted to restore the default proxy settings. I went to the LAN settings in Win7 and unchecked "Use a proxy server for your LAN. This setting would not take.

3. Ran MiniToolBox

4. Installed driver for ethernet adaptor

5, Ran AdwCleaner

6. Ran Junware Removal Tool

7. Ran Malwarebytes

8. Ran HitmanPro

 

After all this I'm still unable to access the internet with the browsers. Can't turn off the proxy server settings. I've done all this before I came here.

Malwarebytes quarantined a bunch of MindSpark files, a PastaQuotes entry, a trojan (Quarantine.exe). HitmanPro was able to quarantine StormWatchApp.exe and FLVPlayer-Chrome.exe.

 

Now, on to what you requested I do. Here is the results of running FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Brenda Williams (administrator) on BRENDAWILLIAMS on 10-02-2015 13:00:23
Running from C:\Users\Brenda Williams\Desktop
Loaded Profiles: Brenda Williams (Available profiles: Brenda Williams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://go.microsoft.com)
00030002(0x00000000, 12:27:51:626 - 0)
00040001(0x00000000, 12:27:51:626 - http://go.microsoft.com)
00040002(0x00000000, 12:27:51:626 - 0, http=127.0.0.1:8800;https=127.0.0.1:8800, <NULL>, <-loopback>)
00040006(0x00000000, 12:27:51:626 - 1, http://go.microsoft.com, http=127.0.0.1:8800;https=127.0.0.1:8800, <-loopback>)
00020005(0x00000000, 12:27:51:626 - 2)
00020007(0x80072EFD, 12:27:52:655)
0002000A(0x00000000, 12:27:52:655 - 3, https=127.0.0.1:8800, <-loopback>)
0002000C(0x00000000, 12:27:52:718 - 302)
0002000E(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 12:27:52:718)
00030001(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com)
00030002(0x00000000, 12:27:52:718 - 0)
00040001(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com)
00040002(0x00000000, 12:27:52:733 - 0, http=127.0.0.1:8800;https=127.0.0.1:8800, <NULL>, <-loopback>)
00040006(0x00000000, 12:27:52:733 - 1, https://validation.sls.microsoft.com, http=127.0.0.1:8800;https=127.0.0.1:8800, <-loopback>)
00020005(0x00000000, 12:27:52:733 - 2)
00020008(0x80072EFD, 12:27:53:763 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7e32b559-78b0-4443-a53f-f8a1ae9c1041</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value><clienttoken><token><name>ClientEvent</name><type>EventType</type><value>0x00000012</value></token><token><name>ADMIN:FirstValidation</name><type>Info</type><value>0</value></token><token><name>ADMIN:MachineId</name><type>Info</type><value>RI5gD7Ri+59DUMTlQAqu8pM4qa6i8MRrJu+AvooO70o=</value></token><token><name>ADMIN:NumberTimesNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:RemainingRearmCount</name><type>Info</type><value>2</value></token><token><name>ADMIN:TimeNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:TotalValidations</name><type>Info</type><value>10</value></token><token><name>ADMIN:UGUID</name><type>Info</type><value>9c78d609-f3da-46ac-8855-54663c8a7a25</value></token><token><name>AUOptionsLocal</name><type>Info</type><value>4</value></token><token><name>ActiveSkuDescription</name><type>Info</type><value>Windows Operating System - Windows® 7, OEM_SLP channel</value></token><token><name>ActiveSkuId</name><type>Info</type><value>d2c04e90-c3dd-4260-b0f3-f845f5d27d64</value></token><token><name>CodeSigning</name><type>Info</type><value>SIGNED_INFO_PRS_SIGNED</value></token><token><name>DomainJoined</name><type>Info</type><value>false</value></token><token><name>EditionId</name><type>Info</type><value>HomePremium</value></token><token><name>HROffline</name><type>Info</type><value>0x00000000</value></token><token><name>OSVersion</name><type>Info</type><value>6.1.7601.2.00010300.1.0.003</value></token><token><name>OemMarkerVersion</name><type>Info</type><value>0x00020001</value></token><token><name>OemTableId</name><type>Info</type><value>TOSINV00</value></token><token><name>OfflineGenuineBlob</name><type>Info</type><value>n6FMKC8lVCq/lFDmn3NlH2/y6pmH124n0LkQEkEsG/p3yIGk1zc1nitghuAHBcRZW/PlLZWEjlgwluJju4sAm+U+j5cf1/2D+tUAeySnLNfOAs7hAmwcbFcTRql+ybBY4GoUuUhPiU+IU04ntes3drsVxqHeJP0ZmIfP0vCtcGw02tUf9aFBTqpRU308QYNzQI35XZe1khvM4curaeTfsfdkq5vV1VPqdF9go2W1CsmWX5wDxxu6hwA1hrNeJgBjwb09PXTJzQ/E7bzYhtivGQU0RLuAId1zgiWTtlrSrdg7DQo9cPzzuvl6VpJ9BHHaoeMSA7ve3GtVZusRRi3RFC4Y4/b7ThFcvmse7AdtLoy4my06CXQlKBpoM3gSDPssHW8qCsEI9EqLUvxPYDHw26IhuN2LuChCTFXMGNvzx1O4b77QMR8Bbdq2iXNInCwMc65hLdWiIPcerUw3RBLOUKjQdsZ4mCC/w3rKGMDWSDSoq72CYaggj9h3giTO8GaBuzGvn6O0rxfoAq9qsrtyp9DG4ADIwfzmDY/KeYG8/LeeJO3AnGf7d8qznbh0+aaQ42Cr5DA064zK/2B2+BGDlynC4rGl5ubM9yV10itH+KhjRhJQVybDX3eOjMRI5BN0VWLU9OMKVmIXrYrjD02pqpz+byyvqS1E2PIO88aWLxqDwB11KrgUJR8WOfhWJ1BAHK1MW3aEFKF9WLYmFgfXH/5TEbh2dwhmznze3XxMyGsYOpXPcx+tQhu/8i/B0FT39J77K9R4Kyv6aoM7u/idbif6yVM4HGJ98U8HexiUwuhk7oTFTtdzwkWVCpGyENYCkJGXhdAiAmT6NvZ+QdrKc9UnplxK1nC0bbo9P0GgyefYCwUVHcFLyCuz+FZezbFrE9NCpiZxt8n7vxv8h/QE1r816u4FZh/xXA4KAiH5jiD9lZUPDwcTKBqhNwdlI6m8SK8SnW5aEXBgNHlzM/KOgpjfRhnXRda1yduRqWDgCyBPy2q5IBo4d7nOg8m+oW1DVf1I3+cQCvysXvhmB5l4yf+R+ru4mzkBme8Vh7cgZEmVyNp3K67ZTzPTZ4AXAIpW77YiF3sDte7sCzIVLSGkfsGFg5ub26e/kxBp21x0NJRKz3okuN/cJz7s6uxf1bgqOowRZHPxa5e3LsQ+Ww8ebdbQ89AUz2farbZf8MH5G3MRfQP79iZfQyODGPoUS0y6fq8Hq1LJWZUxmfsDfTk8uLEabBVFY4QreflkWR2QMfhf76fqM9O3HF4i/V5CKWPdhhzvP/dEUQjlp5Zy1BQfgIovO2x6BDvGIy1U4TqtNd+67FTVswTv6uD/IHD10ZUgUb7KG6B3i36jQdpqcwlirI2W+2tztRlVNwBzua5mw0cbhUZTySCZt0oWKFRUa+8RzgsoLzoqnMd5yitQYbN/OBvP2jpzf81XlPbLL0OtmuGzFdkKDVBJq3Q1ZZbbL6ZHqmta7rswPH4q6Uj2AjMUl+eeezH8X0ui6AEwR7ABYz6kGIoMtjZG+B22s36zyRTbzJn7gLEHMbi1uM6puUAIS8p5Y7bFRrYjn9ybsv75/MoKsCcy2lypVaH5VDau8mSGyGjSyWwzcMfcjN7uZcVPtb6KWXmn9m0kGIXHgIntgN0g6bhSaFMV/2rlKVWleXas7DHWIjiSE4OgU9a9akr3O2fMn8zCtUfFQIVo5t1991oN6R0po7eV0JCB/j0Sz3gfB3S1q97M53j06vz0/gEqSlkJz1tBPcCJzbFoDMG1/api/KtQOmGaeKkhGGTbHMvpRYO6J3epZOLaQ43VJygb7TjVH+dQJ5KznElU6adSGeQAgKkCrIIC7ewN8nUHLv2Im58ucc65xF9agmSqRh4gWwPQ2xJp5o1cYtCD699kD34THkdVdsA8Q98vZbZ0J8hSeSKRoOvgv2lfjzfBXajS2QS8yO18sL1el3FP+vQd2LnIWjW5s9ngh3aoDZ3J8XVFSA7C7AsGZPvgoxjyBxgrHbiQG2W1mPrgEm7Ipiq/o53UdWiO+YRwWwFNtuTftA4MWvfDmD8mmA6/awjV22bWLgAqAiphvtu6Ts3zxG1Qy/d6Y3m3w2cBGr/1+nnyMxnNApQ8jjBzrZyVTvusgr4vqSODMyHjUv9XuG5ptihzz0qAcfHYtFJZV6k+VKV6ywfY0PazjWZ7pLsYM91s3Zyj97XMDNk+NjWRIsHdGKZLiWkU4UHLMBK5SzlkArarypYq+fKg8Iihj1zOMObyvaydrqLUWMele0TuapHaPakrhrB0rfeIgBKY7u+X45MSazvXN5krlEoeF6HAbcM0Ng9cCJXlRSEHrrhH00XuYbFUlUAp/t9q3RYtk8CqVvuepEcT7vGK1dny5393qGBAXdmNpRMiAOsg9DqSM7KmsO/KJHsTkw11GGkWi3z98g2WOHx6znGeEM3FjLv5tzzJb8Mv14wvrylcdXXDIeQhloqho/jySE9tJfj6R2gImrfZ/m9IJsS6qnpYPEP8Z7E1IU9hemBnWuVEiDip2hwE+ptfC3+d8kmmF4hpjlPgezbXRgs02DWu6kg4WAmoguPReRgN55GmRjuNefn/OqgZIsCk+zkwBY10Cb9aXX5+5FAsxggClxKDsTf88lmuVIxKdiRp1E33M5z9vWpXFTLfC6G1w7RXT9YYTilffLryM0g/5uHdhfKgaV3tKQUFGaaIB4oIvXiprRflUD7lBGjztkGTS0V9nkSCzZ8G1C/yNimbZ2ZtSiktq1jYp4as4dkXWsYFhCOczr1Zzp0snjXDIR00aVss2GhwBGoURJ4pN6qcYYEiLmRpJorT/xlQtrqAEZV9OHjvD4L2S6Iay0Qk78OSXuQ6vElXH+IXZB4p2UaSYRrQYwbqNfSWvMk8jGkuS9VcVyJfcXouj5axt6SQEX/PxRYtddt8dBB5uE7691Ax6owMRVgmtHj1KgQh1v785+KszkLzOlh+e5xGbdCmqtcb2lZfZnoSAWYAlzwRPgMCp0ac</value></token><token><name>OfflineInstallationId</name><type>Info</type><value>020945003153815840789934125014175674962221992392490001</value></token><token><name>PackageFlavor</name><type>Info</type><value>Windows</value></token><token><name>PackageVersion</name><type>Info</type><value>7.1.7600.16395</value></token><token><name>PartnerId</name><type>Info</type><value>Windows</value></token><token><name>ProcessorArchitecture</name><type>Info</type><value>x64</value></token><token><name>ProductLCID</name><type>Info</type><value>1033</value></token><token><name>ProductName</name><type>Info</type><value>Windows 7 Home Premium</value></token><token><name>ProductUniquenessGroups</name><type>Info</type><value>66c92734-d682-4d71-983e-d6ec3f16059f</value></token><token><name>ServiceAvailable</name><type>Info</type><value>true</value></token><token><name>SystemLCID</name><type>Info</type><value>1033</value></token><token><name>UserLCID</name><type>Info</type><value>1033</value></token><token><name>WMI:Win32_ComputerSystem:Manufacturer</name><type>Info</type><value>TOSHIBA</value></token><token><name>WMI:Win32_ComputerSystem:Model</name><type>Info</type><value>Satellite C655</value></token><token><name>WMI:Win32_OperatingSystem:InstallDate</name><type>Info</type><value>20120303234120.000000-360</value></token></clienttoken></Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
0002000A(0x00000000, 12:27:53:763 - 3, https=127.0.0.1:8800, <-loopback>)
00020008(0x80072EFD, 12:27:54:792 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7e32b559-78b0-4443-a53f-f8a1ae9c1041</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value><clienttoken><token><name>ClientEvent</name><type>EventType</type><value>0x00000012</value></token><token><name>ADMIN:FirstValidation</name><type>Info</type><value>0</value></token><token><name>ADMIN:MachineId</name><type>Info</type><value>RI5gD7Ri+59DUMTlQAqu8pM4qa6i8MRrJu+AvooO70o=</value></token><token><name>ADMIN:NumberTimesNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:RemainingRearmCount</name><type>Info</type><value>2</value></token><token><name>ADMIN:TimeNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:TotalValidations</name><type>Info</type><value>10</value></token><token><name>ADMIN:UGUID</name><type>Info</type><value>9c78d609-f3da-46ac-8855-54663c8a7a25</value></token><token><name>AUOptionsLocal</name><type>Info</type><value>4</value></token><token><name>ActiveSkuDescription</name><type>Info</type><value>Windows Operating System - Windows® 7, OEM_SLP