Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LAN Settings http://127.0.0.1:8080/proxy.pac


  • This topic is locked This topic is locked
22 replies to this topic

#1 elkynder83

elkynder83

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 07 October 2015 - 01:18 AM

Hi,

 

i have this issue for a couple of days now. This proxy keeps apearing on my lan settings and there is no wa to change it permanentely. Every time i change the parametre in the register (only way to remove this proxy) after i reboot it is there again. It affecta me using iexplorer and chrome. No issues with firefox because it has its own proxy setting. I tried cleaning the laptop up with spyhunter, avast, malwarebytes, superantispywar or adware. But nothing.

 

I hope someone could help. I attach the documents created by frst. and a screenshot of the issue

 

It seems it affects some windows security too. I cant activate and manage windows firewall nor safescreen.

 

Here is a screenshot of the windows firewall options. There is no reaction when i click it. And no chance of configuring windows defender or smart screen

 

thanx in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 08 October 2015 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers-x32: [MemopalBackedUp] -> {8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} =>  No File
ShellIconOverlayIdentifiers-x32: [MemopalError] -> {B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} =>  No File
ShellIconOverlayIdentifiers-x32: [MemopalPartiallyBackedUp] -> {95DDC869-FC98-4D47-BD34-2EDC9AA09C01} =>  No File
ShellIconOverlayIdentifiers-x32: [MemopalToBackup] -> {2CDD871E-60EB-40BD-9721-A1CB57042F75} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM] => http://127.0.0.1:8080/proxy.pac
AutoConfigURL: [HKLM-x32] => http://127.0.0.1:8080/proxy.pac
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3800106120-251638913-3686674851-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3800106120-251638913-3686674851-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Avast Online Security) - C:\Users\NilsMalte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-19]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 ALSysIO; C:\Users\NilsMalte\AppData\Local\Temp\ALSysIO64.sys [26488 2015-10-04] (Arthur Liberman)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\NilsMalte\AppData\Local\Temp\ALSysIO64.sys
Task: {07736DB3-6061-4625-9420-AA89581FB81B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2055A988-C61B-4118-AD95-BEEEBAC07937} - \Adobe online update program -> No File <==== ATTENTION
Task: {2247B3D1-5169-4EEF-B590-095D5472B723} - \WPD\SqmUpload_S-1-5-21-3800106120-251638913-3686674851-1001 -> No File <==== ATTENTION
Task: {2D26A5A8-7C98-4443-A16A-566F73AACD0D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {4C8939AC-EA50-487B-814F-1422CB00BE69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {62EF764B-2957-4B6C-814D-50E91DE0CED9} - \CreateChoiceProcessTask -> No File <==== ATTENTION
Task: {6713AA02-E9F7-4F73-B722-FB78C55B9BE6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6A081385-89B6-40EE-9EE0-66678847DC40} - \DivX online update program -> No File <==== ATTENTION
Task: {9B328E7B-DE68-41A4-BC67-E3EF8008F3D1} - System32\Tasks\WINshell Event Notification => C:\Users\NILSMA~1\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {9E634337-4F2F-4AAF-983A-3484D034FF53} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {AC60CB70-5C1A-471D-8BDE-753A15FDFC34} - \InstallShield Update Task -> No File <==== ATTENTION
Task: {B1214BD0-85AF-4C86-949C-53D01FD51AD2} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {B12E71DC-E411-4B64-9B62-850647C97C74} - \Update Checker -> No File <==== ATTENTION
Task: {CCB0278A-CEF0-4D66-86C4-F110A7E65AED} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {D3FD35A9-BE45-4B3D-BBA2-67DB98D79EBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EB644FE9-D652-4C8E-80BF-9E5072DD3CE3} - \Apple Diagnostics -> No File <==== ATTENTION
C:\Users\NilsMalte\AppData\Local\Temp\i4jdel0.exe
C:\Users\NilsMalte\AppData\Local\Temp\i4jdel1.exe
C:\Users\NilsMalte\AppData\Local\Temp\sqlite3.dll
RemoveProxy:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Restart the computer normally.

p.s.

MpsSvc => Firewall Service is not running.
Could not list Devices. Check "winmgmt" service or repair WMI.

Check these services and let me know if the problem persists.

#3 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 08 October 2015 - 02:08 PM

I am really thankful for the help. As soon as i get home i will try. Sorry for the delay. Theres i the time difference and i am on a 10hour continuos shift on work these days



#4 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 08 October 2015 - 03:09 PM

Here is the fixlog. Problem still persists. Now it seems the windows start button and search box on the min taskbar doesn´t react

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 09 October 2015 - 07:30 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
resetieproxy
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#6 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 09 October 2015 - 09:38 AM

Hello,

 

here is the log from zoek. It took a while tu run it after a few times. The lan setting problem unfortunately still persists as seen on screenshot. Now aditional issues:

 

- it seems i cannot open pictures like jpg, when i double click. There appears an error saying no valid entry for the registry

 

- on desktop the windows button doesn´t work by left clicking, nor does the search box or calendar (doesn´t pop up) or for the icons on the right bar that work by right click but not left. However the programs attached to bar do work by left clicking but not by right clicking (for the additional option menu)

 

- for now i will reactivate avast antivirus

 

It is really troublesome. For now it only affected be by not been able to browse with iexplorer or chrome, but the additional problems explained above worry me. And not been able to change windows firewall settings or use windows defender i don´t understand

 

 

thanx

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 09 October 2015 - 01:19 PM

Remove in the check box for use the User Script ... as seen in the picture you submitted.
Make sure you check the apply button if required.

