Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can't Fix Internet Problems
#1
Hello, I have recently cleaned my computer of viruses and malware using malwarebytes and avast. I am now having problems that weren't going on before. I cannot use google chrome, it gives me an error that it can't connect to proxy, and I am now getting error code -103 on Steam which I guess is the same problem because everything else so far is working fine. I have tried everything I've found on the internet for fixing this problem, and nothing is working at all. I have tried to go to the LAN settings and unchecking "use a proxy server for LAN", I've tried 2 microsoft fixits, FRST, FSS, MiniToolBox, AviraDNSRepair, and messing with registry and things according to videos I've watched. Nothing is working. I have seen someone say that completely wiping the hard drive and reinstalling the operating system worked, but that is the LAST thing I want to do. Please help me, I have no idea what else to do at this point. I am new to this website so if there is anything wrong with my post or something please let me know

#2
[Image: RogueKiller.png]Run RogueKiller

Please run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on [Image: RogueKiller.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, the Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.
Tim's Computer Repair (TCR) 
1503 Kings Way, Savannah, GA 31406, US
912-220-0765
https://www.TimsComputerFix.net 


#3
RogueKiller V10.6.5.0 [May 20 2015] by Adlice Software
mail : https://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : https://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ethan [Administrator]
Started from : C:\Users\Ethan\Desktop\Antivirus-PC Cleaning\RogueKiller.exe
Mode : Scan -- Date : 05/24/2015 16:59:42

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] MFUSNM~1.EXE(3284) -- C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE[7] -> Killed [TermProc]

¤¤¤ Registry : 11 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectD​elayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectD​elayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3805462314-2989857978-3840800272-1001\Software\Microsoft\Windows\CurrentVersion\Run | MediaFire Tray : C:\Users\Ethan\AppData\Local\MediaFire Desktop\mf_watch.exe [7] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3805462314-2989857978-3840800272-1001\Software\Microsoft\Windows\CurrentVersion\Run | MediaFire Tray : C:\Users\Ethan\AppData\Local\MediaFire Desktop\mf_watch.exe [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MF NTFS Monitor (C:\Users\Ethan\AppData\Local\MEDIAF~1\MFUSNM~1.EXE) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDeskto​pIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] The Hunger Games 2012 [1080p].lnk -- C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Hunger Games 2012 [1080p].lnk [LNK@] C:\ProgramData\{74d13242-98cb-b9b9-74d1-1324298cc90a}\The Hunger Games 2012 [1080p].exe --startup=1 -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SCSI Disk Device +++++
--- User ---
[MBR] 0bed2b2a032f28097d40f1259a4f69cd
[BSP] 88a583cae3b52f6036f01058005aa79e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 931418 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1907953664 | Size: 22148 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 0bed2b2a032f28097d40f1259a4f69cd
[BSP] 88a583cae3b52f6036f01058005aa79e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 931418 MB [Error reading VBR! ([1] Incorrect function. )]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1907953664 | Size: 22148 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB

#4
[Image: FRST.png]Scan with Farbar Recovery Scan Tool


Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on [Image: FRST.png] icon and select [Image: RunAsAdmin.jpg] Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#5
It said that there were too many characters so I sent the .txt files


Attached Files
.txt   FRST.txt (Size: 100.08 KB / Downloads: 3)
.txt   Addition.txt (Size: 47.84 KB / Downloads: 2)

#6
  • Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
Code: [Select]

Code:

Code:
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser]  <======= ATTENTION (Policy restriction on ProxySettings)
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
2015-05-24 09:08 - 2015-05-24 09:08 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\jmbxndng
2015-05-24 09:00 - 2015-05-24 09:00 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\lsrvalcj
2015-05-24 05:24 - 2015-05-24 05:24 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\xqmvqkqt
2015-05-24 05:21 - 2015-05-24 05:21 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\onaoptad
2015-05-24 05:19 - 2015-05-24 05:19 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\tlhcuxpe
2015-05-24 05:19 - 2015-05-24 05:19 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\pxndjdu
2015-05-24 05:19 - 2015-05-24 05:19 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\cmjnswam
2015-05-24 05:18 - 2015-05-24 05:18 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\kfwokscb
2015-05-24 05:13 - 2015-05-24 05:13 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\woxqqgoq
2015-05-24 05:10 - 2015-05-24 05:10 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\hupkvhqk
2015-05-24 05:08 - 2015-05-24 05:08 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\mllrfnev
2015-05-24 05:07 - 2015-05-24 05:07 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\buufafcb
2015-05-24 05:06 - 2015-05-24 05:06 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\tkxeodiw
2015-05-24 05:06 - 2015-05-24 05:06 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\nyyaarbl
2015-05-24 05:06 - 2015-05-24 05:06 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\ncybskmg
2015-05-24 04:39 - 2015-05-24 04:39 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\rqvyoajy
2015-05-24 04:39 - 2015-05-24 04:39 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\nbbzegfa
2015-05-24 04:38 - 2015-05-24 04:38 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\nubemtsz
2015-05-24 04:37 - 2015-05-24 04:37 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\ytimpjym
2015-05-24 04:37 - 2015-05-24 04:37 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\cwnsubka
2015-05-24 04:35 - 2015-05-24 04:35 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\bsjdqwsi
2015-05-24 04:34 - 2015-05-24 04:34 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\pneeorob
2015-05-24 04:32 - 2015-05-24 04:32 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\lgjimqno
2015-05-24 04:29 - 2015-05-24 04:29 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\fftndlpa
2015-05-24 04:14 - 2015-05-24 04:14 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\gxuqkiuv
2015-05-24 04:13 - 2015-05-24 04:13 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\gmrqqrzs
2015-05-24 04:13 - 2015-05-24 04:13 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\cbawibdw
2015-05-24 04:12 - 2015-05-24 04:12 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\bblhtlzd
2015-05-24 04:08 - 2015-05-24 04:08 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\laozsdbl
2015-05-24 04:05 - 2015-05-24 04:05 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\uiadahpk
2015-05-24 04:01 - 2015-05-24 04:01 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\dyqgmofp
2015-05-24 04:00 - 2015-05-24 04:00 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\exocbwji
2015-05-24 03:56 - 2015-05-24 03:56 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\tvmpcwmc
2015-05-24 03:55 - 2015-05-24 03:55 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\pagcpeao
2015-05-24 03:55 - 2015-05-24 03:55 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\okghxrmo
2015-05-24 03:54 - 2015-05-24 03:54 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\rymzsodb
2015-05-24 03:53 - 2015-05-24 03:53 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\gxgbidto
2015-05-24 03:40 - 2015-05-24 03:40 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\xsjfbgdv
2015-05-24 03:40 - 2015-05-24 03:40 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\oefwawtr
2015-05-24 03:37 - 2015-05-24 03:37 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\pdjttled