channel</value></token><token><name>ActiveSkuId</name><type>Info</type><value>d2c04e90-c3dd-4260-b0f3-f845f5d27d64</value></token><token><name>CodeSigning</name><type>Info</type><value>SIGNED_INFO_PRS_SIGNED</value></token><token><name>DomainJoined</name><type>Info</type><value>false</value></token><token><name>EditionId</name><type>Info</type><value>HomePremium</value></token><token><name>HROffline</name><type>Info</type><value>0x00000000</value></token><token><name>OSVersion</name><type>Info</type><value>6.1.7601.2.00010300.1.0.003</value></token><token><name>OemMarkerVersion</name><type>Info</type><value>0x00020001</value></token><token><name>OemTableId</name><type>Info</type><value>TOSINV00</value></token><token><name>OfflineGenuineBlob</name><type>Info</type><value>n6FMKC8lVCq/lFDmn3NlH2/y6pmH124n0LkQEkEsG/p3yIGk1zc1nitghuAHBcRZW/PlLZWEjlgwluJju4sAm+U+j5cf1/2D+tUAeySnLNfOAs7hAmwcbFcTRql+ybBY4GoUuUhPiU+IU04ntes3drsVxqHeJP0ZmIfP0vCtcGw02tUf9aFBTqpRU308QYNzQI35XZe1khvM4curaeTfsfdkq5vV1VPqdF9go2W1CsmWX5wDxxu6hwA1hrNeJgBjwb09PXTJzQ/E7bzYhtivGQU0RLuAId1zgiWTtlrSrdg7DQo9cPzzuvl6VpJ9BHHaoeMSA7ve3GtVZusRRi3RFC4Y4/b7ThFcvmse7AdtLoy4my06CXQlKBpoM3gSDPssHW8qCsEI9EqLUvxPYDHw26IhuN2LuChCTFXMGNvzx1O4b77QMR8Bbdq2iXNInCwMc65hLdWiIPcerUw3RBLOUKjQdsZ4mCC/w3rKGMDWSDSoq72CYaggj9h3giTO8GaBuzGvn6O0rxfoAq9qsrtyp9DG4ADIwfzmDY/KeYG8/LeeJO3AnGf7d8qznbh0+aaQ42Cr5DA064zK/2B2+BGDlynC4rGl5ubM9yV10itH+KhjRhJQVybDX3eOjMRI5BN0VWLU9OMKVmIXrYrjD02pqpz+byyvqS1E2PIO88aWLxqDwB11KrgUJR8WOfhWJ1BAHK1MW3aEFKF9WLYmFgfXH/5TEbh2dwhmznze3XxMyGsYOpXPcx+tQhu/8i/B0FT39J77K9R4Kyv6aoM7u/idbif6yVM4HGJ98U8HexiUwuhk7oTFTtdzwkWVCpGyENYCkJGXhdAiAmT6NvZ+QdrKc9UnplxK1nC0bbo9P0GgyefYCwUVHcFLyCuz+FZezbFrE9NCpiZxt8n7vxv8h/QE1r816u4FZh/xXA4KAiH5jiD9lZUPDwcTKBqhNwdlI6m8SK8SnW5aEXBgNHlzM/KOgpjfRhnXRda1yduRqWDgCyBPy2q5IBo4d7nOg8m+oW1DVf1I3+cQCvysXvhmB5l4yf+R+ru4mzkBme8Vh7cgZEmVyNp3K67ZTzPTZ4AXAIpW77YiF3sDte7sCzIVLSGkfsGFg5ub26e/kxBp21x0NJRKz3okuN/cJz7s6uxf1bgqOowRZHPxa5e3LsQ+Ww8ebdbQ89AUz2farbZf8MH5G3MRfQP79iZfQyODGPoUS0y6fq8Hq1LJWZUxmfsDfTk8uLEabBVFY4QreflkWR2QMfhf76fqM9O3HF4i/V5CKWPdhhzvP/dEUQjlp5Zy1BQfgIovO2x6BDvGIy1U4TqtNd+67FTVswTv6uD/IHD10ZUgUb7KG6B3i36jQdpqcwlirI2W+2tztRlVNwBzua5mw0cbhUZTySCZt0oWKFRUa+8RzgsoLzoqnMd5yitQYbN/OBvP2jpzf81XlPbLL0OtmuGzFdkKDVBJq3Q1ZZbbL6ZHqmta7rswPH4q6Uj2AjMUl+eeezH8X0ui6AEwR7ABYz6kGIoMtjZG+B22s36zyRTbzJn7gLEHMbi1uM6puUAIS8p5Y7bFRrYjn9ybsv75/MoKsCcy2lypVaH5VDau8mSGyGjSyWwzcMfcjN7uZcVPtb6KWXmn9m0kGIXHgIntgN0g6bhSaFMV/2rlKVWleXas7DHWIjiSE4OgU9a9akr3O2fMn8zCtUfFQIVo5t1991oN6R0po7eV0JCB/j0Sz3gfB3S1q97M53j06vz0/gEqSlkJz1tBPcCJzbFoDMG1/api/KtQOmGaeKkhGGTbHMvpRYO6J3epZOLaQ43VJygb7TjVH+dQJ5KznElU6adSGeQAgKkCrIIC7ewN8nUHLv2Im58ucc65xF9agmSqRh4gWwPQ2xJp5o1cYtCD699kD34THkdVdsA8Q98vZbZ0J8hSeSKRoOvgv2lfjzfBXajS2QS8yO18sL1el3FP+vQd2LnIWjW5s9ngh3aoDZ3J8XVFSA7C7AsGZPvgoxjyBxgrHbiQG2W1mPrgEm7Ipiq/o53UdWiO+YRwWwFNtuTftA4MWvfDmD8mmA6/awjV22bWLgAqAiphvtu6Ts3zxG1Qy/d6Y3m3w2cBGr/1+nnyMxnNApQ8jjBzrZyVTvusgr4vqSODMyHjUv9XuG5ptihzz0qAcfHYtFJZV6k+VKV6ywfY0PazjWZ7pLsYM91s3Zyj97XMDNk+NjWRIsHdGKZLiWkU4UHLMBK5SzlkArarypYq+fKg8Iihj1zOMObyvaydrqLUWMele0TuapHaPakrhrB0rfeIgBKY7u+X45MSazvXN5krlEoeF6HAbcM0Ng9cCJXlRSEHrrhH00XuYbFUlUAp/t9q3RYtk8CqVvuepEcT7vGK1dny5393qGBAXdmNpRMiAOsg9DqSM7KmsO/KJHsTkw11GGkWi3z98g2WOHx6znGeEM3FjLv5tzzJb8Mv14wvrylcdXXDIeQhloqho/jySE9tJfj6R2gImrfZ/m9IJsS6qnpYPEP8Z7E1IU9hemBnWuVEiDip2hwE+ptfC3+d8kmmF4hpjlPgezbXRgs02DWu6kg4WAmoguPReRgN55GmRjuNefn/OqgZIsCk+zkwBY10Cb9aXX5+5FAsxggClxKDsTf88lmuVIxKdiRp1E33M5z9vWpXFTLfC6G1w7RXT9YYTilffLryM0g/5uHdhfKgaV3tKQUFGaaIB4oIvXiprRflUD7lBGjztkGTS0V9nkSCzZ8G1C/yNimbZ2ZtSiktq1jYp4as4dkXWsYFhCOczr1Zzp0snjXDIR00aVss2GhwBGoURJ4pN6qcYYEiLmRpJorT/xlQtrqAEZV9OHjvD4L2S6Iay0Qk78OSXuQ6vElXH+IXZB4p2UaSYRrQYwbqNfSWvMk8jGkuS9VcVyJfcXouj5axt6SQEX/PxRYtddt8dBB5uE7691Ax6owMRVgmtHj1KgQh1v785+KszkLzOlh+e5xGbdCmqtcb2lZfZnoSAWYAlzwRPgMCp0ac</value></token><token><name>OfflineInstallationId</name><type>Info</type><value>020945003153815840789934125014175674962221992392490001</value></token><token><name>PackageFlavor</name><type>Info</type><value>Windows</value></token><token><name>PackageVersion</name><type>Info</type><value>7.1.7600.16395</value></token><token><name>PartnerId</name><type>Info</type><value>Windows</value></token><token><name>ProcessorArchitecture</name><type>Info</type><value>x64</value></token><token><name>ProductLCID</name><type>Info</type><value>1033</value></token><token><name>ProductName</name><type>Info</type><value>Windows 7 Home Premium</value></token><token><name>ProductUniquenessGroups</name><type>Info</type><value>66c92734-d682-4d71-983e-d6ec3f16059f</value></token><token><name>ServiceAvailable</name><type>Info</type><value>true</value></token><token><name>SystemLCID</name><type>Info</type><value>1033</value></token><token><name>UserLCID</name><type>Info</type><value>1033</value></token><token><name>WMI:Win32_ComputerSystem:Manufacturer</name><type>Info</type><value>TOSHIBA</value></token><token><name>WMI:Win32_ComputerSystem:Model</name><type>Info</type><value>Satellite C655</value></token><token><name>WMI:Win32_OperatingSystem:InstallDate</name><type>Info</type><value>20120303234120.000000-360</value></token></clienttoken></Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 12:27:54:792 - <NULL>)
00010003(0x80072EFD, 12:27:54:792)

