Proxy settings keep resetting after I change them

[kag715]

When I go into my Internet Options and into the LAN settings, if I ever wanted to change the proxy settings, they would always reset to what it was before, with the port at 80 and <-loopback> in the exceptions.  Wasn't able to fix the problem with malwarebytes.  What steps would I need to take for me to have the ability to change the proxy settings freely again?

[TwinHeadedEagle]

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[kag715]

Here are the results from the FRST scans.

Addition.txt

FRST.txt

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

[kag715]

I just ran the FRST with the fixlist, and here we are.

Fixlog.txt

[TwinHeadedEagle]

Good. Let's scan your PC one more time with MalwareBytes. How is the situation now?
 
 
Scan with Malwarebytes' Anti-Malware
 
Please re-run Malwarebytes' Anti-Malware.

• First of all, select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

[kag715]

As seen here, the most recent MBAM scan yielded no results.  But I'm still having the issue on Chrome and Internet Explorer of my proxy settings being reset whenever I try to change it.  

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/4/2014

Scan Time: 7:17:05 AM

Logfile: 100414MBAMscan.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.10.04.07

Rootkit Database: v2014.09.19.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: super_000

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 325807

Time Elapsed: 16 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

100414MBAMscan.txt

[TwinHeadedEagle]

Okay, let's scan your PC again.
 
 
Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

[kag715]

Just finished scanning again.

 

 

Addition.txt

FRST.txt

[TwinHeadedEagle]

I do not see that proxy is enabled. How is the situation now?

[kag715]

That's the problem.  The proxy is never enabled via regular Internet Options (such as with IE or Chrome), even if I try to change it.  For instance, whenever I go to Internet Options > Connections tab > LAN Settings > Advanced, this is what I see:

 

Except that the "Use a proxy server for your LAN..." box is unchecked and the Address field is greyed out.

 

So if I tried to make any changes to it (checking that box, entering a proxy address and corresponding port, etc.) and click OK all the way out, the changes are not saved and it resets to no where it was before:

 

I'd like to know why the settings keep resetting and if there might be something causing that, because I never used to have this problem.  I can't remember when this problem started, though.

[TwinHeadedEagle]

Okay, let's see what is going on:
 
 
 
Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

 

====================================================

 

 

When you finish, you will notice 4 reg files on your Desktop. Select them All, right click  --> Send to compressed folder. Attach that zip file here.

fixlist.txt

[kag715]

Just ran the fix.  I only see three reg files (search, search1, search2) on the desktop.

Fixlog.txt

FRST reg files 10-06-14.zip

[TwinHeadedEagle]

Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

We need to prepare a fix file first.

• Press the + R on your keyboard at the same time.
• A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
• In the shown window paste in the following script. Make sure that all of the codebox content is pasted!
  

  Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyOverride"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyOverride"=-

• Go to File menu and select Save as.
• Make sure that the Save as type option is set to All Files (*.*) and the place to save will be your desktop.
• Name the file fix.reg and select Save.

After that, your prepared fix.reg file should be located on your desktop.

Now we need to import the file into the registry.

• Locate the fix.reg file on your desktop.
• Right-click the icon of your file and select Merge.
• You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.

[kag715]

The Proxy Override appears to be gone from the registry, but for some reason, that hasn't fixed the problem.

[TwinHeadedEagle]

Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
• Accept the Terms of use.
• When the Scan button becomes available, please click it. RogueKiller will start a full scan.
• Let this process run uninterrupted!.
• When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

[kag715]

I can't find where the report was saved, so I'll just copy/paste it here.

 

RogueKiller V10.0.0.0 (x64) [Oct  7 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : super_000 [Administrator]

Mode : Scan -- Date : 10/08/2014  05:57:49

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 4 ¤¤¤

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 1 ¤¤¤

[suspicious.Path][File] NexDef Plug-in.lnk -- C:\Users\super_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [LNK@] C:\Users\SUPER_~1\AppData\Local\Autobahn\nexdef.exe -> Found

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive1: SD Card +++++

--- User ---

[MBR] a01d0af9fd801c08dba6a1398b6e1032

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 249 | Size: 1937 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_SCN_10012014_234635.log - RKreport_SCN_10022014_221811.log

[TwinHeadedEagle]

Can you use internet normally?

[kag715]

The Internet works fine, but there are also times where I would like the option to use a proxy.

[TwinHeadedEagle]

Let's run one more fix:
 
 
Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[kag715]

Here we go:

 

Zoek.exe v5.0.0.0 Updated 07-October-2014

Tool run by super_000 on Thu 10/09/2014 at  7:14:02.19.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\super_000\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

10/9/2014 6:31:42 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~3\Avg_Update_0814tb deleted

C:\PROGRA~3\boost_interprocess deleted

C:\Users\Default\AppData\Local\Pokki deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\super_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts deleted

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\Users\SUPER_~1\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\staged deleted

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\SUPER_~1\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default

- GameFOX - C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

- Flash and Video Download - C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

- GameFOX - %ProfilePath%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

- xFAQs - %ProfilePath%\extensions\jid1-CCz6AsSViTfMgg@jetpack.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- Text-to-Image - %ProfilePath%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

 

 

==== Chromium Look ======================

 

Google Voice Search Hotword (Beta) - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Windows Media Player Extension for HTML5 - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak

 

==== Chromium Fix ======================

 

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.pennlive.com_0.localstorage deleted successfully

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.spafinder.com_0.localstorage deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Secondary_Page_URL"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2347522250-1337421112-962969492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-2347522250-1337421112-962969492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\super_000\AppData\Local\Mozilla\Firefox\Profiles\gc1turhy.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\super_000\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=797 folders=79 140901830 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\super_000\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\SUPER_~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Thu 10/09/2014 at 18:44:32.83 ======================

[TwinHeadedEagle]

Do you still have a problem?

[kag715]

The problem still exists, but at this point I have decided to try to find a workaround for the time being.  Thank you for your help anyway.

[TwinHeadedEagle]

Okay, keep me updated if  you dig something.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!