2015-05-24 03:28 - 2015-05-24 03:28 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\vqrxhxlg
2015-05-24 03:27 - 2015-05-24 03:27 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\omvzmbmj
2015-05-23 21:21 - 2015-05-23 21:22 - 00000000 ____D () C:\Program Files (x86)\473801ed-a546-443a-93d0-6590433a6262
2015-05-23 21:19 - 2015-05-24 08:52 - 00000000 ____D () C:\Users\Ethan\AppData\Local\29032
2015-05-23 20:53 - 2015-05-23 20:53 - 00613255 _____ () C:\Users\Ethan\AppData\Local\nsf39FF.tmp
2015-05-23 20:25 - 2015-05-23 20:25 - 00000000 ____D () C:\ProgramData\c6fe7a800002f1e
2015-05-23 20:19 - 2015-05-23 21:19 - 00000000 ___HD () C:\ProgramData\jod
2015-05-23 17:43 - 2015-05-23 17:43 - 00613255 _____ () C:\Users\Ethan\AppData\Local\nsa2A8B.tmp
2015-05-23 17:41 - 2015-05-23 17:41 - 00000000 ____D () C:\Users\Ethan\Documents\Optimizer Pro
2015-05-23 17:38 - 2015-05-23 17:38 - 00631296 _____ () C:\Windows\jod.dat
2015-05-23 17:23 - 2015-05-23 17:23 - 00000000 ____D () C:\Users\Ethan\AppData\Roaming\One System Care
2015-05-23 17:00 - 2015-05-24 02:59 - 00000112 _____ () C:\ProgramData\45A7xM2.dat
2015-05-23 16:51 - 2015-05-23 16:51 - 00000000 ____D () C:\ProgramData\Naxrefsemigew
2015-05-23 16:50 - 2015-05-23 16:50 - 00000000 ____D () C:\ProgramData\f3a5ddd00007f6d
2015-05-23 16:39 - 2015-05-23 22:20 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-23 16:34 - 2015-05-24 03:16 - 00000000 ____D () C:\ProgramData\abc
2015-05-23 16:33 - 2015-05-23 16:36 - 00000000 ____D () C:\Program Files (x86)\MaxComputerCleaner_v17.514
2015-05-23 16:22 - 2015-05-23 16:22 - 00000000 ____D () C:\Users\Ethan\AppData\Local\Zeoinsight
2015-05-23 16:22 - 2015-05-23 16:22 - 00000000 ____D () C:\Users\Ethan\AppData\Local\ZBAnalyticsCore
2015-05-10 12:23 - 2015-05-10 12:23 - 00000950 _____ () C:\Users\Ethan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2015-05-10 12:23 - 2015-05-10 12:23 - 00000942 _____ () C:\Users\Ethan\Desktop\osu!.lnk
2015-05-15 05:56 - 2015-05-15 05:57 - 00000000 ____D () C:\ProgramData\Gyazo
2015-05-14 20:56 - 2015-05-23 23:51 - 00000000 ____D () C:\Program Files (x86)\SystemContinue
2015-05-10 12:22 - 2015-05-10 12:22 - 03262024 _____ (ppy) C:\Users\Ethan\Downloads\osu!install.exe
2015-05-01 18:26 - 2015-05-14 21:16 - 00000000 ____D () C:\ProgramData\10008724138348112492
2015-05-01 18:25 - 2015-05-01 18:25 - 00300032 _____ () C:\Users\Ethan\Downloads\The Hunger Games 2012 [1080p].exe
2015-04-25 12:08 - 2015-04-25 12:08 - 00000000 ____D () C:\Users\Ethan\AppData\Local\openvr
2015-05-23 17:43 - 2015-05-23 17:43 - 0613255 _____ () C:\Users\Ethan\AppData\Local\nsa2A8B.tmp
2015-05-23 20:53 - 2015-05-23 20:53 - 0613255 _____ () C:\Users\Ethan\AppData\Local\nsf39FF.tmp
2015-05-23 17:00 - 2015-05-24 02:59 - 0000112 _____ () C:\ProgramData\45A7xM2.dat
C:\ProgramData\45A7xM2.dat
Edu App (HKLM\...\Edu App) (Version: 2015.05.24.012424 - Edu App) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-3805462314-2989857978-3840800272-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Ethan\AppData\Roaming\sursenel\ticyver.dll No File <==== ATTENTION
CMD: ipconfig /flushdns
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;

      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Attach the log in your next reply.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#7
Thank you so much, everything seems to be working now! I haven't tested Google Chrome yet because I have moved over to Firefox, but Steam is working great. no more errors or anything. I just hope it stays that way. If there is anything else you think I should do, then of course tell me.

Thanks!
~Ethan


Attached Files
.txt   Fixlog.txt (Size: 13.07 KB / Downloads: 4)

#8
Lets do a little clean up of our tools before you go.



Download and run Delfix and please select items as listed in image below.


[Image: uninstall-delfix.jpg]



Any problems in 48 hours please come back and we can take a look.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#9
Solved - Thread Closed
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.