Error: (02/10/2015 00:03:33 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/10/2015 00:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-09 20:13:09.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 20:13:09.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 4043.86 MB
Available physical RAM: 2747.14 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6691.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106321W0B) (Fixed) (Total:581.04 GB) (Free:525.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 010ED62A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum.

Download and run Fixit, see if that works:

http://support.microsoft.com/kb/2289942

MrC

 

Thanks for the response. This forum was of help to me some five years ago when I was infected with some scareware. Now, it's a friends pc that needs some help.

 

Unfortunately, Fix it didn't fix it. I alternately tried the fix manually and got the same results. :(

Link to post
Share on other sites

As you asked. :)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Brenda Williams (administrator) on BRENDAWILLIAMS on 10-02-2015 22:02:20
Running from C:\Users\Brenda Williams\Desktop
Loaded Profiles: Brenda Williams (Available profiles: Brenda Williams)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://go.microsoft.com)
00030002(0x00000000, 12:27:51:626 - 0)
00040001(0x00000000, 12:27:51:626 - http://go.microsoft.com)
00040002(0x00000000, 12:27:51:626 - 0, http=127.0.0.1:8800;https=127.0.0.1:8800, <NULL>, <-loopback>)
00040006(0x00000000, 12:27:51:626 - 1, http://go.microsoft.com, http=127.0.0.1:8800;https=127.0.0.1:8800, <-loopback>)
00020005(0x00000000, 12:27:51:626 - 2)
00020007(0x80072EFD, 12:27:52:655)
0002000A(0x00000000, 12:27:52:655 - 3, https=127.0.0.1:8800, <-loopback>)
0002000C(0x00000000, 12:27:52:718 - 302)
0002000E(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 12:27:52:718)
00030001(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com)
00030002(0x00000000, 12:27:52:718 - 0)
00040001(0x00000000, 12:27:52:718 - https://validation.sls.microsoft.com)
00040002(0x00000000, 12:27:52:733 - 0, http=127.0.0.1:8800;https=127.0.0.1:8800, <NULL>, <-loopback>)
00040006(0x00000000, 12:27:52:733 - 1, https://validation.sls.microsoft.com, http=127.0.0.1:8800;https=127.0.0.1:8800, <-loopback>)
00020005(0x00000000, 12:27:52:733 - 2)
00020008(0x80072EFD, 12:27:53:763 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7e32b559-78b0-4443-a53f-f8a1ae9c1041</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value><clienttoken><token><name>ClientEvent</name><type>EventType</type><value>0x00000012</value></token><token><name>ADMIN:FirstValidation</name><type>Info</type><value>0</value></token><token><name>ADMIN:MachineId</name><type>Info</type><value>RI5gD7Ri+59DUMTlQAqu8pM4qa6i8MRrJu+AvooO70o=</value></token><token><name>ADMIN:NumberTimesNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:RemainingRearmCount</name><type>Info</type><value>2</value></token><token><name>ADMIN:TimeNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:TotalValidations</name><type>Info</type><value>10</value></token><token><name>ADMIN:UGUID</name><type>Info</type><value>9c78d609-f3da-46ac-8855-54663c8a7a25</value></token><token><name>AUOptionsLocal</name><type>Info</type><value>4</value></token><token><name>ActiveSkuDescription</name><type>Info</type><value>Windows Operating System - Windows® 7, OEM_SLP