Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Server Isnt Responding


  • This topic is locked This topic is locked
10 replies to this topic

#1 jsaunders1974

jsaunders1974

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 26 December 2015 - 04:36 PM

I have run various malware and virus removal tools (Spybot S&D, MalwareBytes,AdwCleaner, etc).  Numerous infections have been removed however nothing I do has resolved the "Proxy Server Isnt Responding 127.0.0.1:8080" error.

 

I have removed ProxyServer entries in the windows 8 registry.

I have updated ProxyEnabled to 0 for all entries in the registry.

 

I have went into IE advanced settings and reset to default settings.

 

Any help is welcome and appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 27 December 2015 - 06:24 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    C:\Users\Amanda6796\AppData\Local\Hyper Browser
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-2335688119-3391619258-3155059803-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: 
    RemoveProxy:
    EmptyTemp:
    Task: {0169605F-092C-4BFA-9611-4961F23D3595} - \584eca41-fcff-4dc9-b44e-f3245db460e5-1 -> No File 
    Task: {0B65F537-F873-4C77-A4D1-854DA6518E2C} - \ea91fdad-56cc-455a-b30f-93e73caed570-1 -> No File 
    Task: {12A9231B-3E12-4873-9290-D7F5F540496B} - \ea91fdad-56cc-455a-b30f-93e73caed570-7 -> No File 
    Task: {13123213-9A30-4B3A-932E-8DDCD3F8A2F3} - \ea91fdad-56cc-455a-b30f-93e73caed570-5_user -> No File 
    Task: {15C15412-BB63-4F10-A91E-295CFA8753FE} - \ActionManager -> No File 
    Task: {15D73C66-B672-4E39-B36C-C614EF4A8D7B} - \ea91fdad-56cc-455a-b30f-93e73caed570-2 -> No File 
    Task: {1617E024-76C0-42E0-8E3D-86081922AA0E} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-7 -> No File 
    Task: {1714B3E5-FFC6-4993-82F2-F6DE18E7F278} - \Super Optimizer Schedule -> No File 
    Task: {2B0819F5-C309-4DEB-849A-95241D11AA2B} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-1 -> No File 
    Task: {2CCAD9FC-F8C9-48C7-B363-11AB0D054C18} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-3 -> No File 
    Task: {30B8445F-DCB1-46A4-85FE-AA2B174B4FE3} - \PastaQuotes -> No File 
    Task: {3492BC1F-5948-42BB-8E35-7EF79B348AD2} - \ea91fdad-56cc-455a-b30f-93e73caed570-3 -> No File 
    Task: {377704C5-30C6-4D1F-9101-12375BC15133} - \Yahoo! Search Updater -> No File 
    Task: {38720CA7-1903-4087-8437-DD1BE0CDB677} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-5 -> No File 
    Task: {3A272A3F-F3CD-4EFB-8055-2A77AC798BBB} - \584eca41-fcff-4dc9-b44e-f3245db460e5-7 -> No File 
    Task: {3D4F80E2-CA82-45CA-BA29-804ABA5CC706} - \ea91fdad-56cc-455a-b30f-93e73caed570-11 -> No File 
    Task: {4DD47FE6-B844-42B5-B200-386F9B320025} - \584eca41-fcff-4dc9-b44e-f3245db460e5-3 -> No File 
    Task: {509E544F-559D-4764-B4AD-F1EC9AA4F77B} - \FF Watcher {C63DA696-4D43-4D96-A6FB-CB3C2769A4C4} -> No File 
    Task: {51F12D37-FA29-4690-8A65-450700AB7EA0} - \584eca41-fcff-4dc9-b44e-f3245db460e5-2 -> No File 
    Task: {5418A86C-B8D6-447A-AC82-5A539B84EE7D} - \584eca41-fcff-4dc9-b44e-f3245db460e5-5_user -> No File 
    Task: {5776DD9A-C114-4CF1-96C7-9DB320702135} - \ea91fdad-56cc-455a-b30f-93e73caed570-6 -> No File 
    Task: {5AD5A0E2-406E-4416-B757-8EF42BB43768} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-6 -> No File 
    Task: {5C1D7C06-5EF1-4799-8B33-313B1C70EEC0} - System32\Tasks\Hyper Browser Runner => C:\Users\Amanda6796\AppData\Local\Hyper Browser\HyperBrowser.exe
    Task: {63382B1B-A3BD-44B6-912A-C039BFC92695} - \ConsumerInputUpdateTaskMachineUA -> No File 
    Task: {6390D2EC-FC52-4C5C-91A5-A514648F965E} - \ConsumerInputUpdateTaskMachineCore -> No File 
