GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


MS Removal Tool changed proxy setting

2 posters

descriptionMS Removal Tool changed proxy setting EmptyMS Removal Tool changed proxy setting15th April 2011, 1:06 am

more_horiz
MS removal tool had changed my proxy settings to
Http proxy: 127.0.0.1
Port: 50808

I had followed the steps in removing ms removal tool in http://www.GeekPolice.net/t26522-remove-ms-removal-tool-removal-guide
and it had worked well, just that my proxy setting is set as default as "manual proxy configuration"
so every time i restart firefox, it goes back to the manual proxy configuration with the above settings.
to go onto the internet, i have to set it back to no proxy,
i am using mozilla firefox 4
help please

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 4:12 am

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 5:20 am

more_horiz
Okay, I've done as it said and
Spoiler :


and that's what i get, if you want the actually log file then er... I'll try post it

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 9:41 am

more_horiz
Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 10:34 am

more_horiz
okay got that, what's next?
name of the .txt file is MBRCheck_04.15.11_20.32.28

Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 11:24 am

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 12:58 pm

more_horiz
Spoiler :


hmmm... looks like no more warcraft for me lol

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting15th April 2011, 10:25 pm

more_horiz
How did you obtain that version of Warcraft in the first place?

It should have not been deleted if that was a legit version...

Please download CKScanner by askey127 from here

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting16th April 2011, 12:04 am

more_horiz
Oh that's for playing on bored aussies server

Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting16th April 2011, 8:42 am

more_horiz
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting16th April 2011, 11:09 am

more_horiz
again? lol

Spoiler :


looks same as before except after 3 quarters of the way down

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting16th April 2011, 5:08 pm

more_horiz
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting17th April 2011, 12:41 am

more_horiz
This is the OTL.txt
Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting17th April 2011, 12:42 am

more_horiz
and this is the extras.txt
Spoiler :


its in 2 posts because they are over the word limit

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting17th April 2011, 9:58 am

more_horiz
Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    Code:

    :otl
    [2011/04/12 20:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nJg28258bAfHl28258
    [2011/04/13 16:41:08 | 000,007,071 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\8702.175
    [2011/04/13 15:50:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Spepozidohugil.bin
    [2011/04/12 20:37:22 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Omawexexiv.dat

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting17th April 2011, 12:38 pm

more_horiz
okay got that done
Spoiler :

btw am i supposed to have some thumbs.db file on my desktop?

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting18th April 2011, 2:50 am

more_horiz
It's a safe file.

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting18th April 2011, 6:23 am

more_horiz
ummm... breaking the notepad into 2 parts, doesn't fit into 1 post, goes over by 14500letters or so

Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting18th April 2011, 6:23 am

more_horiz
second part

Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting20th April 2011, 4:57 am

more_horiz
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting20th April 2011, 7:09 am

more_horiz
ummm...
this is probably the main issue with the internet
but, my windows messenger isn't working fully, like i sign in and appear online to people but they still see me offline, this doesn't happen when i use messenger on ipod though.
I don't have any fake anti virus alerts but my processes seem to use up a lot of mem usage.
the wuauclt.exe uses roughly 46,700K and this seems to be quite a bit compared to when i first used this computer after a reformat.
no error messages nor blur screen
ummm... how do i know if my svchost.exe is running at 100%?

but that should be about all my problems that i actually notice

edit: just noticed this but when i turn on my computer, i get this how to load windows screen for a second or 2
couldn't read it but i saw like 3 options, something about safe boot, windows xp and not sure about the other one

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting21st April 2011, 2:36 am

more_horiz
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting21st April 2011, 8:03 am

more_horiz
okay that screen when I first turn on my computer says some stuff about windows recovery, doesn't seem too important

Procexp.txt
Spoiler :

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting22nd April 2011, 4:03 am

more_horiz
Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting23rd April 2011, 6:01 am

more_horiz
oh umm... actually...
my brother came back from Sydney earlier than i thought and hes helping me with reformatting the computer

sorry for the trouble i caused you and thanks

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting23rd April 2011, 9:00 am

more_horiz
ok

descriptionMS Removal Tool changed proxy setting EmptyRe: MS Removal Tool changed proxy setting

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum