Over 1 million tech questions and answers.

Windows 8.1 Laptop keeps setting Internet Explorer Proxy Server

Q: Windows 8.1 Laptop keeps setting Internet Explorer Proxy Server

I have a Windows 8.1 Laptop that keeps getting it's Use Proxy Server setting turned on in Internet Options.  I uncheck it, click OK, click Lan Settings and it's checked again.  I've run Rkill, Adwcleaner, JRT, Tdsskiller, and run a full Malwarebytes.  I am currently running a sfc /scannow, as I couldn't get gpedit.msc to load.  Any ideas?
 
Here's my Adwcleaner(SO).txt
# AdwCleaner v4.206 - Logfile created 05/06/2015 at 11:43:39
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : reginaldscott - HERMAN
# Running from : C:\Users\reginald\Desktop\phillip\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Kromtech
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\App Client
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\reginald\AppData\Local\globalUpdate
Folder Deleted : C:\Users\reginald\AppData\Local\GeniusBox
Folder Deleted : C:\Users\reginald\AppData\Local\Kromtech
Folder Deleted : C:\Users\reginald\AppData\LocalLow\zoomify
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akjeeijengimhajmemcjoocganikbopa
File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\WINDOWS\System32\drivers\SPPD.sys
File Deleted : C:\Users\reginald\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Deleted : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : pcreg
Task Deleted : Validate Installation
Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Updater
Task Deleted : WinZipDriverUpdaterRunAtStartup
Task Deleted : TidyNetwork Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKCU\Software\rttasks
Key Deleted : HKCU\Software\AppDataLow\Software\zoomify
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ch&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0DtCyC0CtCyCyCtG0AtD0CyDtGzzyCtB0FtGzz0FtD0CtGyD0BtDyBtDzz0CyE0A0B0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1127455454&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [22311 bytes] - [05/06/2015 11:42:39]
AdwCleaner[S0].txt - [8739 bytes] - [05/06/2015 11:43:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8798  bytes] ##########
 
 
___________________________________________________________________________________________________________________________________
Here is the Adwcleaner(r0).txt
 

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 11:42:39
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : reginaldscott - HERMAN
# Running from : C:\Users\reginald\Desktop\phillip\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akjeeijengimhajmemcjoocganikbopa
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_akjeeijengimhajmemcjoocganikbopa_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_us.yhs4.search.yahoo.com_0.localstorage-journal
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Found : C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
File Found : C:\Users\reginald\Desktop\Continue Live Installation.lnk
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\System32\drivers\SPPD.sys
Folder Found : C:\Program Files (x86)\App Client
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Kromtech
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
Folder Found : C:\Users\reginald\AppData\Local\GeniusBox
Folder Found : C:\Users\reginald\AppData\Local\globalUpdate
Folder Found : C:\Users\reginald\AppData\Local\Kromtech
Folder Found : C:\Users\reginald\AppData\LocalLow\zoomify
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Scheduled tasks ] *****
 
Task Found : Check Updates
Task Found : GeniusBox
Task Found : pcreg
Task Found : Validate Installation
Task Found : Yahoo! Search
Task Found : Yahoo! Search Updater
Task Found : WinZipDriverUpdaterRunAtStartup
Task Found : TidyNetwork Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Data Found : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings [ProxySettingsPerUser] - 0
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63030;hxxps=127.0.0.1:63030
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\Software\zoomify
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\rttasks
Key Found : HKCU\Software\Search Extensions
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\UpdateFiles
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7369E393-7379-41E9-AB90-1506BF3C373B}
Key Found : [x64] HKCU\Software\Microsoft\KanarCore
Key Found : [x64] HKCU\Software\rttasks
Key Found : [x64] HKCU\Software\Search Extensions
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\UpdateFiles
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\Microsoft\KanarCore
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_cmi_14_52_ch&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtDzzyCtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0DtCyC0CtCyCyCtG0AtD0CyDtGzzyCtB0FtGzz0FtD0CtGyD0BtDyBtDzz0CyE0A0B0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1127455454&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\reginald\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Found [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
         "usage_count": 0
      }
   },
   "devtools": {
      "port_forwarding_config": {
         "8080": "localhost:8080"
      },
      "port_forwarding_default_set": true,
      "split_location": 218
   },
   "distribution": {
      "create_all_shortcuts": false,
      "msi": true,
      "skip_first_run_ui": true,
      "system_level": true,
      "verbose_logging": true
   },
   "download": {
      "directory_upgrade": true,
      "extensions_to_open": "jpg"
   },
   "enhanced_bookmarks_enabled": 0,
   "extensions": {
      "alerts": {
         "initialized": true
      },
      "autoupdate": {
         "last_check": "13077967284361147",
         "next_check": "13077993088010289"
      },
      "blacklistupdate": {
         "lastpingday": "13028716804240298",
         "version": "0.0.0.149"
      },
      "chrome_url_overrides": {
         "bookmarks": [ "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html" ]
      },
      "commands": {
 
