Proxy setting help!!

G

Gaming Teen

New Member
I can't figure out why but when I on my dads computer no browser want to work expect the one in AOL. Now when i open the Chrome browser it tell me that it could not connect to the proxy, I don't know why it just says that.Its tell me how to fix it, but when i try to unchecked "Use a proxy server for your lan(These setting will not apply to dial-up or VPN connections)" and click apply. Its still dose not work. Then it tells me the same massage and I do the same thing to find out that the box I unchecked was check, I keep trying to unchecked and apply but it just revert back to being check. Need some help
 
Basically means you are infected. Start by doing the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
johnb35 said:
Basically means you are infected. Start by doing the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
Click to expand...

How Do I post it? Do i turn it into a download link?
 
1) Adwcleaner
http://www.mediafire.com/view/tfsbd8l98lylj0j/AdwCleaner[S0].txt

2)Junkware removal tool
http://www.mediafire.com/view/hnibik4sfodqhuw/JRT.txt

3) No log to download

4)OTL
http://www.mediafire.com/view/gpz6zbea28asz00/OTL.Txt

OTL logfile created on: 3/5/2015 8:26:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Esteban\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.95% Memory free
5.98 Gb Paging File | 4.69 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.57 Gb Total Space | 664.29 Gb Free Space | 95.09% Space Free | Partition Type: NTFS
Drive F: | 14.83 Gb Total Space | 11.55 Gb Free Space | 77.92% Space Free | Partition Type: FAT32

Computer Name: ESTEBAN-PC | User Name: Esteban | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Esteban\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Bitdefender)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Bitdefender)
PRC - C:\Program Files\AOL Desktop 9.7c\waol.exe (AOL Inc.)
PRC - C:\Program Files\AOL Desktop 9.7c\shellmon.exe (AOL Inc.)
PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\1355869888\ee\aolsoftware.exe (AOL Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll ()
MOD - C:\Program Files\AOL Desktop 9.7c\zlib.dll ()
MOD - C:\Program Files\AOL Desktop 9.7c\libcef.dll ()
MOD - C:\Program Files\AOL Desktop 9.7c\libGLESv2.dll ()
MOD - C:\Program Files\AOL Desktop 9.7c\libEGL.dll ()
MOD - C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll ()


========== Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe (Bitdefender)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe (Bitdefender)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe (Bitdefender)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL Inc.)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe (Bitdefender)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avchv) -- C:\Windows\System32\drivers\avchv.sys (BitDefender)
DRV - (BdfNdisf) -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (BDSandBox) -- C:\Windows\System32\drivers\bdsandbox.sys (BitDefender SRL)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys (BitDefender LLC)
DRV - (bdfwfpf_pc) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys (Bitdefender SRL)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (BDVEDISK) -- C:\Windows\System32\drivers\bdvedisk.sys (BitDefender)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (HtcVCom32) -- C:\Windows\System32\drivers\HtcVComV32.sys (QUALCOMM Incorporated)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49402;https=127.0.0.1:49402

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 AC FC 92 60 DD CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBB4515A-D789-4BD4-A25D-88213ADEF50A}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130101,17118,0,18,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Esteban\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff\ [2014/08/22 11:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014/08/22 11:18:39 | 000,000,000 | ---D | M]

