BleepingComputer.com: Firefox settings keep setting to manual proxy 127.0.0.1 and Spybot finds AVSecurity daily. All rec'd files included and attached.

OTL hung again. Manually rebooted. Here is the log:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 343 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 14233749 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09102011_203731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Which AV do you recommend? Spybot?

Personally I use Microsoft Security essentials,

It's excellent and free

http://www.microsoft.com/download/en/details.aspx?id=5201

Avira AntiVir and Avast are two other excellent free Antivirus products.

I don't know enough about Spybot to comment, but if you like it - use it.

This post has been edited by CatByte: 10 September 2011 - 09:54 PM

MBAM re installed and nothing found per log here:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7692

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2011 9:56:13 PM
mbam-log-2011-09-10 (21-56-13).txt

Scan type: Quick scan
Objects scanned: 179403
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Re-installing FF now

I'm keeping my fingers crossed

just rebooted with no proxy error. Hoping tomorrow brings no AVSecurity suite... Thanks VERY much! Email me and I will send you a proper care package to your mailing address. I do a lot of high quality craft, printing, and t-shirt work. ceedig303 / gmail.

That's good news

Let me know tomorrow if we have finally licked this thing,

I'm sure it was one of the security programs that was stopping the fix, as this usually isn't this hard to fix.

If everything is OK, then we have a clean up routine for the tools to perform

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.