      },
      "last_chrome_version": "38.0.2125.111",
      "settings": {
         "ahfgeienlihckogmohjhadlkjgocpleb": {
            "active_bit": true,
            "active_permissions": {
               "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
               "manifest_permissions": [  ]
            },
            "app_launcher_ordinal": "t",
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "install_time": "13059204090782108",
            "last_launch_time": "13063738811795647",
            "location": 5,
            "manifest": {
               "app": {
                  "launch": {
                     "web_url": "hxxps://chrome.google.com/webstore"
                  },
                  "urls": [ "hxxps://chrome.google.com/webstore" ]
               },
               "description": "Discover great apps, games, extensions and themes for Google Chrome.",
               "icons": {
                  "128": "webstore_icon_128.png",
                  "16": "webstore_icon_16.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
               "name": "Web Store",
               "permissions": [ "webstorePrivate", "management", "system.cpu", "system.display", "system.memory", "system.network", "system.storage" ],
               "version": "0.2"
            },
            "page_ordinal": "n",
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\web_store",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "bepbmhgboaologfdajaanbcjmnhjmhfn": {
            "disable_reasons": 1,
            "state": 0
         },
         "booedmolknjekdopkepjjeckmjkdpfgl": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
               "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
               "manifest_permissions": [  ],
               "scriptable_host": [ "chrome://settings-frame/*" ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13063892157480214",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": true,
                  "scripts": [ "bk.js" ]
               },
               "content_scripts": [ {
                  "js": [ "cs.js" ],
                  "matches": [ "chrome://settings-frame/*" ]
               } ],
               "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
               "description": "Extutil",
               "incognito": "spanning",
               "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Extutil",
               "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
               "version": "0.1"
            },
            "path": "C:\\Users\\reginald\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "dnhpdliibojhegemfjheidglijccjfmc": {
            "active_permissions": {
               "api": [ "hotwordPrivate", "tabs", "webConnectable" ],
               "explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*", "chrome://newtab/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090785203",
            "location": 5,
            "manifest": {
               "background": {
                  "persistent": false,
                  "scripts": [ "manager.js" ]
               },
               "externally_connectable": {
                  "matches": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/" ]
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB",
               "manifest_version": 2,
               "minimum_chrome_version": "32",
               "name": "hotword helper",
               "permissions": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/", "hotwordPrivate", "tabs" ],
               "version": "0.0.2.0"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\hotword_helper",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "eemcgdkfndhakfknompkggombfjjjeno": {
            "active_permissions": {
               "api": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [  ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090778941",
            "location": 5,
            "manifest": {
               "chrome_url_overrides": {
                  "bookmarks": "main.html"
               },
               "content_security_policy": "object-src 'none'; script-src chrome://resources 'self'",
               "description": "Bookmark Manager",
               "icons": {
 
               },
               "incognito": "split",
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
               "manifest_version": 2,
               "name": "Bookmark Manager",
               "permissions": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/" ],
               "version": "0.1"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\bookmark_manager",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "ennkphjdgehloodpbhlhldgbnhmacadg": {
            "active_permissions": {
               "api": [  ],
               "explicit_host": [ "chrome://settings-frame/*" ],
               "manifest_permissions": [  ]
            },
            "commands": {
 
            },
            "content_settings": [  ],
            "creation_flags": 1,
            "events": [ "app.runtime.onLaunched" ],
            "from_bookmark": false,
            "from_webstore": false,
            "incognito_content_settings": [  ],
            "incognito_preferences": {
 
            },
            "initial_keybindings_set": true,
            "install_time": "13059204090786202",
            "location": 5,
            "manifest": {
               "app": {
                  "background": {
                     "scripts": [ "settings_app.js" ]
                  }
               },
               "description": "Settings",
               "display_in_launcher": false,
               "icons": {
                  "128": "settings_app_icon_128.png",
                  "16": "settings_app_icon_16.png",
                  "32": "settings_app_icon_32.png",
                  "48": "settings_app_icon_48.png"
               },
               "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB",
               "manifest_version": 2,
               "name": "Settings",
               "permissions": [ "chrome://settings-frame/" ],
               "version": "0.2"
            },
            "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\38.0.2125.111\\resources\\settings_app",
            "preferences": {
 
            },
            "regular_only_preferences": {
 
            },
            "running": false,
            "state": 1,
            "was_installed_by_default": false,
            "was_installed_by_oem": false
         },
         "flpcjncodpafbgdpnkljologafpionhb": {
            "active_permissions": {
               "api": [ "tabs", "webNavigation" ],
               "explicit_host": [ "chrome://favicon/*", "chrome://resources/*", "chrome://settings-frame/*", "hxxp://*.conduit.com/*
 
*************************
 
AdwCleaner[R0].txt - [22103 bytes] - [05/06/2015 11:42:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22163 bytes] ##########
 
_____________________________________________________________________________________________________________________
Here's the original Malwarebytes
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/4/2015
Scan Time: 10:10:49 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.19.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: reginaldscott
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405422
Time Elapsed: 1 hr, 15 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.GeniusBox.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GeniusBox, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [6a15fe9777139f97dbdf7d5e07fccf31], 
PUP.Optional.GeniusBox.C, HKLM\SOFTWARE\WOW6432NODE\GeniusBox, Quarantined, [2d529ff6c8c2a393652cbfb27c8908f8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89D28E1D-D4D3-4085-8F5F-E57CE4E15232}, Quarantined, [2b544b4abbcf2d095d8a4828ea1ba35d], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA721BEE-6830-41D5-9401-6B0A12BC922F}, Quarantined, [9ae54352296172c4499c3d3338cd649c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC33E2CE-DFB8-4698-BABA-8150E5D539B8}, Quarantined, [cab56c295f2b0432b5311b5532d3af51], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD78E78D-CBF1-4437-949D-93A86A8DE23F}, Quarantined, [a6d9a1f4e7a3a78f02e4521ec73ea15f], 
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [7d02f1a4acded561dbe0e1faeb189769], 
 
