kag715

Proxy settings keep resetting after I change them

Recommended Posts

When I go into my Internet Options and into the LAN settings, if I ever wanted to change the proxy settings, they would always reset to what it was before, with the port at 80 and <-loopback> in the exceptions.  Wasn't able to fix the problem with malwarebytes.  What steps would I need to take for me to have the ability to change the proxy settings freely again?

Share this post


Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Share this post


Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Share this post


Link to post
Share on other sites

Good. Let's scan your PC one more time with MalwareBytes. How is the situation now?
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Share this post


Link to post
Share on other sites

As seen here, the most recent MBAM scan yielded no results.  But I'm still having the issue on Chrome and Internet Explorer of my proxy settings being reset whenever I try to change it.  

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/4/2014
Scan Time: 7:17:05 AM
Logfile: 100414MBAMscan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.04.07
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: super_000
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325807
Time Elapsed: 16 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

100414MBAMscan.txt

Share this post


Link to post
Share on other sites

Okay, let's scan your PC again.
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Share this post


Link to post
Share on other sites

That's the problem.  The proxy is never enabled via regular Internet Options (such as with IE or Chrome), even if I try to change it.  For instance, whenever I go to Internet Options > Connections tab > LAN Settings > Advanced, this is what I see:

post-174442-0-62454700-1412550047_thumb.

 

Except that the "Use a proxy server for your LAN..." box is unchecked and the Address field is greyed out.

 

So if I tried to make any changes to it (checking that box, entering a proxy address and corresponding port, etc.) and click OK all the way out, the changes are not saved and it resets to no where it was before:

post-174442-0-34210300-1412550433_thumb.

 

I'd like to know why the settings keep resetting and if there might be something causing that, because I never used to have this problem.  I can't remember when this problem started, though.

Share this post


Link to post
Share on other sites

Okay, let's see what is going on:
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

 

====================================================

 

 

When you finish, you will notice 4 reg files on your Desktop. Select them All, right click  --> Send to compressed folder. Attach that zip file here.

fixlist.txt

Share this post


Link to post
Share on other sites

reg_file_icon.jpg Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

We need to prepare a fix file first.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script. Make sure that all of the codebox content is pasted!
    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyOverride"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyOverride"=-
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to All Files (*.*) and the place to save will be your desktop.
  • Name the file fix.reg and select Save.

After that, your prepared fix.reg file should be located on your desktop.

Now we need to import the file into the registry.

  • Locate the fix.reg file on your desktop.
  • Right-click the reg_file_icon.jpg icon of your file and select Merge.
  • You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.

Share this post


Link to post
Share on other sites

The Proxy Override appears to be gone from the registry, but for some reason, that hasn't fixed the problem.

Share this post


Link to post
Share on other sites

RogueKiller.png Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Share this post


Link to post
Share on other sites

I can't find where the report was saved, so I'll just copy/paste it here.

 

RogueKiller V10.0.0.0 (x64) [Oct  7 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : super_000 [Administrator]
Mode : Scan -- Date : 10/08/2014  05:57:49
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] NexDef Plug-in.lnk -- C:\Users\super_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [LNK@] C:\Users\SUPER_~1\AppData\Local\Autobahn\nexdef.exe -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] a01d0af9fd801c08dba6a1398b6e1032
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 249 | Size: 1937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_10012014_234635.log - RKreport_SCN_10022014_221811.log

Share this post


Link to post
Share on other sites

The Internet works fine, but there are also times where I would like the option to use a proxy.

Share this post


Link to post
Share on other sites

Let's run one more fix:
 
 
51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Share this post


Link to post
Share on other sites
Here we go:

 

Zoek.exe v5.0.0.0 Updated 07-October-2014

Tool run by super_000 on Thu 10/09/2014 at  7:14:02.19.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\super_000\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

10/9/2014 6:31:42 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~3\Avg_Update_0814tb deleted

C:\PROGRA~3\boost_interprocess deleted

C:\Users\Default\AppData\Local\Pokki deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\super_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts deleted

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted

C:\Users\SUPER_~1\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\staged deleted

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\SUPER_~1\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default

- GameFOX - C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

- Flash and Video Download - C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

- GameFOX - %ProfilePath%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}

- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

- xFAQs - %ProfilePath%\extensions\jid1-CCz6AsSViTfMgg@jetpack.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- Text-to-Image - %ProfilePath%\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\super_000\AppData\Roaming\Mozilla\Firefox\Profiles\gc1turhy.default

4390CCD3790F8D9C427C0C29590C62D7 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash

18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013

 

 

==== Chromium Look ======================

 

Google Voice Search Hotword (Beta) - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Windows Media Player Extension for HTML5 - super_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak

 

==== Chromium Fix ======================

 

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_businessfinder.pennlive.com_0.localstorage deleted successfully

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.spafinder.com_0.localstorage deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


"Default_Secondary_Page_URL"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Secondary_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2347522250-1337421112-962969492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_USERS\S-1-5-21-2347522250-1337421112-962969492-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\super_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\super_000\AppData\Local\Mozilla\Firefox\Profiles\gc1turhy.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\super_000\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

C:\Users\super_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=797 folders=79 140901830 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\super_000\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\SUPER_~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Thu 10/09/2014 at 18:44:32.83 ======================

Share this post


Link to post
Share on other sites

The problem still exists, but at this point I have decided to try to find a workaround for the time being.  Thank you for your help anyway.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.