Jump to content

Proxy server error due Virus


Toger

Recommended Posts

I had accidentally installed some unwanted programs while downloading and caught some virus. i was able to get rid of all of them using Malwarebytes along with Hitman and  Malwarebyte, but I am still stuck with this dang proxy server which i cannot remove! I have already tried resetting my browser settings to default, manually turning off proxy servers in my network settings, and removing privoxy (which might have been attached to my utorrent download which i have gotten rid of as well). . please help! i have been reading many forum posts over the internet along with the support forums here on the site and still haven't found a cure! HitmanPro says it repairs the proxy problem but it keeps reoccuring and MBAM isn't detecting the problem possibly?

 

Please help me!

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

MalewareBytes Log

 

 
Scan Date: 9/23/2014
Scan Time: 2:16:30 AM
Logfile: malware log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.23.02
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andrew
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314192
Time Elapsed: 10 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.OutBrowse, C:\Users\Andrew\Downloads\Skype.exe, Quarantined, [808e0ee3b2c91a1ca19f8e350ff24db3], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Working on trying to transfer Rouge Killer log from my dieased computer on to site.

Addition.txt

FRST.txt

Link to post
Share on other sites

Rouge Killer log

RogueKiller V9.2.12.0 (x64) [sep 23 2014] by Adlice Software





 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : Andrew [Admin rights]

Mode : Scan -- Date : 09/25/2014  05:49:24

 

¤¤¤ Bad processes : 1 ¤¤¤

[suspicious.Path] FRST64.exe -- C:\Users\Andrew\Desktop\FRST64.exe[-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 12 ¤¤¤

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> FOUND

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.10.8.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.10.8.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3086CDD0-EF7C-459A-B86B-DB45AAC35858} | DhcpNameServer : 10.10.8.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3086CDD0-EF7C-459A-B86B-DB45AAC35858} | DhcpNameServer : 10.10.8.1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] 2fcceb8386be3a1c6a351bad777dd455

[bSP] 07ff70eed4a6a23ed0acddb9550ff3ef : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Not much showing.......

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800 -> FOUND
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800 -> FOUND


Now click Delete on the right hand column under Options

 

=====================================

 

Download and run rkill (post the log):

 

Let me know, MrC

Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)


Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:


 

Program started at: 09/25/2014 05:37:29 PM in x64 mode.

Windows Version: Windows 8.1 

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

Checking Windows Service Integrity: 

 

 * MsKeyboardFilter [Missing Service]

 * CSC [Missing Service]

 * E1G60 [Missing Service]

 * HdAudAddService [Missing Service]

 * kbldfltr [Missing Service]

 * storvsp [Missing Service]

 * Vid [Missing Service]

 * vmbusr [Missing Service]

 * vpcivsp [Missing Service]

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * No issues found.

 

Program finished at: 09/25/2014 05:38:40 PM

Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014

Ran by Andrew at 2014-09-28 17:20:37 Run:1

Running from C:\Users\Andrew\Documents\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" 

REG: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 

REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" 

REG: reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" 

REG: reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s

*****************

 

 

========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

    CodeBaseSearchPath    REG_SZ    CODEBASE

    EnablePunycode    REG_DWORD    0x1

    WarnOnIntranet    REG_DWORD    0x1

    MinorVersion    REG_SZ    0

    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files

    ProxyOverride    REG_SZ    <-loopback>

    MigrateProxy    REG_DWORD    0x1

    ProxyEnable    REG_DWORD    0x1

    ProxyServer    REG_SZ    http=127.0.0.1:8800;https=127.0.0.1:8800

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

 

 

========= End of Reg: =========

 

 

========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000

    DefaultConnectionSettings    REG_BINARY    46000000BD0000000B00000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

    SavedLegacySettings    REG_BINARY    460000009B0100000B00000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

 

 

 

========= End of Reg: =========

 

 