===

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    23 - Repair File Associations (12)
    .. 23.01 - Repair bat Associations
    .. 23.02 - Repair cmd Associations
    .. 23.03 - Repair com Associations
    .. 23.04 - Repair Directory Associations
    .. 23.05 - Repair Drive Associations
    .. 23.06 - Repair exe Associations
    .. 23.07 - Repair Folder Associations
    .. 23.08 - Repair inf Associations
    .. 23.09 - Repair lnk (Shortcut) Associations
    .. 23.10 - Repair msc Associations
    .. 23.11 - Repair reg Associations
    .. 23.12 - Repair scr Associations
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================



#8 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 09 October 2015 - 01:32 PM

Hi Ok. That is my issue.

 

I cannot uncheck this box. When i do i click accept and tha apply button is greyed out and i cannot apply this change. There is also the issue of the text in yellow. For the other issue i mentioned with the blocked task bar y tried the fix of creating a new user, but i discovered that i cannot even create a new user, when i click the option it does nothing. The only temprary fix i found for the lan settings was changing the parameter in the registry local machine-software-policies-microsoft-windows-internetsetting-proxysettingsperuser to 1. Then the yellow text is gone and i can uncheck the script box. But after a eboot it is as it was before:)

 

no i try the windows repair tool, it will take a while because it is late here. As soon as i hav the resultas i will post it

 

 

thanx



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 10 October 2015 - 07:11 AM

When ready run the tools.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Submit a fresh FRST log for my review.

#10 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 10 October 2015 - 02:36 PM

Hi i used the repair tool from tweaking.com.  I attach the pre scan text file. After the repairs were done, it didn´t create a text file and it rebooted. And there were none error messages.

 

 

All the problems still persist. But i realized that when i am on wifi, i can use iexplorer or chrome. But i would like to resolve all the issues including the taskbar, etc.

 

this night i will do the other stuff with adware.

 

 

 

thanx

Attached Files



#11 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 10 October 2015 - 09:12 PM

Hi,

 

adware just did find an unrelated issue. Problems with the automatic proxy settings for LAN still are there. Unable to apply changes, and the yellow text saying something about the administrator. Shouldn´t that be me? And desktop taskbar still doesn´t react to right clicks some and left click others. Serarch box nd windows button dont react. Windows button on keyboard has no reaction. Calendar does not pop up by right click. MEdia files like photos and videos dont oppen by double click and show an error message. I think it is because it cannot open with the windows 10 apps, i had to change programs vlc for video and an external program for photos.

 

Not possible browsing web with iexplorer or chrome on LAN, but on wifi it is possible. Seems to be the problem with LAN setting. I dont know why the temprary change i do in registry as i mentioned before keeps reverting after reboot. I hope there is a chance of fixing it without a clean format and reinstall. Should the prblem be solved if i change hdd. I was changing hdd to ssd in a couple of month, bt i don´t want to do it right now.

 

attached you´ll find log of adware, jrt and new log of frst with adition.

 

 

 

thanx

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 11 October 2015 - 08:41 AM

MpsSvc => Firewall Service is not running.

http://windows.microsoft.com/en-ca/windows/turn-windows-firewall-on-off#turn-windows-firewall-on-off=windows-7

===

In my previoust fix many Internet Explorer restrictions were removed

Try this now.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Failed to access process -> ASUSWakeupService.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://127.0.0.1:8080/proxy.pac
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===



On the Tools menu in Internet Explorer, click Internet Options, click the Connections tab, and then click LAN Settings.
Under Proxy server, click to select the Use a proxy server for your LAN check box.

Make sure that only the "Automatically Select Settings" is checked. Remove everything else.

Clck the OK button and close the Option box.

Restsart the computer normally.

How is the computer running now?

#13 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 11 October 2015 - 08:57 AM

Hi,

 

i cannot start windows firewall. I do not know why. When i am in the firewall options i cant click anything. You see on screenshot, when i click it nothing happens.

 

thanx

 

 

As soon as i do the fix i post it



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:56 PM

Posted 11 October 2015 - 09:19 AM

Remove these programs using the Add/Remove programs applet.

Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden

#15 elkynder83

elkynder83
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 11 October 2015 - 07:19 PM

Hi,

 

here is a copy of th fixlog. There are still the same issues. Nothing has change according to my point of viw...lol. I tried uninstalling ad-aware, but it was not possible. An error message came up, as seen in screenshot. The thing is, the file in "program files" of "Lavasoft" is not there any more, but the program is still in add/remove list and when i try to uninstall a menu comes up.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users