[luigy39]

This is my first post and I would like to take the opportunity to thank in advance those who take their time to solve everybody else's problems.

I'm running a fresh Windows ulimate set up and I took all the care, or so I thought, to avoid any viruses to make it into my computer, but I guess that is impossible nowadays.

When I start my computer after the windows welcoming logo a screen prompts reading (starthelp.exe) it asks me if I want to run it as you would a program that you are installing, this happens every time as I first see my desktop screen. If I select yes I can use my browsers (Firefox & Chrome, if I select Do Not run, I can't go on line. Is there a way around this?

Thank you in advance.

[Advertisements]

Hi first I will need to look at your system

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi first I will need to look at your system

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[luigy39]

Thank you for your quick response. these are the logs from the scanning. I'm also including a log from the malwarebytes anti-malware that I had run earlier for you to look at.

 OTL.Txt   779.55KB   149 downloads

 Extras.Txt Extras.txt   69.43KB   167 downloads

 aswMBR.txt   2.26KB   127 downloads

 mbam-log-2013-09-05 (12-55-29).txt   12.47KB   117 downloads

[Essexboy]

Starthelp is part of the Privoxy programme, I will remove the start entry if you no longer require this programme then uninstall it via Control Panel. If you wish to keep it then I would suggest that you re-install

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKU\S-1-5-21-199620914-1207230235-2358381297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-199620914-1207230235-2358381297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll File not found
O2 - BHO: (Ask Toolbar) - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\luigy39\AppData\Local\DefineExt\temp.dat ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
O3 - HKU\S-1-5-21-199620914-1207230235-2358381297-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
[2013/09/05 00:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Layers
[2013/09/04 23:04:11 | 000,000,000 | ---D | C] -- C:\Users\luigy39\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/04 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\luigy39\AppData\Local\DefineExt
[2013/09/04 23:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/08/28 20:07:12 | 000,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe

:Files
C:\Program Files (x86)\AskPartnerNetwork

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

• Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• post the contents of JRT.txt into your next message.

[luigy39]

I had to use another computer in order to send you this information. After the procedure I can't get on line.

 OTL.Txt   185.49KB   130 downloads

 JRT.txt   3.47KB   173 downloads

 09062013_180500.log   14.71KB   159 downloads

[Essexboy]

OK uninstall Privoxy via control panel reboot and then try the net

[luigy39]

That program is not found under uninstall programs nor if I do a search.

[Essexboy]

OK it appears that this programme does have an uninstaller but it never works properly if at all

Lets get the net back for chrome :

Go to Google Chrome and click the wrench in the top right hand corner.
Go down to options.
In the new box click "change proxy settings"
Then in the new box choose "lan settings" then check box "automatically detect settings". Apply.

For IE run this fix, let me know if that cures it. If so I will then remove it manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-199620914-1207230235-2358381297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-199620914-1207230235-2358381297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[luigy39]

I got the results for IE.

On Chrome, under settings-(LAN)settings - Automatically detect setting is checked , but not highlighted, I can only choose to OK or cancel, I pressed OK.

 09082013_161301.log   4.37KB   138 downloads

 OTL.Txt   182.4KB   151 downloads

[Essexboy]

Are you able to use IE to get online ?

[Essexboy]

I have been searching around and it appears the best bet is to install privoxy and then uninstall via control panel


Latest version here http://sourceforge.n...ad?source=files

[luigy39]

No, I can't get on line using Internet explorer, Chrome or Firefox.

[luigy39]

I installed pro priboxy and the internet is working. Should I uninstall it now?

[Essexboy]

OK could you re-install Privoxy, if that does not work then use system restore to go back to the OTL restore point created before the fix

[luigy39]

OK could you re-install Privoxy, if that does not work then use system restore to go back to the OTL restore point created before the fix

I installed Privoxy and it works, as soon as I uninstall it I can't use the internet.

Is it safe to have Privoxy running on my computer all the time?