Registry Values: 14
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [6a15fe9777139f97dbdf7d5e07fccf31]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [0c73e4b1a2e8ba7c9f1be8f314ef26da]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, Quarantined, [0c73bbdaa4e642f4b703f2e98a7955ab]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Taplika, Quarantined, [6619801585054de9f9c186558b783bc5]
PUP.Optional.Taplika.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Taplika, Quarantined, [afd03d587515e84ecfebb82320e3966a]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89d28e1d-d4d3-4085-8f5f-e57ce4e15232}|AppName, Supreme Savings-codedownloader.exe, Quarantined, [2b544b4abbcf2d095d8a4828ea1ba35d]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{aa721bee-6830-41d5-9401-6b0a12bc922f}|AppName, SuperLyrics-1-bg.exe, Quarantined, [9ae54352296172c4499c3d3338cd649c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ac33e2ce-dfb8-4698-baba-8150e5d539b8}|AppName, SuperLyrics-1-buttonutil.exe, Quarantined, [cab56c295f2b0432b5311b5532d3af51]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cd78e78d-cbf1-4437-949d-93a86a8de23f}|AppName, Supreme Savings-buttonutil.exe, Quarantined, [a6d9a1f4e7a3a78f02e4521ec73ea15f]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [7d02f1a4acded561dbe0e1faeb189769]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_adk2_15_07&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtA0FyCtC0BtAyEyD0DtByBtN0D0Tzu0StCtCtAyDtN1L2XzutAtFyBtFtBtFtDtN1L1Czu2Z1E1I1V1T1Q1JtBtN1L1G1B1V1N2Y1L1Qzu2StCzyyDtAyB0DyC0BtG0AyDyDtCtGtCyEyD0BtG0AtC0D0FtGyDtCtCyCtAyB0CtD0AzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtC0Bzz0Bzz0AtG0AzytA0AtGyE0Azz0AtGzzzytDtCtG0EtCyCtDzz0B0C0F0EtCtCzz2Q&cr=1642926740&ir=, Quarantined, [b8c74055c7c3d462b10a3f9cb64d36ca]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|FaviconPath, C:\Program Files (x86)\WSE_Taplika\\FavIcon.ico, Quarantined, [83fc5045fa90171fe9d227b455ae837d]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Taplika, Quarantined, [7d02f69f711914224576904b4bb86799]
PUP.Optional.Taplika.A, HKU\S-1-5-21-3366332756-3776783878-1445774773-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Taplika, Quarantined, [86f93065890161d503b87962f3100000]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources, Quarantined, [3748860ff991112537b130412ed74eb2], 
 
Files: 31
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{FD4559CD-F75D-4919-9447-102D2B3403E9}, Quarantined, [ccb32a6bb7d379bd79091c413acca45c], 
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{49EB838B-D04F-4D36-A65C-49FC5ADAF3B0}, Quarantined, [ccb382134a40ee48b3cfacb1d333d927], 
PUP.Optional.Tuto4PC.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{111EAB81-843D-4A91-9F76-EB8DD60D2650}, Quarantined, [a9d65243ee9cd462acd6401d0ff7e020], 
PUP.Optional.DownloadAdmin.C, C:\ProgramData\Comodo\Cis\Quarantine\data\{2FF9DDE9-5876-4038-874A-CE93400C1AAA}, Quarantined, [5f2043526426ea4c68b24c1242c4c937], 
PUP.Optional.InstallCore.SID.C, C:\ProgramData\Comodo\Cis\Quarantine\data\{06C1707D-B549-4163-9EAC-2FB9BED4DC59}, Quarantined, [e897d1c44545c86e8865e67715f19c64], 
PUP.Optional.OutBrowse.C, C:\Users\reginald\AppData\Local\Temp\bcicabececc.exe, Quarantined, [5e21f99c018937ff660e9dc0da2ca55b], 
PUP.Optional.BundleInstaller.A, C:\Users\reginald\Downloads\setup (1).exe, Quarantined, [4e31d4c1731739fd2024b1abaa584fb1], 
PUP.Optional.GeniusBox.C, C:\Windows\System32\Tasks\GeniusBox, Quarantined, [037c3d583e4c78be8b043b36887db54b], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\client.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\certmanager.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Client.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\clientdata.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\cl_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\makecert.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\settings.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Tasks.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\tasks.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\ts_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Uninstall.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\uninstall.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\un_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Updater.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\updater.exe.config, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\up_07a3e2f1-434e-40e4-b3ac-556c01963223.txt, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\certutil.exe, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libnspr4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplc4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\libplds4.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\nss3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\smime3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
PUP.Optional.GeniusBox.C, C:\Program Files (x86)\user extensions\Resources\softokn3.dll, Quarantined, [3748860ff991112537b130412ed74eb2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

 
 
I had already deleted the other log files.