channel</value></token><token><name>ActiveSkuId</name><type>Info</type><value>d2c04e90-c3dd-4260-b0f3-f845f5d27d64</value></token><token><name>CodeSigning</name><type>Info</type><value>SIGNED_INFO_PRS_SIGNED</value></token><token><name>DomainJoined</name><type>Info</type><value>false</value></token><token><name>EditionId</name><type>Info</type><value>HomePremium</value></token><token><name>HROffline</name><type>Info</type><value>0x00000000</value></token><token><name>OSVersion</name><type>Info</type><value>6.1.7601.2.00010300.1.0.003</value></token><token><name>OemMarkerVersion</name><type>Info</type><value>0x00020001</value></token><token><name>OemTableId</name><type>Info</type><value>TOSINV00</value></token><token><name>OfflineGenuineBlob</name><type>Info</type><value>n6FMKC8lVCq/lFDmn3NlH2/y6pmH124n0LkQEkEsG/p3yIGk1zc1nitghuAHBcRZW/PlLZWEjlgwluJju4sAm+U+j5cf1/2D+tUAeySnLNfOAs7hAmwcbFcTRql+ybBY4GoUuUhPiU+IU04ntes3drsVxqHeJP0ZmIfP0vCtcGw02tUf9aFBTqpRU308QYNzQI35XZe1khvM4curaeTfsfdkq5vV1VPqdF9go2W1CsmWX5wDxxu6hwA1hrNeJgBjwb09PXTJzQ/E7bzYhtivGQU0RLuAId1zgiWTtlrSrdg7DQo9cPzzuvl6VpJ9BHHaoeMSA7ve3GtVZusRRi3RFC4Y4/b7ThFcvmse7AdtLoy4my06CXQlKBpoM3gSDPssHW8qCsEI9EqLUvxPYDHw26IhuN2LuChCTFXMGNvzx1O4b77QMR8Bbdq2iXNInCwMc65hLdWiIPcerUw3RBLOUKjQdsZ4mCC/w3rKGMDWSDSoq72CYaggj9h3giTO8GaBuzGvn6O0rxfoAq9qsrtyp9DG4ADIwfzmDY/KeYG8/LeeJO3AnGf7d8qznbh0+aaQ42Cr5DA064zK/2B2+BGDlynC4rGl5ubM9yV10itH+KhjRhJQVybDX3eOjMRI5BN0VWLU9OMKVmIXrYrjD02pqpz+byyvqS1E2PIO88aWLxqDwB11KrgUJR8WOfhWJ1BAHK1MW3aEFKF9WLYmFgfXH/5TEbh2dwhmznze3XxMyGsYOpXPcx+tQhu/8i/B0FT39J77K9R4Kyv6aoM7u/idbif6yVM4HGJ98U8HexiUwuhk7oTFTtdzwkWVCpGyENYCkJGXhdAiAmT6NvZ+QdrKc9UnplxK1nC0bbo9P0GgyefYCwUVHcFLyCuz+FZezbFrE9NCpiZxt8n7vxv8h/QE1r816u4FZh/xXA4KAiH5jiD9lZUPDwcTKBqhNwdlI6m8SK8SnW5aEXBgNHlzM/KOgpjfRhnXRda1yduRqWDgCyBPy2q5IBo4d7nOg8m+oW1DVf1I3+cQCvysXvhmB5l4yf+R+ru4mzkBme8Vh7cgZEmVyNp3K67ZTzPTZ4AXAIpW77YiF3sDte7sCzIVLSGkfsGFg5ub26e/kxBp21x0NJRKz3okuN/cJz7s6uxf1bgqOowRZHPxa5e3LsQ+Ww8ebdbQ89AUz2farbZf8MH5G3MRfQP79iZfQyODGPoUS0y6fq8Hq1LJWZUxmfsDfTk8uLEabBVFY4QreflkWR2QMfhf76fqM9O3HF4i/V5CKWPdhhzvP/dEUQjlp5Zy1BQfgIovO2x6BDvGIy1U4TqtNd+67FTVswTv6uD/IHD10ZUgUb7KG6B3i36jQdpqcwlirI2W+2tztRlVNwBzua5mw0cbhUZTySCZt0oWKFRUa+8RzgsoLzoqnMd5yitQYbN/OBvP2jpzf81XlPbLL0OtmuGzFdkKDVBJq3Q1ZZbbL6ZHqmta7rswPH4q6Uj2AjMUl+eeezH8X0ui6AEwR7ABYz6kGIoMtjZG+B22s36zyRTbzJn7gLEHMbi1uM6puUAIS8p5Y7bFRrYjn9ybsv75/MoKsCcy2lypVaH5VDau8mSGyGjSyWwzcMfcjN7uZcVPtb6KWXmn9m0kGIXHgIntgN0g6bhSaFMV/2rlKVWleXas7DHWIjiSE4OgU9a9akr3O2fMn8zCtUfFQIVo5t1991oN6R0po7eV0JCB/j0Sz3gfB3S1q97M53j06vz0/gEqSlkJz1tBPcCJzbFoDMG1/api/KtQOmGaeKkhGGTbHMvpRYO6J3epZOLaQ43VJygb7TjVH+dQJ5KznElU6adSGeQAgKkCrIIC7ewN8nUHLv2Im58ucc65xF9agmSqRh4gWwPQ2xJp5o1cYtCD699kD34THkdVdsA8Q98vZbZ0J8hSeSKRoOvgv2lfjzfBXajS2QS8yO18sL1el3FP+vQd2LnIWjW5s9ngh3aoDZ3J8XVFSA7C7AsGZPvgoxjyBxgrHbiQG2W1mPrgEm7Ipiq/o53UdWiO+YRwWwFNtuTftA4MWvfDmD8mmA6/awjV22bWLgAqAiphvtu6Ts3zxG1Qy/d6Y3m3w2cBGr/1+nnyMxnNApQ8jjBzrZyVTvusgr4vqSODMyHjUv9XuG5ptihzz0qAcfHYtFJZV6k+VKV6ywfY0PazjWZ7pLsYM91s3Zyj97XMDNk+NjWRIsHdGKZLiWkU4UHLMBK5SzlkArarypYq+fKg8Iihj1zOMObyvaydrqLUWMele0TuapHaPakrhrB0rfeIgBKY7u+X45MSazvXN5krlEoeF6HAbcM0Ng9cCJXlRSEHrrhH00XuYbFUlUAp/t9q3RYtk8CqVvuepEcT7vGK1dny5393qGBAXdmNpRMiAOsg9DqSM7KmsO/KJHsTkw11GGkWi3z98g2WOHx6znGeEM3FjLv5tzzJb8Mv14wvrylcdXXDIeQhloqho/jySE9tJfj6R2gImrfZ/m9IJsS6qnpYPEP8Z7E1IU9hemBnWuVEiDip2hwE+ptfC3+d8kmmF4hpjlPgezbXRgs02DWu6kg4WAmoguPReRgN55GmRjuNefn/OqgZIsCk+zkwBY10Cb9aXX5+5FAsxggClxKDsTf88lmuVIxKdiRp1E33M5z9vWpXFTLfC6G1w7RXT9YYTilffLryM0g/5uHdhfKgaV3tKQUFGaaIB4oIvXiprRflUD7lBGjztkGTS0V9nkSCzZ8G1C/yNimbZ2ZtSiktq1jYp4as4dkXWsYFhCOczr1Zzp0snjXDIR00aVss2GhwBGoURJ4pN6qcYYEiLmRpJorT/xlQtrqAEZV9OHjvD4L2S6Iay0Qk78OSXuQ6vElXH+IXZB4p2UaSYRrQYwbqNfSWvMk8jGkuS9VcVyJfcXouj5axt6SQEX/PxRYtddt8dBB5uE7691Ax6owMRVgmtHj1KgQh1v785+KszkLzOlh+e5xGbdCmqtcb2lZfZnoSAWYAlzwRPgMCp0ac</value></token><token><name>OfflineInstallationId</name><type>Info</type><value>020945003153815840789934125014175674962221992392490001</value></token><token><name>PackageFlavor</name><type>Info</type><value>Windows</value></token><token><name>PackageVersion</name><type>Info</type><value>7.1.7600.16395</value></token><token><name>PartnerId</name><type>Info</type><value>Windows</value></token><token><name>ProcessorArchitecture</name><type>Info</type><value>x64</value></token><token><name>ProductLCID</name><type>Info</type><value>1033</value></token><token><name>ProductName</name><type>Info</type><value>Windows 