[Wering1974]

Problem started after I tried installing an old version of an Adobe program. It came with an emulator (amtemu.v0.9.2-painter.exe). Before running the program, I searched for feedback online and it was apparently safe to run. MBAM did not flag the file but Sophos did as a PUA (and blocks it from running).

The problem started with Sandboxie. I couldn't clear my cache normally and had to delete on Safe Mode. I assumed rhe program was corrupted so I uninstalled it. Next was Friefox. It won't connect to the Internet at all then started crashing. Then it won't run again as there was a previous instance in the background. Task Manager shows at least 5 to 6 running and I am unable to end 1 or 2 of them.

Ran a full AV/malware scan with zero results.

I am able to access the Internet (and post this) using Firefox on Safe Mode but cannot download a fresh installer; the website says the download was interrupted. I managed to, though, using IE.

Please advise. Thank you in advance.

 

[Gary R]

• If you have a 32 bit system Download FRST to your Desktop.
• If you have a 64 bit system Download FRST64 to your Desktop.
• If you don't know whether your system is 32 bit or 64 bit, download both. Only one will run on your machine. That's the one to use.
• Double click Frst.exe to launch it.
• FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.

 

[Wering1974]

Thank you Gary. Attached are the files as requested. I also just completed a scan using ESET and it came back as clean. Do you need the log?

 

[Gary R]

No, if your e-set scan had found something then I'd have wanted to see it, but a clean log doesn't really tell me much other than the scan didn't find anything.

Looking over your FRST logs now. This may take some time, dependent on how many entries I don't recognise, and have to research. Back as soon as I've finished.

 

[Gary R]

Just noticed that your scan was run when booted into Safeboot with Networking.

Please boot your computer into "Normal" Mode, and run the scan again please. I need to see what's running when your computer can't connect, and in Safe Mode the entries that may be causing the problem probably won't be present.

As you can't connect when booted up normally, then save the new FRST.txt and Addition.txt files somewhere where you can find them, then boot into Safeboot with Networking, and then post me the new log files.

 

[Wering1974]

Thank you Gary. Here are the new logs as requested.

 

[Gary R]

Looking them over now, back as soon as I'm finished.

 

[Gary R]

Tcpip\..\Interfaces\{40dd4a84-30ea-4f92-96bf-07c8f4aa181f}: [DhcpNameServer] 114.108.193.201 114.108.195.1 ..... Sky
Tcpip\..\Interfaces\{79e1003b-1d35-4786-bcd9-c2a0c798d367}: [DhcpNameServer] 192.168.1.1 .... gateway address
Tcpip\..\Interfaces\{f425698d-d297-4402-83b3-4fd6eb95b806}: [NameServer] 10.249.96.141,10.249.96.142 .... private network
Tcpip\..\Interfaces\{f425698d-d297-4402-83b3-4fd6eb95b806}: [DhcpNameServer] 172.28.2.204 172.28.2.201 .... private network

Question .... the entries shown above show that your computer connects to a couple of private networks, such as are frequently found on machines used to connect remotely to some business enterprise.

There are also entries in your Hosts file that would further reinforce this supposition.

Do you use this computer in any way for business purposes ?

 

[Wering1974]

Thank you Gary.

Yes, I use it for work and sometimes connect to the office’s network. I also use two different providers. Never was a problem before though. May I ask what happened?

All I did was to force delete Sandboxie files as I couldn’t clear its cache.

 

[Gary R]

The trouble I have with a computer that's used for business purposes, is that it's hard for me to tell which modifications have been made to enable it to connect to the business network, and which might be caused by other things, so for that and other reasons, I generally don't like to work on business machines, because it's too easy for me to cause unintentional damage.

I can't see anything in your logs that suggests that your problems are being caused by malware.

I also don't see any sign of Sandboxie in your uninstall list ........ have you uninstalled it, or was it part of your Sophos Anti-Virus suite ?

 

[Wering1974]

I uninstalled it Safe Mode using Revo. And no, not part of the suite, it’s just part of my personal toolkit.

How can I help you with this? Is there a list I can go through to check if I need it for work?

Do you have an idea as to what’s causing the problem?

(Also, Firefox keeps crashing. Not sure if that’s an indicator.)

 

[Gary R]

Which version of Sophos are you using ?

I ask this, because I'd like you to temporarily disable it, and enable Windows Defender, and then see if you can connect when booted into normal mode, and I need to know which version so I can supply you with appropriate instructions for how to do that.

What I'm trying to do, is to eliminate the most likely causes of a connection failure, and since an AV is tightly "intertwined" with the connection process, then it's a reasonable place to start.

 

[Wering1974]

I was running 2.10.8.

But the symptoms worsened and I opted to reset. Thank you so much for the assist, Gary, and apologies for the trouble.

Edit: Can you kindly recommend an alternative to Sandboxie? The problem started with it so as useful as it may be, it may be better to avoid it.

 

[Gary R]

You're welcome.

A Reset now and again has a number of benefits for your machine.

As far as replacements for Sandboxie go, have a look in this discussion at Bleeping Computer .... sandboxie -- new recommedations for free alternative - Anti-Virus, Anti-Malware, and Privacy Software .... which should give you a few ideas.

Post number 26 says there's now an installer available for the Open Source version of Sandboxie (5.45) ... https://github.com/sandboxie-plus/Sandboxie/releases/tag/v0.5.0

Not tried it myself yet, so can't make a personal recommendation at this time.

 

[Wering1974]

Thank you again Gary!

 

[Gary R]

Any time.