CHR - Extension: No name found = C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.10_0\
CHR - Extension: No name found = C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih\18.21.4_0\
CHR - Extension: No name found = C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1355869888\ee\aolsoftware.exe (AOL Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7c\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Bitdefender)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5CFB83D-4674-45F5-B64D-C75316FE2D3F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{048b017b-eadb-11e2-b717-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{048b017b-eadb-11e2-b717-00038a000015}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{dfab587c-c2d0-11e4-a52b-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{dfab587c-c2d0-11e4-a52b-00038a000015}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/03/05 08:18:28 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/03/05 08:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/03/05 08:18:06 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/03/05 08:18:06 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/03/05 08:18:06 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/03/05 08:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/03/05 08:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2015/03/05 08:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2015/03/05 08:00:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/03/05 07:59:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Esteban\Desktop\OTL.exe
[2015/03/05 07:59:30 | 020,447,176 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Esteban\Desktop\mbam-setup.exe
[2015/03/05 07:59:28 | 001,388,333 | ---- | C] (Thisisu) -- C:\Users\Esteban\Desktop\JRT.exe
[2015/02/25 21:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2015/02/10 20:46:06 | 000,074,000 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\bdsandboxuiskin.dll
[2 C:\Users\Esteban\AppData\Local\*.tmp files -> C:\Users\Esteban\AppData\Local\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/03/05 12:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Esteban\Desktop\OTL.exe
[2015/03/05 12:56:06 | 020,447,176 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Esteban\Desktop\mbam-setup.exe
[2015/03/05 12:55:34 | 001,388,333 | ---- | M] (Thisisu) -- C:\Users\Esteban\Desktop\JRT.exe
[2015/03/05 12:54:56 | 002,126,848 | ---- | M] () -- C:\Users\Esteban\Desktop\AdwCleaner.exe
[2015/03/05 08:24:26 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/03/05 08:24:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cffea4fd3ae9c8.job
[2015/03/05 08:24:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d043b814927418.job
[2015/03/05 08:24:24 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/03/05 08:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/05 08:23:14 | 2407,747,584 | -HS- | M] () -- C:\hiberfil.sys
[2015/03/05 08:18:09 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/03/05 08:17:59 | 000,674,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/03/05 08:17:59 | 000,125,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/03/05 08:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/03/05 08:13:49 | 000,031,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/03/05 08:13:49 | 000,031,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/03/05 08:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d043b816414d2a.job
[2015/03/05 07:58:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cffea4feea26b9.job
[2015/03/04 20:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/03/03 21:34:02 | 000,048,225 | ---- | M] () -- C:\Users\Esteban\Documents\msg0008.wav
[2015/02/26 20:53:35 | 000,051,280 | ---- | M] () -- C:\Users\Esteban\Documents\msg0001.wav
[2015/02/24 21:01:41 | 000,036,330 | ---- | M] () -- C:\Users\Esteban\Documents\msg0021.wav
[2015/02/20 16:12:54 | 000,004,155 | ---- | M] () -- C:\Users\Esteban\Documents\msg0002.wav
[2015/02/20 13:01:28 | 000,052,060 | ---- | M] () -- C:\Users\Esteban\Documents\msg0013.wav
[2015/02/19 19:51:49 | 000,000,385 | ---- | M] () -- C:\Users\Esteban\Documents\msg0014.wav
[2015/02/19 19:50:15 | 000,084,885 | ---- | M] () -- C:\Users\Esteban\Documents\msg0015.wav
[2015/02/19 19:49:39 | 000,042,570 | ---- | M] () -- C:\Users\Esteban\Documents\msg0016.wav
[2015/02/19 18:15:14 | 000,063,630 | ---- | M] () -- C:\Users\Esteban\Documents\msg0017.wav
[2015/02/19 15:04:56 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/16 16:51:39 | 000,056,610 | ---- | M] () -- C:\Users\Esteban\Documents\msg0012.wav
[2015/02/16 16:49:55 | 000,095,415 | ---- | M] () -- C:\Users\Esteban\Documents\msg0004.wav
[2015/02/16 16:46:04 | 000,037,240 | ---- | M] () -- C:\Users\Esteban\Documents\msg0007.wav
[2015/02/16 16:40:04 | 000,096,000 | ---- | M] () -- C:\Users\Esteban\Documents\msg0003.wav
[2015/02/12 20:07:19 | 296,274,898 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/02/12 20:04:40 | 000,267,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/10 20:46:06 | 000,074,000 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\bdsandboxuiskin.dll
[2015/02/10 20:45:59 | 001,083,448 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2015/02/10 20:45:55 | 000,243,456 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2015/02/10 20:45:51 | 000,026,624 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\bdsandboxuh.dll
[2015/02/10 20:45:48 | 000,066,832 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2015/02/10 20:45:47 | 000,548,336 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2 C:\Users\Esteban\AppData\Local\*.tmp files -> C:\Users\Esteban\AppData\Local\*.tmp -> ]
[11 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/03/05 08:18:09 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/03/05 07:59:27 | 002,126,848 | ---- | C] () -- C:\Users\Esteban\Desktop\AdwCleaner.exe
[2015/02/19 19:51:49 | 000,000,385 | ---- | C] () -- C:\Users\Esteban\Documents\msg0014.wav
[2015/02/19 19:49:38 | 000,042,570 | ---- | C] () -- C:\Users\Esteban\Documents\msg0016.wav
[2015/02/16 16:51:39 | 000,056,610 | ---- | C] () -- C:\Users\Esteban\Documents\msg0012.wav
[2015/02/08 10:58:32 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1d043b816414d2a.job
[2015/02/08 10:58:29 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1d043b814927418.job
[2015/01/26 19:09:55 | 000,018,872 | ---- | C] () -- C:\Windows\System32\drivers\SPPD.sys
[2015/01/01 21:33:23 | 000,000,069 | ---- | C] () -- C:\Users\Esteban\AppData\Roaming\WB.CFG
[2014/12/31 10:30:22 | 000,000,049 | ---- | C] () -- C:\Windows\TaxACT14.ini
[2014/11/14 10:27:09 | 000,000,004 | ---- | C] () -- C:\Users\Esteban\AppData\Roaming\appdataFr2.bin
[2014/09/17 15:51:41 | 000,578,570 | ---- | C] () -- C:\ProgramData\1410986591.bdinstall.bin
[2014/02/09 17:10:57 | 000,000,046 | ---- | C] () -- C:\Windows\TaxACT13.ini
[2012/12/18 15:56:14 | 000,000,576 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/18 15:54:08 | 000,000,036 | ---- | C] () -- C:\Users\Esteban\AppData\Local\housecall.guid.cache