RELEVANCY SCORE 200
Preferred Solution: Windows 8.1 Laptop keeps setting Internet Explorer Proxy Server

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Windows 8.1 Laptop keeps setting Internet Explorer Proxy Server

Download and run wipe  and system ninja,
 
https://privacyroot.com/software/www/en/wipe.php
https://singularlabs.com/software/system-ninja/
 
Then.....
 
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
https://www.piriform.com/ccleaner/download
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
 
Reboot your machine and then follow the  instructions below.
 
Step 1: eScanAV.
 
Disable your antivirus prior to this scan.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
 
Source
http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
Once you have updated the program, make sure the settings are the same as the picture below.
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.
 
Step 2: Zemana
 
Run a full scan with Zemana antimalware.
http://www.zemana.us/product/zemana-antimalware/default.aspx
Install and select deep scan.

Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply.
 
 
Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.
Source
http://thisisudax.org/
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Read other 1 answers
RELEVANCY SCORE 84

Hi, running Windows 7 x64 SP1 notebook, noticed Windows Update failed and found Internet Explorer LAN proxy server settings had been modified to: 127.0.0.1:8888 which appears to be some form of malware/trojan/virus.
 
I was able to add Windows Update exceptions to proxy settings and temporarily remove the changes which allowed Windows Update to function properly but the proxy settings in IE were modified again on reboot.
 
Avast and Malwarebytes don't pick up anything, rebooted in Safe Mode and removed the proxy settings again which hasn't changed again upon reboot but would like to be sure I am clear of or don't have any other infections.
 
Thanks!

A:Internet Explorer Proxy Server 127.0.0.1 Disables Windows Update

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 2 answers
RELEVANCY SCORE 84

Hi,

Does anyone know if something changed in windows 7 in the last week or so in regards to the proxy manager?  Monday the proxy settings were working fine, then I come in Tuesday and most everyone that uses the proxy settings can't get out with firefox
and the proxy settings are no longer being applied to IE11, so they can go anywhere.  The computers are all win7 32 bit.  Here are the keys we are setting:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyServer 127.0.0.1:80
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyOverride [all the white listed sites]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyHttp1.1 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ShowPunycode 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnablePunycode 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings DisableIDNPrompt 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings WarnonBadCertRecving 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings WarnOnPostRedirect 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings EnableAutodial 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet... Read more

Read other answers
RELEVANCY SCORE 84

Hi, running Windows 7 x64 SP1 notebook, noticed Windows Update failed and found Internet Explorer LAN proxy server settings had been modified to: 127.0.0.1:8888 which appears to be some form of malware/trojan/virus.
 
I was able to add Windows Update exceptions to proxy settings and temporarily remove the changes which allowed Windows Update to function properly but the proxy settings in IE were modified again on reboot.
 
Avast and Malwarebytes don't pick up anything, rebooted in Safe Mode and removed the proxy settings again which hasn't changed again upon reboot but would like to be sure I am clear of or don't have any other infections. I don't have an issue with Firefox which is my default browser.
 
I posted in the "Am I Infected? What do I do?"
 
http://www.bleepingcomputer.com/forums/t/610200/internet-explorer-proxy-server-127001-disables-windows-update/?p=3973643
 
and followed the instructions give there to run Farbar and post the logs here.
 
Thanks for the assistance!
 

 Addition.txt   50.45KB
  3 downloads
 

 FRST.txt   60.93KB
  5 downloads

A:Internet Explorer Proxy Server 127.0.0.1 Disables Windows Update

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
CHR HKU\S-1-5-21-1139747661-3720200840-1728026816-1004\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1139747661-3720200840-1728026816-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1139747661-3720200840-1728026816-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.duckduckgo.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL ... Read more

Read other 5 answers
RELEVANCY SCORE 82.4

Hello,

I have strange issue with Windows 8.1 x64 Pro with Media Center. Since it was upgraded from 8, there have been issues with Software Store. Despite internet connection working fine with Firefox and other applications, Store would not connect to the internet. After long investigation I found out that Proxy server setting in Control Panel -> Internet Options -> Connections -> LAN Settings must be disabled in order to get Store working again. For some reason proxy server only stays disabled for the current session, which means when the windows is rebooted it comes back enabled again. My question is how to make it stay permanently disabled, as I don't use any proxy. Thanks.

A:Internet Options Proxy Server setting won't stay off.

Try resetting IE11, Tools> Internet Options Advanced tab, Reset button.

Others have this same problem not sure why.

LAN Connection settings keep changing back to proxy server after - Microsoft Community

Read other 16 answers
RELEVANCY SCORE 82.4

Hello,
I have a local authenticated proxy server in my environment which is not on the local domain. It is a standalone proxy server and had specific login credentials.
When I try to access internet on internet explorer, I am prompted to enter proxy server login details. Also when i execute "invoke-webrequest" command on powershell, i get the error. Details below:
======================

Invoke-WebRequest -uri
www.google.es
Invoke-WebRequest :
Access Denied (authentication_failed)
Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your
credentials can be verified.
This is typically caused by an incorrect username and/or password, but could also be caused by network problems.
For assistance, contact your network support team.
At line:1 char:1
+ Invoke-WebRequest -uri
www.google.es
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
===================================
How can i store the standalone proxy server credentials in common location, so that I am not prompted to enter credentials on any application (Internet explorer or outlook... Read more

Read other answers
RELEVANCY SCORE 81.2

I seem to recall that when you change the proxy settings for Internet Explorer, it's not just IE you are changing. IEs proxy settings are somehow the proxy settings for other apps and the OS as well. Can anyone confirm this? What connections are affected if I add a proxy in IE?

