IE and FF showing proxy error

September 11, 2016 at 09:28:09
Specs: Windows 8.1, Core 2 Duo / 4 GB
My browsers IE and FF are showing error: The proxy server isn't responding. Check proxy setting and Proxy settings are refusing connections. LAN settings are also disabled in Internet Settings. IDM is working fine.
I have Windows 8.1, 4 GB DDR2, Core 2 Duo 6600 2.4 Ghz

I have searched and found that system is infected but what to do next? I have run Adwcleaner first and then Junk removal tool.

Check below for logs.
Kindly help.

See More: IE and FF showing proxy error

Reply ↓  Report •

September 11, 2016 at 09:29:49
# AdwCleaner v6.010 - Logfile created 11/09/2016 at 21:10:32
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Windows 8.1 Enterprise (X86)
# Username : XaphaR - ZAFAR-PC
# Running from : D:\Libraries\New folder\adwcleaner_6.010.exe
# Mode: Clean
# Support :

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\XaphaR\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Folder deleted: D:\Libraries\My Documents\Video Converter
[-] Folder deleted: C:\Program Files\badu
[-] Folder deleted: C:\Users\Public\Documents\dmp
[-] Folder deleted: C:\Users\XaphaR\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
[-] Folder deleted: C:\Users\XaphaR\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

***** [ Files ] *****

[#] File deleted: C:\Users\XaphaR\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\invalidprefs.js
[#] File deleted: C:\Users\XaphaR\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKU\S-1-5-21-1042926077-4137482015-4053976172-1001\Software\
[-] Key deleted: HKU\S-1-5-21-1042926077-4137482015-4053976172-1001\Software\UCBrowserPID
[#] Key deleted on reboot: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Key deleted on reboot: HKCU\Software\
[#] Key deleted on reboot: HKCU\Software\UCBrowserPID
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
[-] Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

***** [ Web browsers ] *****


:: "Tracing" keys deleted
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C1].txt - [16172 Bytes] - [23/03/2016 16:00:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [2719 Bytes] - [11/09/2016 21:10:32]
C:\AdwCleaner\AdwCleaner[R0].txt - [290 Bytes] - [23/03/2016 15:49:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [16496 Bytes] - [23/03/2016 15:55:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [3328 Bytes] - [11/09/2016 21:08:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3011 Bytes] ##########

Reply ↓  Report •

September 11, 2016 at 09:30:16
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Enterprise x86
Ran by XaphaR (Administrator) on Sun 09/11/2016 at 21:16:38.40

File System: 13

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\XaphaR\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\XaphaR\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (XaphaR) (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\iobit\driver booster (Folder)
Successfully deleted: C:\Windows\prefetch\ (File)
Successfully deleted: C:\Windows\prefetch\ (File)
Successfully deleted: C:\Windows\prefetch\ (File)
Successfully deleted: C:\Windows\prefetch\ (File)
Successfully deleted: C:\Windows\prefetch\ (File)

Registry: 0

Scan was completed on Sun 09/11/2016 at 21:17:38.26
End of JRT log

Reply ↓  Report •

September 11, 2016 at 09:32:50
After all this still the same problem with IE.
Firefox is not running. Error show "Your firefox profile cannot be loaded. It may be missing or inaccessible".

Reply ↓  Report •

Related Solutions

September 11, 2016 at 14:04:30
Please run MalwareBytes too and post the log:
(use the "download" button rather than the "buy" button).
Install and Run the program but before running the Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 11, 2016 at 14:54:59
Downloaded and installed BUT scanning process is stuck on this.
Any other program?

Reply ↓  Report •

September 11, 2016 at 15:19:27
That's the one I particularly wanted to be run. It is usually OK, maybe uninstall and re-install using a new download. It might take a while to update but it is not usually very long.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 11, 2016 at 15:21:49
alright done with it.