7 Home Premium</value></token><token><name>ProductUniquenessGroups</name><type>Info</type><value>66c92734-d682-4d71-983e-d6ec3f16059f</value></token><token><name>ServiceAvailable</name><type>Info</type><value>true</value></token><token><name>SystemLCID</name><type>Info</type><value>1033</value></token><token><name>UserLCID</name><type>Info</type><value>1033</value></token><token><name>WMI:Win32_ComputerSystem:Manufacturer</name><type>Info</type><value>TOSHIBA</value></token><token><name>WMI:Win32_ComputerSystem:Model</name><type>Info</type><value>Satellite C655</value></token><token><name>WMI:Win32_OperatingSystem:InstallDate</name><type>Info</type><value>20120303234120.000000-360</value></token></clienttoken></Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
0002000A(0x00000000, 12:27:53:763 - 3, https=127.0.0.1:8800, <-loopback>)
00020008(0x80072EFD, 12:27:54:792 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7e32b559-78b0-4443-a53f-f8a1ae9c1041</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value><clienttoken><token><name>ClientEvent</name><type>EventType</type><value>0x00000012</value></token><token><name>ADMIN:FirstValidation</name><type>Info</type><value>0</value></token><token><name>ADMIN:MachineId</name><type>Info</type><value>RI5gD7Ri+59DUMTlQAqu8pM4qa6i8MRrJu+AvooO70o=</value></token><token><name>ADMIN:NumberTimesNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:RemainingRearmCount</name><type>Info</type><value>2</value></token><token><name>ADMIN:TimeNonGenuine</name><type>Info</type><value>0</value></token><token><name>ADMIN:TotalValidations</name><type>Info</type><value>10</value></token><token><name>ADMIN:UGUID</name><type>Info</type><value>9c78d609-f3da-46ac-8855-54663c8a7a25</value></token><token><name>AUOptionsLocal</name><type>Info</type><value>4</value></token><token><name>ActiveSkuDescription</name><type>Info</type><value>Windows Operating System - Windows® 7, OEM_SLP channel</value></token><token><name>ActiveSkuId</name><type>Info</type><value>d2c04e90-c3dd-4260-b0f3-f845f5d27d64</value></token><token><name>CodeSigning</name><type>Info</type><value>SIGNED_INFO_PRS_SIGNED</value></token><token><name>DomainJoined</name><type>Info</type><value>false</value></token><token><name>EditionId</name><type>Info</type><value>HomePremium</value></token><token><name>HROffline</name><type>Info</type><value>0x00000000</value></token><token><name>OSVersion</name><type>Info</type><value>6.1.7601.2.00010300.1.0.003</value></token><token><name>OemMarkerVersion</name><type>Info</type><value>0x00020001</value></token><token><name>OemTableId</name><type>Info</type><value>TOSINV00</value></token><token><name>OfflineGenuineBlob</name><type>Info</type><value>n6FMKC8lVCq/lFDmn3NlH2/y6pmH124n0LkQEkEsG/p3yIGk1zc1nitghuAHBcRZW/PlLZWEjlgwluJju4sAm+U+j5cf1/2D+tUAeySnLNfOAs7hAmwcbFcTRql+ybBY4GoUuUhPiU+IU04ntes3drsVxqHeJP0ZmIfP0vCtcGw02tUf9aFBTqpRU308QYNzQI35XZe1khvM4curaeTfsfdkq5vV1VPqdF9go2W1CsmWX5wDxxu6hwA1hrNeJgBjwb09PXTJzQ/E7bzYhtivGQU0RLuAId1zgiWTtlrSrdg7DQo9cPzzuvl6VpJ9BHHaoeMSA7ve3GtVZusRRi3RFC4Y4/b7ThFcvmse7AdtLoy4my06CXQlKBpoM3gSDPssHW8qCsEI9EqLUvxPYDHw26IhuN2LuChCTFXMGNvzx1O4b77QMR8Bbdq2iXNInCwMc65hLdWiIPcerUw3RBLOUKjQdsZ4mCC/w3rKGMDWSDSoq72CYaggj9h3giTO8GaBuzGvn6O0rxfoAq9qsrtyp9DG4ADIwfzmDY/KeYG8/LeeJO3AnGf7d8qznbh0+aaQ42Cr5DA064zK/2B2+BGDlynC4rGl5ubM9yV10itH+KhjRhJQVybDX3eOjMRI5BN0VWLU9OMKVmIXrYrjD02pqpz+byyvqS1E2PIO88aWLxqDwB11KrgUJR8WOfhWJ1BAHK1MW3aEFKF9WLYmFgfXH/5TEbh2dwhmznze3XxMyGsYOpXPcx+tQhu/8i/B0FT39J77K9R4Kyv6aoM7u/idbif6yVM4HGJ98U8HexiUwuhk7oTFTtdzwkWVCpGyENYCkJGXhdAiAmT6NvZ+QdrKc9UnplxK1nC0bbo9P0GgyefYCwUVHcFLyCuz+FZezbFrE9NCpiZxt8n7vxv8h/QE1r816u4FZh/xXA4KAiH5jiD9lZUPDwcTKBqhNwdlI6m8SK8SnW5aEXBgNHlzM/KOgpjfRhnXRda1yduRqWDgCyBPy2q5IBo4d7nOg8m+oW1DVf1I3+cQCvysXvhmB5l4yf+R+ru4mzkBme8Vh7cgZEmVyNp3K67ZTzPTZ4AXAIpW77YiF3sDte7sCzIVLSGkfsGFg5ub26e/kxBp21x0NJRKz3okuN/cJz7s6uxf1bgqOowRZHPxa5e3LsQ+Ww8ebdbQ89AUz2farbZf8MH5G3MRfQP79iZfQyODGPoUS0y6fq8Hq1LJWZUxmfsDfTk8uLEabBVFY4QreflkWR2QMfhf76fqM9O3HF4i/V5CKWPdhhzvP/dEUQjlp5Zy1BQfgIovO2x6BDvGIy1U4TqtNd+67FTVswTv6uD/IHD10ZUgUb7KG6B3i36jQdpqcwlirI2W+2tztRlVNwBzua5mw0cbhUZTySCZt0oWKFRUa+8RzgsoLzoqnMd5yitQYbN/OBvP2jpzf81XlPbLL0OtmuGzFdkKDVBJq3Q1ZZbbL6ZHqmta7rswPH4q6Uj2AjMUl+eeezH8X0ui6AEwR7ABYz6kGIoMtjZG+B22s36zyRTbzJn7gLEHMbi1uM6puUAIS8p5Y7bFRrYjn9ybsv75/MoKsCcy2lypVaH5VDau8mSGyGjSyWwzcMfcjN7uZcVPtb6KWXmn9m0kGIXHgIntgN0g6bhSaFMV/2rlKVWleXas7DHWIjiSE4OgU9a9akr3O2fMn8zCtUfFQIVo5t1991oN6R0po7eV0JCB/j0Sz3gfB3S1q97M53j06vz0/gEqSlkJz1tBPcCJzbFoDMG1/api/KtQOmGaeKkhGGTbHMvpRYO6J3epZOLaQ43VJygb7TjVH+dQJ5KznElU6adSGeQAgKkCrIIC7ewN8nUHLv2Im58ucc65xF9agmSqRh4gWwPQ2xJp5o1cYtCD699kD34THkdVdsA8Q98vZbZ0J8hSeSKRoOvgv2lfjzfBXajS2QS8yO18sL1el3FP+vQd2LnIWjW5s9ngh3aoDZ3J8XVFSA7C7AsGZPvgoxjyBxgrHbiQG2W1mPrgEm7Ipiq/o53UdWiO+YRwWwFNtuTftA4MWvfDmD8mmA6/awjV22bWLgAqAiphvtu6Ts3zxG1Qy/d6Y3m3w2cBGr/1+nnyMxnNApQ8jjBzrZyVTvusgr4vqSODMyHjUv9XuG5ptihzz0qAcfHYtFJZV6k+VKV6ywfY0PazjWZ7pLsYM91s3Zyj97XMDNk+NjWRIsHdGKZLiWkU4UHLMBK5SzlkArarypYq+fKg8Iihj1zOMObyvaydrqLUWMele0TuapHaPakrhrB0rfeIgBKY7u+X45MSazvXN5krlEoeF6HAbcM0Ng9cCJXlRSEHrrhH00XuYbFUlUAp/t9q3RYtk8CqVvuepEcT7vGK1dny5393qGBAXdmNpRMiAOsg9DqSM7KmsO/KJHsTkw11GGkWi3z98g2WOHx6znGeEM3FjLv5tzzJb8Mv14wvrylcdXXDIeQhloqho/jySE9tJfj6R2gImrfZ/m9IJsS6qnpYPEP8Z7E1IU9hemBnWuVEiDip2hwE+ptfC3+d8kmmF4hpjlPgezbXRgs02DWu6kg4WAmoguPReRgN55GmRjuNefn/OqgZIsCk+zkwBY10Cb9aXX5+5FAsxggClxKDsTf88lmuVIxKdiRp1E33M5z9vWpXFTLfC6G1w7RXT9YYTilffLryM0g/5uHdhfKgaV3tKQUFGaaIB4oIvXiprRflUD7lBGjztkGTS0V9nkSCzZ8G1C/yNimbZ2ZtSiktq1jYp4as4dkXWsYFhCOczr1Zzp0snjXDIR00aVss2GhwBGoURJ4pN6qcYYEiLmRpJorT/xlQtrqAEZV9OHjvD4L2S6Iay0Qk78OSXuQ6vElXH+IXZB4p2UaSYRrQYwbqNfSWvMk8jGkuS9VcVyJfcXouj5axt6SQEX/PxRYtddt8dBB5uE7691Ax6owMRVgmtHj1KgQh1v785+KszkLzOlh+e5xGbdCmqtcb2lZfZnoSAWYAlzwRPgMCp0ac</value></token><token><name>OfflineInstallationId</name><type>Info</type><value>020945003153815840789934125014175674962221992392490001</value></token><token><name>PackageFlavor</name><type>Info</type><value>Windows</value></token><token><name>PackageVersion</name><type>Info</type><value>7.1.7600.16395</value></token><token><name>PartnerId</name><type>Info</type><value>Windows</value></token><token><name>ProcessorArchitecture</name><type>Info</type><value>x64</value></token><token><name>ProductLCID</name><type>Info</type><value>1033</value></token><token><name>ProductName</name><type>Info</type><value>Windows 7 Home Premium</value></token><token><name>ProductUniquenessGroups</name><type>Info</type><value>66c92734-d682-4d71-983e-d6ec3f16059f</value></token><token><name>ServiceAvailable</name><type>Info</type><value>true</value></token><token><name>SystemLCID</name><type>Info</type><value>1033</value></token><token><name>UserLCID</name><type>Info</type><value>1033</value></token><token><name>WMI:Win32_ComputerSystem:Manufacturer</name><type>Info</type><value>TOSHIBA</value></token><token><name>WMI:Win32_ComputerSystem:Model</name><type>Info</type><value>Satellite C655</value></token><token><name>WMI:Win32_OperatingSystem:InstallDate</name><type>Info</type><value>20120303234120.000000-360</value></token></clienttoken></Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 12:27:54:792 - <NULL>)
00010003(0x80072EFD, 12:27:54:792)