A:Internet Explorer Proxy Setting

The proxy settings in Internet Explorer preferences are for IE and any system function that needs Internet access, such as Windows Update. In a large network going through a company proxy server is often the only way to access the Internet. Many applications choose to use these settings while others have their own configuration options. Many will use the system setting by default but provide the means to override this. Applications are free to do whatever they want regarding proxy servers.

Read other 1 answers
RELEVANCY SCORE 81.2

Dear Sir,
We have written a script for proxy setting. Whenever we run this script proxy setting gets change, but not get affected for use. It goes to old proxy server. Request to help.

Read other answers
RELEVANCY SCORE 80.4

We run a web proxy server on our network for internet access.
On client machines (running Windows 2012 R2) I have configured the proxy server setting in Internet Explorer "Tools\Internet Settings\Connections\LAN Settings" to point at the designated web proxy server.
When attempting to browse websites from IE I receive the "The proxy server isn't responding" error.
Conversely, browsing the same sites via Google Chrome and Firefox (installed on the same client server) return web pages without error.
In addition, if I run Internet Explorer as administrator (Right Click\Run as Administrator), I am able to browse web sites without receiving the error.
It would appear that the issue is isolated to browsing via IE when not run in elevated mode.
Has anyone come across this issue?

A:Server 2012 R2 - Internet Explorer Proxy Server Issue

Hi Dicki,
First, please try to reset the Internet Explorer. Some plug-ins may affect the proxy.
If it doesn't work, please try to perform a network capture on the client.
Please check if the client send the http traffic to the proxy server at the correct port.
If the client has sent the http traffic to the proxy server, please check if there is any warning or error in the proxy server.
To download Network Monitor, please refer to the link below:
http://www.microsoft.com/en-us/download/details.aspx?id=4865
Best Regards.Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Read other 2 answers
RELEVANCY SCORE 80

how to remove trojan virus in windows which can'y be deleted by
trend micro office scan

A:how to configure security setting in internet explorer in windows 2003 server

Hello and welcome to TSF

I would recommend that you go here; read and follow the instructions very carefully; then, post all the requested logs and information; as instructed, to here. (Just click on the coloured links.)

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
Good luck

Please also remember DO NOT post your logs in this thread, please start a new thread here. (Just click on the coloured link.) and post the logs.

Read other 1 answers
RELEVANCY SCORE 78.4

Everytime I change users on Windows XP and connect to the internet, Internet Explorer 7 opens with the Proxy box automatically checked (under Tools>Internet Options>Connections>Settings [for ISP]), causing pages on the internet not to be able to load. Upon unchecking the proxy box, closing IE7 and reopening IE7 (without changing Windows XP user), pages will load fine.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Mom at 18:59:55.20 on Tue 12/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1075 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUS... Read more

A:Internet Explorer 7 Proxy setting automatically checked when opened

Hi MsKelly,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please let me know if the issue is not resolved. In that case please post a fresh DDS.txt post. no need for the Attached.txt if you have not installed or uninstalled new software.

Read other 2 answers
RELEVANCY SCORE 77.6

Hello. I connect via wireless router dsl (comcast), but I want to route through a proxy server.I have read articles/posts in and outside of this forum, but it's not working.After updating Norton with the http address/port# (settings-admin settings-configure network proxy settings-use a proxy server for http connections) the 'apply' button isn't active, and the change doesn't take effect.If I just make the change in 'internet options' from the IE toolbar, then I lose all internet connection.What else do I need to change/do differently, in order for the changes to be accepted?Thanks.

Read other answers
RELEVANCY SCORE 76.4

Hello,"Internet Explorer is using a proxy server on this computer to connect to the Internet." Hitman Pro gives me that message when I do a scan, and is unable to repair the problem. I did all steps suggested at this link, as that person's problem was very similar to mine:http://www.bleepingcomputer.com/forums/topic335743.html ("internet proxy?"). None of the procedures and suggestions contained at that link have worked. Also, Symantec's "Norton Power Eraser" reports two problems: m2wshlex.dll (shell extension) and deaddiskdoctor (directory).I have now done the steps at this link:http://www.bleepingcomputer.com/forums/topic34773.html ("Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help").I've pasted the DDS.txt file immediately after this, and attached the Attach.txt and Ark.txt files. Thank you very much for your assistance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 9:20:49.03 on Sun 08/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.288 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}============== Running Processes ===============C:\W... Read more

A:Internet Explorer is using a proxy server on this computer to connect to the Internet

Hello dannya98, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delayin replying, we are very busy at the moment.Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If youhave since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart t... Read more

Read other 44 answers
RELEVANCY SCORE 76

pleaaaase please help me this is driving me nuts! internet explorer/chrome always falls back to proxy server (which i never used) i did like all the web pages say: unselect proxy, select automatic settings reboot. it will always come back to proxy...

is there a way to fix this? is this happeneing because i have a virus?

thanks for your help!