    Task: {63E89ED9-9DB1-4352-909D-BF7621E69F3D} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-2 -> No File 
    Task: {65364589-8561-49F4-BD11-678627E421A8} - \CIMT_S-1-5-21-2335688119-3391619258-3155059803-1001 -> No File 
    Task: {6EE38EE4-BB44-43E0-8D5C-D4915A4709F5} - \CIMT_daily_S-1-5-21-2335688119-3391619258-3155059803-1001 -> No File 
    Task: {74A76266-F8B0-4135-AAE3-9130C1A9035C} - \584eca41-fcff-4dc9-b44e-f3245db460e5-6 -> No File 
    Task: {752CEFED-FF70-43D4-B2B0-B938F512CA1E} - \FF Watcher {606EC8D3-4F00-4366-A11B-20CFA196C72B} -> No File 
    Task: {767EDFDF-C180-4B5A-86FF-3A435AE869C3} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-2 -> No File 
    Task: {7794AD96-53DD-4691-86E3-EDC3D3B0126D} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-1 -> No File 
    Task: {80C7D926-B88E-49B6-8846-8F046D62C8E2} - System32\Tasks\6f45a261-cfb5-4c13-97e7-bd2ba78f28ac => C:\Program Files (x86)\Object Browser\ea91fdad-56cc-455a-b30f-93e73caed570-4.exe 
    Task: {8CB02DA5-4620-498C-8C79-B195968DA5BD} - System32\Tasks\Microsoft\Windows\Maintenance\Hyper Browser Update => C:\Users\Amanda6796\AppData\Local\Hyper Browser\HyperBrowser.exe
    Task: {9302FCDF-4683-47A7-A749-5170760D691C} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-5_user -> No File 
    Task: {93F124F5-4136-450E-9866-ACCB1FF8D108} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-5 -> No File 
    Task: {97788559-5082-44BF-8F48-0BF61BC07FCE} - \ea91fdad-56cc-455a-b30f-93e73caed570-5 -> No File 
    Task: {9AAE7A97-EBD0-4B40-B1F1-5E723B275DB5} - System32\Tasks\2cfc1f2a-13f9-4336-97c0-9168c1f24649 => C:\Program Files (x86)\Object Browser\584eca41-fcff-4dc9-b44e-f3245db460e5-4.exe 
    Task: {AEF90454-99D2-4E25-A0F0-BE4CFF53D906} - \FF Watcher {BACBA420-767F-470E-8066-D92B16075A9B} -> No File 
    Task: {B2348A4A-C294-4AF1-883E-E822CBFCBD1A} - \Optscan -> No File 
    Task: {B38BEE96-4502-475E-8BB2-668514ABB308} - \LaunchPreSignup -> No File 
    Task: {B57E84D0-4A0C-4C51-9E7D-226DFD80D9EA} - \ea91fdad-56cc-455a-b30f-93e73caed570-4 -> No File 
    Task: {B6890840-9EA6-4794-8F77-4E3EA2CA21D3} - \584eca41-fcff-4dc9-b44e-f3245db460e5-11 -> No File 
    Task: {C285FC86-3BB9-4E1A-9D27-908A2814A120} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-6 -> No File 
    Task: {CF3A101C-1BD9-457C-A4F0-72B68AC20A2C} - \SPBIW_UpdateTask_Time_343033333631333330312d2323782a32455b4134572d32 -> No File 
    Task: {DBD589BF-89BC-4B96-AD94-2DF63B9902D6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 
    Task: {DCC53029-2740-4D43-881B-60DEE75F375E} - \584eca41-fcff-4dc9-b44e-f3245db460e5-5 -> No File 
    Task: {E659948E-7217-4E46-95DD-7DD86F7C8BA8} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-11 -> No File 
    Task: {E84A05AC-36A6-42ED-92DF-BCAF4AFE16D7} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 
    Task: {E859D650-F110-4BFD-ACDB-FA400C612CC2} - \584eca41-fcff-4dc9-b44e-f3245db460e5-4 -> No File
    Task: {EC063551-255A-48E3-B100-518AF4604EE0} - \38fc558c-33cc-4a4c-9f55-c2be5efed155-7 -> No File
    Task: {F5874517-4405-4EB4-8477-79EC5F008967} - \EbonmediaUpdater -> No File 
    Task: {FA5A5008-AB63-47E2-B8DE-D5698A89C5A6} - \8f3202e3-ffd0-45fa-a4a2-4613483ff3e9-4 -> No File 
    Task: {FC32B170-FECA-407B-8AB2-C48709033813} - \Bidaily Synchronize Task[8da6] -> No File 
    Task: {FEBAF5D8-1A63-4336-955F-D247B3628240} - \DNSMOHAWK -> No File 
    C:\Program Files (x86)\Object Browser
    Task: C:\WINDOWS\Tasks\2cfc1f2a-13f9-4336-97c0-9168c1f24649.job => C:\Program Files (x86)\Object Browser\584eca41-fcff-4dc9-b44e-f3245db460e5-4.exe 
    Task: C:\WINDOWS\Tasks\6f45a261-cfb5-4c13-97e7-bd2ba78f28ac.job => C:\Program Files (x86)\Object Browser\ea91fdad-56cc-455a-b30f-93e73caed570-4.exe 
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