========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings

    CodeBaseSearchPath    REG_SZ    CODEBASE

    WarnOnIntranet    REG_DWORD    0x1

    EnablePunycode    REG_DWORD    0x1

    MinorVersion    REG_SZ    0

    ActiveXCache    REG_SZ    C:\Windows\Downloaded Program Files

    MigrateProxy    REG_DWORD    0x1

    ProxyEnable    REG_DWORD    0x1

    ProxyOverride    REG_SZ    <-loopback>

    ProxyServer    REG_SZ    http=127.0.0.1:8800;https=127.0.0.1:8800

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

 

 

========= End of Reg: =========

 

 

========= reg query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

    WinHttpSettings    REG_BINARY    1800000000000000010000000000000000000000

    DefaultConnectionSettings    REG_BINARY    46000000BD0000000B00000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

    SavedLegacySettings    REG_BINARY    460000009B0100000B00000028000000687474703D3132372E302E302E313A383830303B68747470733D3132372E302E302E313A383830300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

 

 

 

========= End of Reg: =========

 

 

========= reg query "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters" /s =========

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters

    ServiceDllUnloadOnStop    REG_DWORD    0x1

    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\System32\nlasvc.dll

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Cache

    KnownProxylessGatewaysV4    REG_BINARY    06003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500032003100364E020006003048D6D87D20004C006500650020004C006F006400670069006E006700200041005000330033003A4E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500033003400394E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500035003300364E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500035003400474E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500035003800394E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500035003900364E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500038003300444E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500039003700354E02000600907F256619400043005000370037003600310037002D0046006F00720074005F004C00650065005F0048006F00740065006C005F0043006100660065005F0056006900730069003A4E0200

    OpportunisticInternetGatewaysV4    REG_BINARY    06003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500033003400484E020006003048D6D87D20004C006500650020004C006F006400670069006E00670020004100500035003400484E0200

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet

    ActiveWebProbePathV6    REG_SZ    ncsi.txt

    ActiveWebProbePath    REG_SZ    ncsi.txt

    ActiveDnsProbeHost    REG_SZ    dns.msftncsi.com

    EnableActiveProbing    REG_DWORD    0x1

    PassivePollPeriod    REG_DWORD    0xf

    ActiveWebProbeContentV6    REG_SZ    Microsoft NCSI

    ActiveDnsProbeContentV6    REG_SZ    fd3e:4f5a:5b81::1

    ActiveWebProbeContent    REG_SZ    Microsoft NCSI

    ActiveDnsProbeContent    REG_SZ    131.107.255.255

    ActiveWebProbeHost    REG_SZ    www.msftncsi.com

    StaleThreshold    REG_DWORD    0x1e

    ActiveWebProbeHostV6    REG_SZ    ipv6.msftncsi.com

    WebTimeout    REG_DWORD    0x23

    ActiveDnsProbeHostV6    REG_SZ    dns.msftncsi.com

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies

    (Default)    REG_SZ    1http=127.0.0.1:8800;https=127.0.0.1:8800

 

 

 

========= End of Reg: =========

 

 

==== End of Fixlog ====

Link to post
Share on other sites

Please create new system restore point before you continue!!

==================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
Your computer will automatically reboot
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know.....MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014

Ran by Andrew at 2014-09-28 18:19:01 Run:2

Running from C:\Users\Andrew\Documents\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

REG: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

REG: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f

REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f

REG: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f

REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f

REG: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f

REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f

Reboot:

*****************

 

 

========= reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

 

ERROR: The system was unable to find the specified registry key or value.

 

 

========= End of Reg: =========

 

 

========= reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========

 

ERROR: The system was unable to find the specified registry key or value.

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg delete "HKLM\SYSTEM\CurrentControlSet\services\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========

 

ERROR: The system was unable to find the specified registry key or value.

 

 

========= End of Reg: =========

 

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

Good! and Yes I do.

If there's no other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.87  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Panda Cloud Antivirus   

Windows Defender        

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Google Chrome 37.0.2062.120  

 Google Chrome 37.0.2062.124  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Panda Security Panda Cloud Antivirus PSANHost.exe  

 Panda Security Panda Cloud Antivirus PSUAService.exe  

 Panda Security Panda Cloud Antivirus PSUAMain.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That looks Good!

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.