Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot turn off proxy use


  • This topic is locked This topic is locked
29 replies to this topic

#1 chuckman

chuckman

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 15 April 2014 - 06:06 PM

Hi all, hoping you can assist me. I am on my laptop computer that my girl friend uses. The other morning, she went to log on to Google Chrome and received message that proxy was not working. (I do not use a proxy, never have) I went to my settings, unchecked proxy and rechecked automatically detect settings, saved, exited and tried again...same message. Went back into settings and proxy was checked again. This has been going on for three days now. It is effecting IE11 the same way, message states...

The proxy server isn’t responding...
 
Check your proxy settings 127.0.0.1:8877.
 
The resetting is immediate, and restarts have no effect. Proxy is there 24/7 and cannot be changed.
 

Someone suggested changing registry setting Current User/Software/Microsoft/windows/currentversion/Internet settings and changing DWORD from 0 to 1 for Proxy Enable. That did not work either. It is still currently set at 1. I did not change back yet.

 

I have tried several removal tools, MalwareBytes, Norman Malware cleaner but to no avail. I have tried a dozen times to install AWDCleaner, but it will not install. I tried this both in Admin log-in and in safe mode. Progam either says setting up files them goes blank, or says failed to install. I have also viewed my HOSTS file and it looks correct.

 

No matter what I have tried, something has hijacked my setting and will not let me change it. I am typing this on the infected computer using FireFox.

 

So now I am here, and I have attached the "Attach.TXT" file in hopes someone can resolve this. If it matters, I ran DDS in safe mode.

 

Thank you for any assistance you can offer.

 

I should also mention that I have removed anything I though useless or unknown before posting. Hopefully that will make finding the issue easier for someone.

Attached Files


Edited by chuckman, 15 April 2014 - 06:22 PM.


BC AdBot (Login to Remove)

 


m

#2 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 18 April 2014 - 05:43 PM

When I posted this I read "We try to resolve logs on a first come/first served basis, please be patient" I am good with that, but I see a dozen or more that were posted after mine, in some cases two days after mine that are getting attention. I just would like to know if I did something wrong? I thought I followed the instructions that were posted. 



#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:31 PM

Posted 19 April 2014 - 02:15 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
You ran DDS?  Please post the DDS.txt log as well please.   :)
-----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 19 April 2014 - 07:36 PM

Attached are the 3 files you requested. Thank you for assisting.

Attached Files


Edited by chuckman, 19 April 2014 - 08:02 PM.


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:31 PM

Posted 19 April 2014 - 08:48 PM

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 April 2014 - 06:48 AM

When you say follow the instructions on that page, does that mean you want me to clean after the scan, or just report the scan first? Their page says to do both, your post above suggests that I just scan and report.



#7 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 April 2014 - 07:21 AM

Okay, irrelevant, No malware found, clean-up not required.



#8 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 April 2014 - 07:30 AM

Just for your information, Windows did a forced install update.



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:31 PM

Posted 20 April 2014 - 08:53 AM

Ok thanks for letting me know.   :)  Well done!
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 20 April 2014 - 09:37 AM

Attached is the Log file from Combo-Fix. I see that one section of this log shows files created in the last 30 days. If it helps, I beleive this started the morning of the 13th. If not, it was the day before or after the 13th.

Attached Files


Edited by chuckman, 20 April 2014 - 09:46 AM.


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:31 PM

Posted 21 April 2014 - 07:47 PM

Oh my!!  Sorry for any delay.   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    Firefox::
    FF - ProfilePath - c:\users\Chas\AppData\Roaming\Mozilla\Firefox\Profiles\s0802hyy.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
     
    Folder::
    c:\program files\Conduit
    c:\users\Karen User\AppData\Local\SearchProtect
    c:\users\Chas\AppData\Local\SearchProtect
    c:\program files (x86)\Conduit

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------

 
Post the new ComboFix and AdwCleaner log and let me know how your system is running now.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 22 April 2014 - 05:53 AM

Attached are the logs. Proxy is still ticked and I cannot change it.

Attached Files



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:31 PM

Posted 22 April 2014 - 06:43 PM

Can you show me a screen shot of what you are seeing?  There are no proxy settings being shown in the logs now.   :)

------------------------
 
Please open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
 
Copy the contents of the code box > right click in the command window and select paste

rd c:\users\Chas\AppData\Roaming\ValueApps /s /q

Press Enter (you won't actually see anything happen)
Close the Command Prompt window.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 23 April 2014 - 04:24 PM

test



#15 chuckman

chuckman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 23 April 2014 - 04:32 PM

When I run the RD command line it states "The system cannot find the file specified.

 

 

I have wasted 60 minutes of life trying to upload picture to show you Lan settings. It seems everytime I find a way to get it under the maximum size, the maximum size allowed gets lowered. I thought maybe if I posted above it would reset or something, but right now I can't load any file over 8k.

 

In Lan Settings, both Automatically Detect Settings and Use Proxy Server for your Lan are checked.

 

In Advanced settings, HTTP and Secure both have 127.0.0.1 using port 8877.

 

At the bottom of advanced settings in Exceptions it says  <-loopback>  (arrows are part of what is there, they are not added by me)

 

I still cannot remove those settings.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users