[Dakeyras]

Hi.

Did you actually check that Windows Defender is disabled and run the prior custom batch file ? If so did you right click on the batch file and select Run as Administrator ?

Reason asking ComboFix is denoting it is active and Norton Internet Security is still not showing in the actual Security Centre at all. Plus is the subscription still active for Norton Internet Security or not ?

Also is the proxy problem still present or not ?

Custom ComboFix Script:

• Please download the attached CFScript.txt(see below) to your desktop.

• Ensure all security software is disabled again(if able to do so) for the duration for the custom ComboFix script.

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. >> ComboFix will now begin to process the custom script.
• When completed there will be a log created named DeQuarantine_log.txt, please post the contents in your next reply.

Submit a File for Analysis:

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://www.geekstogo.com/forum/topic/337300-proxy-setting-auto-enable/

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\SysWow64\frapsvid.dll

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Scan with FSS:

Please download Farbar Service Scanner and save to your desktop.

• Right-click FSS.exe and select Run as Administrator to start the program.
• Select all available options.
• Then click on the Scan tab.
• When the scan is complete, it will produce a log named FSS.txt.
• Post the contents in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• Answers to my various questions.
• DeQuarantine Log.
• Farbar Service Scanner Log.

[Advertisements]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Dakeyras]

Topic re-opened per OP's request...

[TheMattVid]

It is very possible that Windows Defender was running. I disabled it that first time you told me too, but I suppose I haven't been careful, because it automatically starts as determined by the list of services.

I do not believe I ever had an active subscription to Norton on my laptop.

The proxy problem is still present.

I am still busy, and the other steps will be followed and posted tomorrow.

[Dakeyras]

Acknolwedged, when you have completed my prior instructions in post #16 we will address the Norton remnants and remaining issues etc.

[TheMattVid]

DeQuarantine:

C:\Qoobox\Quarantine\C\windows\SysWow64\frapsvid.dll.vir -> C:\windows\SysWow64\frapsvid.dll

[TheMattVid]

FSS:

Farbar Service Scanner Version: 25-02-2014
Ran by User (administrator) on 03-03-2014 at 19:22:37
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[Dakeyras]

Hi.

The file I asked you to upload for myself appears to be legitimate and no further action is required with regard to that.

What we are going to next is address the proxy issue and remove the Norton remnants and install a new Anti-Virus application as follows...

Check Proxy Settings:

Launch Internet Options...

• Click on Start(Windows 7 Orb) >> Control Panel >> Network and Internet >> Internet Options
• Or via Start(Windows 7 Orb) >> Control Panel >> >> Internet Options
• Once the Internet Properties window appears >> click on Connections >> LAN settings
• Ensure Automatically detect settings is selected and the following are not:

Use automatic configuration script
Use a proxy server for your LAN

• Click on OK >> OK to close the Internet Properties window.

Then:-

Log into your Routers settings(usually via entering http:\\192.168.1.1 into the address bar of your browser) look for the Reset/Restore Factory Default and select that. Once your Router has been reset apply a new admin password.

If you are unsure how to do this, merely provide myself the exact make and modal in use and I in turn will provide the appropriate instructions.

Norton/Symantec RT:

Please download the Norton Removal Tool and save it to your Desktop.

• Close all programs and right-click on Norton_Removal_Tool.exe and select Run as Administrator
• Follow the on-screen prompts >> Finish(if the removal tool opens a browser window to the Symantec site, merely close it).
• Then restart(reboot) your computer.
• Afterwards delete Norton_Removal_Tool.exe from your desktop >> Empty the Recycle Bin.

Install a Anti-Virus:

Download one of the free-ware installers below:-

• Avast! Free Antivirus.
• Microsoft Security Essentials.

Which ever of the above you chose to download >> Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Next:

Let myself know when completed the above and if any problems encountered. We will then go from there, thank you.

[TheMattVid]

First, I would like to ask if you believe that the router may be the source of my problems. I don't just want to reset it if there is no reason for suspecting it (though, I am willing to do so if there is even a small reason to suspect it.)

[Dakeyras]

Hi.

First, I would like to ask if you believe that the router may be the source of my problems. I don't just want to reset it if there is no reason for suspecting it (though, I am willing to do so if there is even a small reason to suspect it.)

It is indeed feasible as the source of the proxy issues but I am merely advising a reset to err on the side of caution.

Now if you would rather not carry out the reset, fair play and I always respect the wishes of those I assist. Just at the very least login into the Router's settings and check no erroneous entries in the DNS(domain name server) settings apart from 192.168.1.1. Plus check the LAN(local area network) settings have no suspect entries/options selected either etc.

[Dakeyras]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Dakeyras]

Topic re-opened per OP's request...

[TheMattVid]

Let myself know when completed the above and if any problems encountered. We will then go from there, thank you.

All of the above steps are completed.

Here is a status of my problems:

Computer crashing: Not fixed, as expected, since the problem is not derived from any sort of malware or virus.

Proxy settings: Not fixed, because the box titled "Use automatic configuration script is continuously unchecked and the box titled "Use a proxy server for your LAN" keeps checking.

Programs freezing every 10 seconds: Fixed!


We are 1/3 of the way there.

[Dakeyras]

Hi.

Computer crashing: Not fixed, as expected, since the problem is not derived from any sort of malware or virus.

Proxy settings: Not fixed, because the box titled "Use automatic configuration script is continuously unchecked and the box titled "Use a proxy server for your LAN" keeps checking.

Acknowledged...

Next:

Did the Anti-Virus you chose to install find/remove anything at all ?

Do you have a Windows 7 64 Bit Installation DVD ? If not please follow this tutorial of mine:-

How to create a Windows 7 Startup Repair Disk

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Click on Start(Windows 7 Orb) >> Tweaking.com >> Registry Backup >> Tweaking.com - Registry Backup
• Right-click on Tweaking.com - Registry Backup.exe and select Run as Administrator >> once the GUI(grapical user interface) has loaded
• Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-

• Close Tweaking.com - Registry Backup

Reset Proxy:

Please download reset-proxy.bat(see below) to your desktop



Now Right-click on the desktop reset-proxy.bat and select Run as Administrator to process the batch file. It will self-delete when completed.

Note: You will temporally loose your internet connection and your machine should automatically reboot. If it does not reboot your machine manually.

Re-scan with OTL:

• Right-click on OTL.exe and select Run as Administrator to start OTL.
• Ensure Include 64bit Scans is selected.
• Under Output, ensure that Standard Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings /s
CreateRestorePoint

• Now click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these two Notepad files in your next reply.

Note: If the actual new OTL log created is too large to post merely attach it.

Next:

When completed the above, please post back the following in the order asked for:

• Answer to my Anti-Virus question.
• Do you have a W7 DVD and or did you create a Startup Repair Disk ?
• Still the Proxy issue or not ?
• Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

[TheMattVid]

1: Avast detected one bad thing. It was in Java, but I don't remember what the warning message was.

2: I have successfully created the disc you wanted me to.

3: The proxy setting thing seems to be fixed, but I haven't had much time to test it, so i can't be sure that it is to this point. I will post another message if I discover that the problem is occurring again.

4: One notable thing that I noticed is that when my laptop restarted after running the batch file, it asked if Skype had permission to bypass Windows Firewall. I selected to allow it to bypass it because I use Skype very often. Is it possible that Skype is the source of the proxy issues?

5: The following posts will be from OTL.