Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't change proxy settings (8.1), new processes in Task Manager

  • This topic is locked This topic is locked
3 replies to this topic

#1 Windumb


  • Members
  • 4 posts
  • Local time:01:47 PM

Posted 30 October 2014 - 07:04 PM

Hello everyone, I am running Windows 8.1 and have run into a problem. I recently upgraded to Windows 8.1 after having had Windows 7 for quite a few years (about 2-3). Once I did, I made sure Avast would be the first thing I'd install.

For whatever reason after a while I'd get a lot of ads and random objects, and it turned out to be adware. I removed pretty much all of it through the Add/Remove Programs window, the adware items being Pastaleads, Snap.do, KNCTR, Stormwatch, and Idle Crawler, along with something involving remote PC control. This was odd. After I removed those things, I restarted my computer. When it rebooted something else, an iconless item called "Protector" (don't quote me on this, I legitimately can't remember the name but it's something along the lines of "Protector" I know that) was in the Uninstall Applications list. Attempting to uninstall it gave me an error of some sort, but after scanning my PC with both Avast and Malwarebytes, it went away.

I booted up Firefox, went to a page, and it told me something about my proxy settings being incorrect. I had never set a proxy. I turned the proxy settings off and Firefox functioned like normal. I checked out Internet Explorer and realized it had the same problem, only turning proxy mode off would not work. It'd toggle but when I left the menu it'd revert back to a manual proxy. Turns out this was also the reason I couldn't visit the Microsoft Store from Metro, as there were supposedly remaining viruses on the computer that forced a manual proxy on the Windows 8 internal proxy settings as well. The IP in both the IE proxy settings and the Windows 8.1 options is Now I can't change these proxy settings and there's odd applications I've never seen before in my Task Manager's background processes. A quick Google search shows that these applications are part of the Windows system, but I'm led to believe they're Trojans due to their sudden appearance.

Interestingly, clicking "Open File Location" on all of the questionable applications takes me to their files in System32.

Questionable items I see in Task Manager (some of these might just be legitimate objects I didn't notice till now, forgive me):

- persistence Module (no icon)

- Runtime Broker (no icon)

- Sink to receive asynchronous callbacks for WMI client application (no icon)

- Spooler SubSystemApp

- Store Broker (no icon)

- WMI Provider Host

Also, two copies of something called COM Surrogate appear for a few seconds when I open the Task Manager, then go away.

What I've tried to do:
- Full scan with Avast (Found nothing)

- Full scan with Malwarebytes (Found 21 threats, deleted them)

- Use Rkill, then scan with both of them again (Found more stuff, deleted)

- Boot-time scan with Avast (Found a lot of stuff, deleted that)

- Use Adwcleaner (found nothing)

- Scan with Microsoft Safety Scanner (took about 25 hours, found 15 threats, partially deleted 4)


- Ran Kaspersy TDSSKiller (found nothing)


- Ran McAfee's Rootkit Remover (found nothing)


- Restarted my computer each time I did one or more of these things


- Deleted suspicuous files and installations from the registry through Malwarebytes


- Uninstalled "SmartOnes" addon from IE and Firefox through deleting the registry files for it

I've cleared things with my antivirus and uninstalled everything malicious, yet there's still viruses in there somewhere and I'm still unable to turn the proxy off in IE and Win8.1. This is really bugging me, help is most appreciated!

Edited by Windumb, 30 October 2014 - 07:55 PM.

BC AdBot (Login to Remove)



#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 72,214 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:47 PM

Posted 01 November 2014 - 09:50 PM

Hello this loos like a possible Poweliks infection.

Can you do this...as Win 8.1 will not run our DDS tool.

Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.This tool needs to run while the computer is connected to the Internet. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

Please state in New topic that you run WIN8.1 and you cannot run DDS.

Also include this link back to this topic.


Let me know if that went well.

Edited by boopme, 01 November 2014 - 09:52 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Windumb

  • Topic Starter

  • Members
  • 4 posts
  • Local time:01:47 PM

Posted 02 November 2014 - 10:27 AM

Went great, posted a topic with the log in it.

#4 boopme


    To Insanity and Beyond

  • Global Moderator
  • 72,214 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:47 PM

Posted 02 November 2014 - 08:12 PM

Thank you.....

New topic

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users