Can't change proxy settings

Hello, birdie birdie

Rerun RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
AVG Secure Search
Java 7 Update 67
*NOTE also: Both of these Mozilla applications are outdated:
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Thunderbird 24.6.0 (x86 en-US)

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Files
C:\Users\AMJY\Desktop\Downloads\com.elevenbitstudios.anomaly2game.part2.rar.exe
C:\Users\AMJY\Desktop\Downloads\Programs\cain20.exe
C:\Users\AMJY\Desktop\Downloads\Programs\Mobogenie_Setup_2.1.10_21.exe
C:\Windows\TEMP\*.*
C:\Users\AMJY\AppData\Local\Temp\*.*
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Make sure to shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Next download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Attach that logfile to your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which are created when running the tool.

Now install the current version of Sun Java from:

• Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.
• Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Make sure that when you install the new version of Java that you uncheck the Install the Ask Toolbar junkware checkbox. You do not want to add the stuff junk that most people consider malware to your PC. Also just in case Oracle changes the Java installation in the future to possible install other junk, uncheck all but just installing Java.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip
• AdwCleaner[S#].txt

Make sure you tell me how things are working now!

 

Please use MSconfig to put this machine back into Normal Startup Mode and DO NOT use it as a program startup manager. (Noting 17 entries now listed)

Delete this folder please:
C:\Program Files (x86)\Common Files\AVG Secure Search

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7/8, use right-click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

How is your machine performing now?

 

Where are you seeing this message about the script setting? Could this be part of "Iobit Advanced System Care's HomePage Protection"?

What malware problems are you experiencing still?

Please download OTL by OldTimer.

• Save it to your desktop.
• Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Set the "Output" to "Standard Output".
• Change the setting of "Drivers" and "Services" to "Use Safelist"
• Copy the text in the code box below and paste it into the text-field.
  
  Code:

  activex
  netsvcs
  msconfig
  drives
  

• Now click the button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

 

Thread authors should be aware that they are the only ones witnessing their screen activities and are expected to give clear and precise details if they are to receive help in diagnosing malware issues. *You need to undo the changes you made while attempting to configure a proxy server. This is NOT malware related.

*Included in this fix are the remaining MSconfig entries that I instructed you to remove a week ago!
Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

:otl
IE - HKU\S-1-5-21-1768821638-2688852551-3596903393-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1768821638-2688852551-3596903393-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0C83A62C-8D66-4E11-A0EF-897D2151F882}&mid=9031ae979fb347d0a575a5b92b112b65-8130762de27808b641a5cfcc36211dd0ffab9616&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.0.5.292&pid=avg&sg=&sap=dsp&q={searchTerms}
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4:[b]64bit:[/b] - HKLM..\RunOnce: [ConnecitfyTemp f] cmd /Q /C "rmdir /S /Q C:\Users\AMJY\AppData\Local\Temp\Connectify\f" File not found
@Alternate Data Stream - 874 bytes -> C:\Users\AMJY\AppData\Local\4Ec2aRJPMenE3:vnQcXsS5vzz2elna9gu3eT
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 1066 bytes -> C:\Users\AMJY\AppData\Local\Temp:U79bbuAP21i06Di1A8laU3vYUqzC

:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1768821638-2688852551-3596903393-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1768821638-2688852551-3596903393-1000Core.job
C:\Users\AMJY\Desktop\jre-8u25-windows-x64.exe
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
C:\Windows\TEMP\*.*
C:\Users\AMJY\AppData\Local\Temp\*.*

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Connectify]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPLTarget]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Samsung PanelMgr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vProt]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Attach this log to your next message. (How to attach)

What malware issues remain???

 

You're welcome, birdie.

Consulting with my colleagues - be patient.

 

Is your AVG2014 the freeware or "paid-for" version?

 

Yet none of your logs have any mention of Avast... Please review the below instructions from our guide.

Please download the 64 BIT version of AVG Remover 2015.5501 .
Run it > re-boot > run it once more.

We've recently found that Avast is hindering efforts to change some settings, so download and use this portable appl to uninstall Avast for now. *After re-booting, please DO NOT re-install it until instructed.

GeekUninstaller 1.3.2.41

NOTE: Your machine will have no anti-virus protection so limit your online usage to checking your mail and replying to this thread until informed otherwise.

Now, repeat my instructions in post #4 for using Windows Repair and re-boot. Are you now able to change your proxy settings?

 

Perhaps something else may have also changed - please rerun both RogueKiller and OTL by Old Timer per original instructions and attach the fresh logs.

Also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select "Run As Administrator").

Please also attach the updated C:\MGlogs.zip file.

 

Do you still have the problem with not being able to uncheck and remove the automatic configuration script for a proxy? If you answer yes then please try the below.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files". We are only saving this to your Desktop at this time. We will use it later. Make sure that it shows up on your desktop as a registry patch. Notice the icon.

Now please uninstall your antivirus program and then reboot your PC info safe boot mode. Keep it uninstalled until requested to reinstall.



Once in safe boot mode, click Start, and type regedit into the search box.

• You should see a regedit.exe and icon appear in the Programs area of the Start Menu.
• Right click on regedit.exe and select Run As Administrator
• Then in the Registry Editor menu click File and select Import.
• Navigate to the fixme.reg file saved to your Desktop and double click it. Allow it to be added to the registry. Please observe whether you receive a success message.
• Then reboot back into normal mode and tell us if anything has changed.