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/11/12 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\AdvancedSystemProtector
[2014/09/17 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\Bitdefender
[2014/11/12 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\Compete
[2014/05/03 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\mjusbsp
[2014/06/03 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\Oracle
[2014/09/17 15:43:10 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\QuickScan
[2012/12/26 13:24:33 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\Unity
[2014/11/14 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Esteban\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



< End of report >
 
Last edited by a moderator:
Very much infected it was. I still need to see malwarebytes log. I will post how to retrieve it when I get home from work. Will look at the otl log at that time as well. See if you can change the proxy ssetting now.
 
The MalwareBytes log can be found by opening MalwareBytes, going to the History page, then choose Application Logs and look for the scan log.
 
There should be a button that says export to text file at the bottom left when you get to the application log.

Then just copy.and paste back here.
 
johnb35 said:
There should be a button that says export to text file at the bottom left when you get to the application log.

Then just copy.and paste back here.
Click to expand...

Here you go http://www.mediafire.com/view/g372tbbwvgcsw0g/Malware%5B1%5D.txt

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/5/2015
Scan Time: 8:19:00 AM
Logfile: Malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.05.02
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Esteban

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 264373
Time Elapsed: 2 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.Agent, C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe, 212, Delete-on-Reboot, [61850e330387a1952bcb4ebeaf54fa06]

Modules: 0
(No malicious items detected)

Registry Keys: 43
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YouTubeDownload_P2, Quarantined, [61850e330387a1952bcb4ebeaf54fa06],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\Cinema Video Pro 1.6V12.11, Quarantined, [1ccacf722367c07665ed4570739020e0],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\Cinema Video Pro 1.6V12.11-nv, Quarantined, [29bd7ac791f9e74fdf7300b53cc7b14f],
PUP.Optional.LyricsParty.A, HKLM\SOFTWARE\LyricsParty-16, Quarantined, [34b20f3267230432614f56b762a3af51],
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\PlumoWeb, Quarantined, [6a7c043dc3c7c076ec532e9150b3af51],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [e8fee75a8901b77f8506e908966db947],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [cb1bb38efb8fa1953952ae438e75db25],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [92547ec3fa90191d7e0d39b807fc57a9],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [9b4bde63345659ddeaa12dc4ed16ad53],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [17cfca77137736004c3fbb36ba49cf31],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [d511a49d7f0b41f5ee9db63b41c2f808],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [19cdf34e5d2ddc5a711a5998f80ba060],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [cf176ad71d6d49ed58330be636cd02fe],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [9d49da676426a195513a1ad7b54ec33d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [5c8a0e333456ce6866252bc6f60dbc44],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [b432053c7e0c6cca305be9088b78619f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [a44268d91575c274e5a6a74afb0825db],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [12d430112d5d3501afdc2bc60003eb15],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [34b254ed494184b2bdce37ba1de6a759],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [cd1957ea95f588aeb9d20fe2a45ffd03],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [0cda42ff4a40a2944249a9486a998b75],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [9551bd848703e4520487bc35ec17ab55],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [0dd9db66f694092db8d3935ee41fb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [6284d26f3753a98d424971800df6f50b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [06e086bbd5b581b5f8934fa2ba49926e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [85618ab782088babd3b841b0c53ed12f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [91557dc4e7a3a0962d5e15dc54af28d8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [29bd65dcadddfe380586e50c976cf30d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [09dd89b8fb8fa1954f3ceb069e6510f0],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [6d79380965251521068844e5e61ff808],
PUP.Optional.OfferBoulevard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\OfferBoulevard.exe, Quarantined, [06e0b38e464487af6e8c2894f70c8977],
PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlumoWeb, Quarantined, [6482c77a2c5e63d3bb868c3324dfa55b],
PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util PlumoWeb, Quarantined, [d6103e03d7b391a5cd754778b152eb15],
PUP.Optional.DonutLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\donutleadsServiceCore, Quarantined, [f6f0f64bdab0e650094e604f1ce723dd],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, Quarantined, [6d79400141498fa776b03c76b05311ef],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema Video Pro 1.6V12.11, Quarantined, [46a09da4cebc280e9bb9f8bdfd06629e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [86609ea3cbbf280ef7f5c131f70ca858],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [c91df0512d5dc96dbaffc6df0cf75da3],
PUP.Optional.PlumoWeb.A, HKU\S-1-5-21-2108881583-117912961-3019965817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PlumoWeb, Quarantined, [faec98a95f2b77bf4000ffc0da2941bf],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2108881583-117912961-3019965817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Cinema Video Pro 1.6V12.11, Quarantined, [45a1eb569cee0f2783d1af060102dd23],
PUP.Optional.WeCare, HKU\S-1-5-21-2108881583-117912961-3019965817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [9a4c0a378dfd2d09c632d4f2f80b7090],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2108881583-117912961-3019965817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, Quarantined, [af374ff2a1e9a59141cab32950b3b44c],
PUP.Optional.LyricsParty.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\LyricsParty-16, Quarantined, [22c4340d9cee48ee08b301656c977e82],

Registry Values: 1
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-2108881583-117912961-3019965817-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ConsumerInput@Compete, C:\Program Files\Consumer Input\Firefox\ciff-3.2.0-12099.xpi, Quarantined, [7a6c68d915751e185c0c2790877c54ac]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect, Quarantined, [b1354af7b1d960d635beafcbd82b6b95],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, Quarantined, [b1354af7b1d960d635beafcbd82b6b95],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [b1354af7b1d960d635beafcbd82b6b95],
PUP.Optional.Extutil.A, C:\Users\Esteban\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [5492b58cbccee254927ad3aa8f74a25e],
PUP.Optional.Managera.A, C:\Users\Esteban\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [46a03a07ee9c1b1b2be22558c63d1be5],
PUP.Optional.FreeSoftToday.A, C:\Windows\System32\config\systemprofile\AppData\Local\fst_us_291, Quarantined, [5294c37efe8ce94d0329f38b23e006fa],

Files: 20
Trojan.Agent, C:\Program Files\YouTube Downloader Services\P2\youtubeserv.exe, Delete-on-Reboot, [61850e330387a1952bcb4ebeaf54fa06],
PUP.Optional.SelectNGo.A, C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [82648db40189fe385cf305a321e20df3],
PUP.Optional.SelectNGo.A, C:\Users\Esteban\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [a93d78c94347da5cc58ad3d5a360d030],
PUP.Optional.DonutQuotes, C:\Windows\System32\Tasks\DonutQuotes, Quarantined, [be2842ffcebcaa8c7e594c66a75cdc24],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\44176.crx, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\background.html, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\Installer.log, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\LyricsParty-16-bg.exe, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\LyricsParty-16-buttonutil.dll, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\LyricsParty-16-helper.exe, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\LyricsParty-16.ico, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\Uninstall.exe, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.LyricsParty.A, C:\Program Files\LyricsParty-16\utils.exe, Quarantined, [22c4340d9cee48ee08b301656c977e82],
PUP.Optional.SearchProtect.A, C:\Windows\System32\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [b1354af7b1d960d635beafcbd82b6b95],
PUP.Optional.Extutil.A, C:\Users\Esteban\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [5492b58cbccee254927ad3aa8f74a25e],
PUP.Optional.Extutil.A, C:\Users\Esteban\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [5492b58cbccee254927ad3aa8f74a25e],
PUP.Optional.Extutil.A, C:\Users\Esteban\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [5492b58cbccee254927ad3aa8f74a25e],
PUP.Optional.Managera.A, C:\Users\Esteban\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [46a03a07ee9c1b1b2be22558c63d1be5],
PUP.Optional.Managera.A, C:\Users\Esteban\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [46a03a07ee9c1b1b2be22558c63d1be5],
PUP.Optional.FreeSoftToday.A, C:\Windows\System32\config\systemprofile\AppData\Local\fst_us_291\upfst_us_291.cyl, Quarantined, [5294c37efe8ce94d0329f38b23e006fa],

Physical Sectors: 0
(No malicious items detected)


(end)
 
Last edited by a moderator:
Ok. I'm going to be looking at your logs now but in the meantime. Please run the following since you still can't change the proxy setting.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
The ComboFix log

Please do not upload it media fire. Just copy and paste the log in your reply so its easier to read. Thanks. I'm gonna put all your other logs in your post so its easier to see them.
 
ComboFix 15-03-01.01 - Esteban 03/05/2015 15:50:49.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2263 [GMT -5:00]
Running from: c:\users\Esteban\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LIL4931.tmp
C:\LIL49EC.tmp
C:\LIL49FC.tmp
C:\LIL4A4A.tmp
C:\LIL4CF8.tmp
C:\LIL4DC3.tmp
C:\LIL4E01.tmp
C:\LIL4F87.tmp
C:\LIL4F97.tmp
C:\LIL5004.tmp
C:\LIL50BF.tmp
c:\programdata\1410986591.bdinstall.bin
c:\users\Esteban\AppData\Local\nse7563.tmp
c:\users\Esteban\AppData\Local\nsnE0E1.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\373d78f2095518b9.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\936bcd85bcc52d64.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\b8707bad072b1757.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\c79ed52e5e5f01fb.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e2d4467d996ad595.fb
c:\windows\system32\Cache\e54548aeeacc3625.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\fe2daee71a717c57.fb
.
.
((((((((((((((((((((((((( Files Created from 2015-02-05 to 2015-03-05 )))))))))))))))))))))))))))))))
.
.
2015-03-05 13:18 . 2015-03-05 20:58 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-05 13:18 . 2015-03-05 13:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-05 13:18 . 2014-11-21 11:23 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-05 13:18 . 2014-11-21 11:23 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-05 13:18 . 2014-11-21 11:23 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-05 13:16 . 2015-03-05 13:16 -------- d-----w- c:\program files\HTC
2015-03-05 13:15 . 2015-03-05 13:15 -------- d-----w- c:\programdata\HTC
2015-03-05 13:00 . 2015-03-05 13:04 -------- d-----w- C:\AdwCleaner
2015-02-26 02:54 . 2015-02-26 02:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\bdch
2015-02-26 02:53 . 2015-02-26 02:53 -------- d-----w- c:\programdata\bdch
2015-02-22 21:13 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-02-22 21:13 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-02-22 21:13 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-02-13 01:17 . 2015-01-23 03:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 01:17 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 01:16 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-13 01:16 . 2015-02-04 02:54 482304 ----a-w- c:\windows\system32\generaltel.dll
2015-02-13 01:16 . 2015-02-04 02:53 767488 ----a-w- c:\windows\system32\appraiser.dll
2015-02-13 01:16 . 2015-02-04 02:53 621056 ----a-w- c:\windows\system32\invagent.dll
2015-02-13 01:16 . 2015-02-04 02:53 325632 ----a-w- c:\windows\system32\devinv.dll
2015-02-13 01:16 . 2015-02-04 02:49 886784 ----a-w- c:\windows\system32\aeinv.dll
2015-02-13 01:16 . 2015-01-27 23:36 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-02-13 01:16 . 2015-02-04 02:53 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-02-13 01:16 . 2015-02-04 02:53 159744 ----a-w- c:\windows\system32\aepic.dll
2015-02-13 01:16 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-13 01:16 . 2014-07-07 01:40 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-13 01:16 . 2014-07-07 01:40 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-13 00:49 . 2014-12-11 17:47 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-02-13 00:49 . 2014-12-19 02:43 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-02-13 00:49 . 2014-12-19 01:34 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-02-13 00:49 . 2014-12-06 03:50 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-02-13 00:49 . 2015-01-09 01:45 2380288 ----a-w- c:\windows\system32\win32k.sys
2015-02-13 00:46 . 2014-12-08 02:46 308224 ----a-w- c:\windows\system32\scesrv.dll
2015-02-13 00:46 . 2015-01-13 02:49 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 01:46 . 2015-02-11 01:46 74000 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-11 01:45 . 2014-09-17 20:49 1083448 ----a-w- c:\windows\system32\drivers\avc3.sys
2015-02-11 01:45 . 2014-09-17 20:49 243456 ----a-w- c:\windows\system32\drivers\avchv.sys
2015-02-11 01:45 . 2014-09-17 20:50 26624 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-11 01:45 . 2014-12-17 23:04 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2015-02-11 01:45 . 2014-09-17 20:49 548336 ----a-w- c:\windows\system32\drivers\avckf.sys
2015-02-05 00:37 . 2012-12-30 00:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 00:37 . 2012-12-30 00:09 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-27 00:09 . 2015-01-27 00:09 18872 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-12-17 23:03 . 2014-09-17 20:43 169992 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-12-07 22:20 . 2014-11-14 15:27 4 ----a-w- c:\users\Esteban\AppData\Roaming\appdataFr2.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-07-04 21:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-07-04 21:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-07-04 21:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-07-04 21:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-11 671400]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7c\AOL.EXE" [2014-08-19 72296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-02-11 1861032]
"HostManager"="c:\program files\Common Files\AOL\1355869888\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2015-02-11 548336]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2014-12-17 69880]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2015-02-11 66832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 23040]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-20 1343400]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2015-02-11 1083448]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2014-12-17 169992]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-11 42784]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2015-02-11 77632]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 93648]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 72704]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2013-07-08 81704]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-11-12 54424]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2015-02-11 243456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-05 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-19 20:04 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 00:37]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cffea4fd3ae9c8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043b814927418.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cffea4feea26b9.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d043b816414d2a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-18 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AOL Toolbar - c:\program files\AOL Toolbar\uninstall.exe
AddRemove-donutleads - c:\program files\donutleads\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2015\vsserv.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AOL Desktop 9.7c\waol.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.7c\shellmon.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2015-03-05 16:03:01 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-05 21:03
.
Pre-Run: 713,188,102,144 bytes free
Post-Run: 713,220,313,088 bytes free
.
- - End Of File - - A259D90E610B6A20E9957B215EA771D4
2B04374FE0FC03CCB75040264CDC39BE
 