A:internet explorer always falls back to proxy server

Hi,
Uninstall Chrome,
Then Reset Internet explorer and see if the issue repeats,
See a tutorial here to Reset Internet explorer,
http://www.sevenforums.com/tutorials/1222-internet-explorer-reset.html
After Resetting ie9 or 10,
I would add this to the tutorials process

Read other 9 answers
RELEVANCY SCORE 75.2

Hi everyone,
 
Here is my issue, my computer is functioning ok except for internet explorer. I am able to google and search things but when I try to enter a number of different sites (such as the malwarebytes download page) I receive a message that says "the proxy server isn't responding." "Check your proxy settings 127.0.0.1:8877." When I go into internet options --> Connections----> Lan Settings, the "user proxy server for your lan" is checked and greyed out. I have run malwarebytes which did not fix the issue. Someone mentioned checking a proxy setting in regedit which was set to 1, when I change it to 0 as I was recommended, It did not fix the issue and simply reverted to 1. Im not sure if that is relevant at all but this issue is quite frustrating and any help you could provide would be greatly appreciated.
 
Thanks!
 

A:Internet Explorer says "The Proxy Server Isn't responding" and settings locked

Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 75.2

This Windows 7 PC recently had an infection. I've run Malwarebytes and a few other things, and the infection seems to be gone. However, an issue remains:
 
When attempting to browse with Internet Explorer, any URL I request (www.google.com, www.yahoo.com) gives an error page that says, "The proxy server isn't responding." The given proxy address is pointing at localhost. I am able to browse in Firefox, but I need Internet Explorer to work as well.
 
I cannot disable the "Use proxy server for your LAN" setting under Internet Options -> Connections -> LAN settings.
 
I do not have the knowledge to resolve this problem. Please help. Thank you.
 
DDS LOG=====================================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.65.2
Run by Bonnie at 17:26:23 on 2014-09-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.852 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Wind... Read more

A:Internet Explorer hijacking? 'proxy server isn't responding' issue

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 13 answers
RELEVANCY SCORE 74.4

We have a situation where we have a number of users running IE 11 on Windows 7 , 8 and 8.1. When using Google Maps. The maps fail to render and show the
grid lines when zooming in and scrolling across. When I untick 'Use Proxy Server' in Windows Internet Settings, maps will work fine. We use TMG server for a proxy. Maps works in Chrome as expected.



Does anyone have any suggestions?

Read other answers
RELEVANCY SCORE 72.4

Hi,

Please, could someone help me out ( step-by-step) with how to set up a proxy server connection thru windows xp internet settings?

Thanks

Vijay

Read other answers
RELEVANCY SCORE 71.6

Hi,

I have a computer that I want to set up to use ICS so an Xbox 360 can share the internet connection. But, I want the Windows XP machine to also connect to the internet through a proxy. How can I set up XP to connect through a proxy for everything, including any machines that will use ICS?

Thanks,

Derrick
 

A:Setting up Windows Internet Connection Sharing, and proxy?

I really doubt that XBOX will work through a proxy.
 

Read other 2 answers
RELEVANCY SCORE 71.2

Please Help
I would like to know the best process for setting up Nt server 4.0 as a proxy server
any help will be appreciated
thanks
ray
 

Read other answers
RELEVANCY SCORE 71.2

i need help on setting up a proxy server for home, i just want to use 2 different internet clients, (dont ask why) lol. Anyways, how do you set one up using a browser like mozilla?
 

Read other answers
RELEVANCY SCORE 71.2

My Win8 Start Page apps stopped working - could not access internet. Then I noticed Dropbox couldn't get a "secure connection". But Firefox browser and my email client had no problem with the internet. After hunting around a bit, I discovered that Proxy Server was checked in the LAN Settings of Internet Options-Connections tab. I turned it off and all was well, but it came back on the next boot. I can't find anything suspicious in my autostarted programs and the built-in MS security software isn't complaining about anything.

Anybody have any ideas? I'm fresh out of things to try. Meanwhile I keep resetting the Proxy check box whenever I have to re-boot.

A:Something is setting proxy server

If you haven't tried using System Restore yet, it's pretty handy for this sort of trouble.

From the Windows 8 Start Screen, type Recovery, then click Settings, then click Recovery, and then select Open System Restore. Choose a restore point from before your proxy settings started reinventing themselves.

Best of luck
. . . Gary

Read other 1 answers
RELEVANCY SCORE 70.4

Well...my internet LAN setting under change proxy setting continues to check itself so my internet pages will not load so I have to continuously go to the settings and manually uncheck it every other website I visit. PLEASE HELP!!!

A:LAN setting for proxy server checking itself...

G'day mnunes01, and Welcome to BC.
 
Please run rkill for me.
 
Do NOT reboot after running it.
 
 
Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.
 