Reply ↓  Report •

September 11, 2016 at 15:22:07
Malwarebytes Anti-Malware

Scan Date: 9/12/2016
Scan Time: 2:47 AM
Logfile: scanhis.txt
Administrator: Yes

Malware Database: v2016.09.11.08
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: XaphaR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263029
Time Elapsed: 13 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
HackTool.AutoKMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service KMSELDI, Quarantined, [2fb529472e6c9a9c13d137a528dc5fa1],
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7FE1B2C-F59A-45F4-BD84-C5AD99F7E8C4}, Delete-on-Reboot, [c4207000a2f8be78e65ec4397390e61a],
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler, Delete-on-Reboot, [5c88c4aceeac290d59ecd22bb44f54ac],

Registry Values: 1
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F7FE1B2C-F59A-45F4-BD84-C5AD99F7E8C4}|Path, \InstallShield® Update Service Scheduler, Delete-on-Reboot, [c4207000a2f8be78e65ec4397390e61a]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 11
HackTool.AutoKMS, C:\Program Files\KMSpico\Service_KMS.exe, Quarantined, [2fb529472e6c9a9c13d137a528dc5fa1],
HackTool.AutoKMS, C:\Program Files\KMSpico\AutoPico.exe, Quarantined, [40a4d9979307a690881a72e4cd335aa6],
HackTool.AutoKMS, C:\Program Files\KMSpico\KMSELDI.exe, Quarantined, [786c5e123367bc7a0cd99c40689c916f],
CrackTool.IDMCrack, D:\Libraries\New folder\tmp sftwr\IDM 6.26 build 2 Setup +, Quarantined, [35af1b55356540f6a206d9c6f908a15f],
PUP.Optional.Smeazymo, C:\Users\XaphaR\AppData\Local\jaytechno.dat, Quarantined, [a93b5f113466a98dba1a3896c73b7090],
PUP.Optional.Smeazymo, C:\Users\XaphaR\AppData\Local\jaytechno.exe.config, Quarantined, [766e264a91093bfbddf75b7342c0a35d],
PUP.Optional.Smeazymo, C:\Users\XaphaR\AppData\Local\JAYTECHNO.EXE.vir, Quarantined, [f6eeabc57426be78795b9a34a65c6b95],
PUP.Optional.FaceMoods, C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchost.xml, Quarantined, [a73d4d2332683204c50600a1fa0957a9],
PUP.Optional.WinYahoo, C:\Users\XaphaR\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [15cf70001e7c1a1cb4e3952ea65de818],
Hijack.AutoConfigURL.PrxySvrRST, C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler, Quarantined, [63813b355e3cac8a5be709f423e031cf],
Hijack.AutoConfigURL.PrxySvrRST, C:\Windows\Tasks\InstallShield® Update Service Scheduler.job, Quarantined, [08dcd89821791521380bbe3fa063db25],

Physical Sectors: 0
(No malicious items detected)


Reply ↓  Report •

September 11, 2016 at 15:45:32
Any improvement?

A Johnw might happen to come along and see this one and go through a full clean with you.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 11, 2016 at 19:29:24
Have you downloaded some key generators or license hack tools?

This could fix the proxy error:

Reply ↓  Report •

September 11, 2016 at 23:16:43
@Derek, yes IE is working now. But LAN settings are still disabled in Internet Settings and Firefox is still not running. Error show "Your firefox profile cannot be loaded. It may be missing or inaccessible". I am going to reinstall FF.
What to do next?

@sluc, yes I did it. I have disabled my BitDef Int sec for a few minutes too to run that patch. Anyway all of the procedure in the above Microsoft support link is already been done by me. Nothing happened. AntiMalwareBytes worked.

Reply ↓  Report •

September 12, 2016 at 04:52:49
I'll ask Johnw if he is available to join us because we ought to be sure there is no more malware lurking.

In the meantime yes, re-install Firefox. You could also try IE Reset:
IE > Tools > Internet Options > Advanced > Reset button.

Always pop back and let us know the outcome - thanks

Reply ↓  Report •

September 12, 2016 at 11:44:05
Yes FF is working now after reinstall. But LAN settings are still disabled in Internet Settings of IE. Let me Reset IE. Later.
Thank you everyone.

Reply ↓  Report •

September 12, 2016 at 17:54:00
Hi again xaphar.

Let me look at these logs please.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
If we have to run Farbar more than once, refer this SS.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
Instructions on how to use ZippyShare.

Reply ↓  Report •

September 14, 2016 at 07:43:57
Also post the versions of IE & FF you are using

i_Xp/Vista/W7/W10 User

Reply ↓  Report •

Ask Question