Sorry, I had to run out for awhile. Please rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and click on the run fix button up top.

Code: 
:OTL
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:49402;https=127.0.0.1:49402
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:COMMANDS
[EMPTYTEMP]
[REBOOT]

After the system reboots please try removing the proxy server setting.  All you need to do is uncheck the proxy server box and click on ok.  If you still can't change it let me know.
 
johnb35 said:
Sorry, I had to run out for awhile. Please rerun OTL but this time copy and paste the following into the custom scans/fixes box at the bottom and click on the run fix button up top.

Code: 
:OTL
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = http=127.0.0.1:49402;https=127.0.0.1:49402
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:COMMANDS
[EMPTYTEMP]
[REBOOT]

After the system reboots please try removing the proxy server setting.  All you need to do is uncheck the proxy server box and click on ok.  If you still can't change it let me know.
Click to expand...

Is it suppose to not responds when its happening?
 
You mean when running the fix it freezes up? It shouldn't no. You can try in safe mode.
 
even in safe mode it freeze at "IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1" I don't know why but it does
 
Last edited:
Ok, lets do this then.

Please Download Tweaking.com - Windows Repair from here

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Install the program and open it.

Click on the start repairs tab and and click on start at the bottom.

Uncheck all boxes except for

Repair Proxy Settings
Repair Winsock & DNS Cache

Click on start on the right. Reboot after its completed and let me know if you can access the internet/change proxy setting. It should be fixed hopefully.

 
I would be more than happy to connect to that pc remotely if possible. You would have to install a program called teamviewer and would need to give me the Id number and password it gives you. You can try resetting IE and see if that helps. Go into control panel, internet options and go to the advanced tab and click on both reset buttons at the bottom and see what happens.
 
You must log in or register to reply here.
Back
Top