    RKill.exe:    http://www.bleepingcomputer.com/download/rkill/dl/10/
       iExplore.exe (renamed rKill.exe):     http://www.bleepingcomputer.com/download/rkill/dl/11/
Rkill.com   RKill Download Link Download Now Rkill.com
 

Read other 4 answers
RELEVANCY SCORE 70.4

Hello, I use a web accelerator called ExpressLink. When I connect to the Internet the proxy server setting is getting turned on automatically even though it is not necessary when using the accelerator. If I disable the proxy server setting, it usually gets turned on again. I do not have any ISP software installed. How do I keep this from happening? I am using Windows XP Home. Attached find .log file.
 

Read other answers
RELEVANCY SCORE 70.4

Hi,
I have Squid installed on a Linux box running OpenSuSE 10.3. Does anyone know of a guide for configuring it for public access. So far it works fine from inside my internal network.

Does anyone know of any other proxy server programs for linux? Thanks.
 

A:Setting up a public proxy server

Hum.. Why are you doing this? You do realise that you will not be able to keep this proxy "secret" (even if you use non-default ports)? There are literally thousands of machines out there doing port scans and looking for open proxies just like yours. Once found, your machine becomes a conduit for everything that needs to be hidden from law enforcement officials. (And you will be the one questioned about all that child porn, hacking attempts and spam.) You should be prepared to keep throrough logs of everything and have a fast internet connection.

Anyway, first you should find out whether it is your firewall or Squid itself that is blocking access from the internet.

For all the Squid documentation you would ever want, try the totally unthinkable www.squid.org
 

Read other 13 answers
RELEVANCY SCORE 70.4

When I sign on I get a page that says.... more or less, my connection is wrong. So I then have to go to;1`
 

A:how to undo proxy server setting

I answered in the other thread. Please don't double post the same problem in different forums.
 

Read other 1 answers
RELEVANCY SCORE 70.4

Hi, The proxy server setting is hijacked and keeps resetting to 127.0.0.0 port 8000. I do not use proxy to connect to the internet. The reset happens after a reboot. I am running windows 8.1 on a dell inspiron 17r. Can anyone help with this please?

A:proxy server setting is hijacked

Hello there,
 
I'm not sure there's anything malicious about 127.0.0.0 port 8000.. it's the default server.
 
I'm sure someone will correct me if I'm wrong through.
 
Thanks,
Lighthouse Party

Read other 12 answers
RELEVANCY SCORE 70.4

I don't know what is causing this, nor how to stop it.

A:The "Use proxy server for LAN" setting keeps turning itself on

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 6 answers
RELEVANCY SCORE 70.4

Hello, I use a web accelerator called ExpressLink. When I connect to the Internet the proxy server setting is getting turned on automatically even though
it is not necessary when using the accelerator. If I disable the proxy server setting, it usually gets turned on again. I do not have any ISP software
installed. I have tried setting my connection to "Never dial a connection." but as soon as the accelerator starts the proxy server setting turns on. How do I keep this from happening? I am using Windows XP Home.
 

A:Disabling the Proxy Server Setting

The accelerator IS the proxy. The proxy settings probably look like "localhost:8080" or something like that, right? If that's the case, you would need to disable the accelerator, which is probably not something you want to do anyway, so you will need to leave the proxy settings enabled.
 

Read other 2 answers
RELEVANCY SCORE 69.6

Hi all

We have just installed Websense Software for Internet Filtering. We now want to point all our 250+ PCs to the Proxy Server. Rather than doing this individually on each PC, I understand this can be done via Group Policy (GP). I have identified that in the UserConfig, under Windows Settings\Internet Explorer Maintenance\connection you can select Proxy Settings. Here I enable Proxy, set the Proxy IP and to use the same proxy for all addresses.
On saving and assigning the GPO to the workstation, it fails to apply the settings. However, if you manually set the options under the Tools\Connections Tab within IE6 it works fine.

We are running Server 2003 with XP Workstaions (Sp2) with IE6. All fully patched.

Anyone got any ideas!!!!!

Dave:

A:Proxy Server setting via Group Policy

You can make that change in your default domain policy
under the user configuration.
It should work withou applying it to workstations.
Since you are making the change apply to users....no workstations
are needed to be specified.

Read other 3 answers
RELEVANCY SCORE 69.6

hi,

i am a newbie to this forum. I require help regarding the setting up of

a proxy server on linux.

I have a cybercafe, where i run 13 machines. every now and then the

network becomes slow due to spyware and adware.

One of my friend had given me this web address.

I wanted to setup a linux based proxy server where the other 12

machines are windows run os. will that solve my problem of the adware

and spyware.
or any ideas please post.
kindly please help me.

bye
prasad
 

A:setting up a linux based proxy server

Duplicate to: http://forums.techguy.org/unix-linux/562744-seting-up-linux-based-proxy.html
 

Read other 1 answers
RELEVANCY SCORE 68.8

Help!
I accidentally accepted malicious software last night and immediately had several pop-up malware programs offering to "scan" my computer.  I ran Malwarebytes and then did the program-requested reboot.  Now I can't connect to the internet on my main PC because it is l locked in proxy mode.  If I attempt to change the proxy settings, it just immediately resets back to proxy server: 127.0.0.1:8800.