Error: (02/10/2015 00:03:33 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/10/2015 00:03:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-09 20:13:09.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-09 20:13:09.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 33%
Total physical RAM: 4043.86 MB
Available physical RAM: 2673.94 MB
Total Pagefile: 8085.9 MB
Available Pagefile: 6444.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106321W0B) (Fixed) (Total:581.04 GB) (Free:527.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 010ED62A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ===========================

    For now, please uninstall Spybot - Search & Destroy

    ==========================

    Running this script will cause the computer to reboot....please save all your work

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ===========================

    Please re-scan with FRST and Make sure the Addition Box is checked.
    Post or attach the 2 logs FRST(64).txt and Addition.txt

    MrC
Link to post
Share on other sites

Great....you're good to go;

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

I am hoping you can help me.  I have been able to successfully install malwarebytes on two of my children's laptops but on the third laptop I have the proxy server error referenced by the prior person.  I have tried opening Chrome and IE with the same error.  I don't knwo how to download the software without getting onto the internet.  I see that you provided several links, downloads but I cant even get that far.

 

Please help and thank you!

 

Link to post
Share on other sites

@Lynnmom23, we'll be glad to help you but you have to start your own topic by using the Start New Topic button:untitled-crop.png

If you have a usb flash drive, you can use it to download the programs on a good computer and then copy them to the flash drive and then on to the sick computer.

The program you need to download is FRST.exe or FRST64.exe, depending on which system you have.

 

================================

 Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.