Edited by deeprybka, 27 December 2015 - 06:24 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jsaunders1974

jsaunders1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 27 December 2015 - 05:15 PM

Followed steps.  Logs are attached.

 

Proxy error is still present.

 

Thanks

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 28 December 2015 - 03:11 AM

Proxy error is still present.


Please describe the problem in detail.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jsaunders1974

jsaunders1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 December 2015 - 12:09 PM

Web browsing with IE 11 or Chrome 43.0.2 throws error "The proxy server isnt responding 127.0.0.1"

 

Internet options / Lan settings is set to use Automatic detect settings.  It did have 127.0.0.1:65608 so it looks like the browser was hijacked.

 

I can ping and resolve domain names.

 

Some programs can connect out like Skype or Malwarebytes so the TCP/IP stack is functioning.

 

OS = Windows 8



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 28 December 2015 - 12:22 PM

Internet options / Lan settings is set to use Automatic detect settings.  It did have 127.0.0.1:65608 so it looks like the browser was hijacked


Please post a screenshot.

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jsaunders1974

jsaunders1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 December 2015 - 12:39 PM

Screen shots attached.


Screen shots attached.

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 28 December 2015 - 12:42 PM

But there are no entries`...

Please reset chrome and IE.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 jsaunders1974

jsaunders1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 December 2015 - 12:56 PM

I have reset IE settings to the default and restarted computer.  No change.

 

If there are different steps please let me know.

 

There should not be any entries since I am not using a proxy server.



#10 jsaunders1974

jsaunders1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 28 December 2015 - 01:14 PM

When setting the proxy server to "http://127.0.0.1/proxy.pac" and the PAC file is empty Chrome and IE start working.

 

However I see that most apps like Netflix, Kindle, etc open and then close.  Looking at the windows event viewer the app log (attached) shows signs of a corrupt registry.

 

It seems I need to restore this laptop from factory default to resolve all of the issues.

Attached Files



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 28 December 2015 - 01:25 PM

It seems I need to restore this laptop from factory default to resolve all of the issues.


Since that issue isn't completely explored that might be the best solution to fix it in a timely manner.
 

http://www.bleepingcomputer.com/forums/t/597457/proxy-server-isnt-responding/


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users