A:Post-Malwarebytes: Stuck in Proxy server setting

Welcome shizuko Please do these and see how it is. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vi... Read more

Read other 2 answers
RELEVANCY SCORE 68.8

Hey guys,

I've been digging through forums and sites for the past couple months now trying to find a way to help me turn my home PC into a proxy server so I may use Pandora Radio on my iPhone over public WIFI at work. Recently our corporate offices upgraded their network and in turn added a firewall which blocks many common external sites, one of which included Pandora.

I have found a temporary workaround by way of using Hotspot Shield's free VPN services, but I would like to create my own proxy server at home instead so I can avoid the constant timeouts/disconnects involved with the free service.

So far I've set up my PC to use a static IP on the network, and forwarded port 1723 to that address. I've also enabled incoming connections under adapter settings, but it just seems like I'm missing something big here. I am unable to make a connection to my home PC from my iPhone over WAN, and even if I was able to I'm not sure how to enable internet connection sharing over that connection.

Is what I would like to do at all possible or feasible? Any help would be greatly appreciated!

A:Setting up Win7 PC as PPTP VPN Proxy Server for use with iPhone

Is there no one with any tips or the knowledge of any programs out there to simplify what I'm trying to do?

Read other 2 answers
RELEVANCY SCORE 66.8

I have Windows 7, search the internet with Chrome, seems my computer may be infected.  When I click chrome, sometimes it gives me my home page, sometimes it goes straight to the message "unable to connect to the proxy server", when it doesn't go directly to my home page correctly, it also states this exact message with an upside down face.  I did some research online and the Chrome message that people were posting up were a bit different from the one I am seeing. 
 
When I attempt to troubleshoot by going to the Chrome settings and going down to "Change Proxy settings" it prompts "access to this feature has been disabled by a restriction set by your system administrator", even though I am using the system administrator user, which is the only user on the system.  I've tried going in through the cmd line as well, pinged, netstat, tracert would give me results but weren't consistent.  I did a system restore as well, I had Sopho's anti-virus but it was out-of-date, for this was my work computer back in September but think the lease for it ended, so I installed AVG for now just today, most likely the reasoning for the computer being infected and causing this problem.  I have also started the pc in safe-mode, same results, is this a group policy issue?  I am unfamiliar with group policy and couldn't find it within my computer.  I do have the home premium version of 7 for what it's worth.
 
Please, please help, anyone!  I reall... Read more

Read other answers
RELEVANCY SCORE 66

All instructions for help on this problem. Since I cannot get online I cannot download a any repair programs. Any suggestions greatly appreciated.
Thank you

Read other answers
RELEVANCY SCORE 66

Setting up the Internet with Windows server 2003.
Well I am trying to set up the internet to work on my domain. I dont know anything about setting it up.
 

Read other answers
RELEVANCY SCORE 65.6

Hiya
This is a spoofing vulnerability that exists in the affected products and that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability.
Affected Software:

• Microsoft Proxy Server 2.0 Service Pack 1
• Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2

Note The following software programs include Microsoft Internet Security and Acceleration Server 2000 (ISA Server 2000). Customers using these software programs should install the provided ISA Server 2000 security update.

• Microsoft Small Business Server 2000

• Microsoft Small Business Server 2003 Premium Edition

http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx

eddie
 

Read other answers
RELEVANCY SCORE 64.8

how can i Configure proxy setting for IE on the registry
 

Read other answers
RELEVANCY SCORE 64

I really need some help with a really tough virus. My internet proxy setting keep getting changed. Even when I do a virus scan it says nothing and Hijack this shows is R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5656R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localandO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [Win32 Firewall] C:\DOCUME~1\Joe\LOCALS~1\Temp\198.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Win32 Firewall] C:\DOCUME~1\Joe\LOCALS~1\Temp\198.exeI know there is more to the log but these are the ones that I am having the most trouble with. I deleted my temp folder and removed all these entires from Hijack but they keep coming back. The 198.exe changing to a different number after it is removed so now it would be O4 - HKCU\..\Run: [Win32 Firewall] C:\DOCUME~1\Joe\LOCALS~1\Temp\696.exe. I believe there is a rundll file doing this.I had a crap load of virus on my computer that avast and hijack and GMER and rootappeal were able to get rid of by I cant get rid of this one. Also I did turn off system restore and tried that but it didnt work either.Here is my full Hijack l... Read more

A:My internet proxy setting keep getting changed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

I AM UNABLE TO REMOVE PROXY SETTING FROM LAN SETTING .
WHEN I UNCHECK PROXY SETTING AUTOMATICALLY AFTER CLOSE BOX,  GET CHECK AGAIN.
I TRIED TO DELETE PROXY SERVER BUT FAILED .
MY SECURITY CENTER ALSO TURN OFF AUTOMATICALLY.
HERE I ATTACHED DETAILS.
I HAVE TRIED MANY TIME TO TURN ON BY SERVICES.MSC BUT AGAIN TURN OFF.
WINDOW UPDATE ALSO SHOWING ERROR.
 
PLEASE HELP ME TO RESOLVE THIS ISSUE.

A:Can't remove PROXY Setting in Internet Settings

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===You should enable these programs if not already done.AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}Windows Firewall is disabled.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1258154719-1264982004-2341163665-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1258154719-1264982004-2341163665-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction ... Read more

Read other 0 answers
RELEVANCY SCORE 62.8

I appear to be the victim of some piece of malware or virus that has added a proxy server setting that I am unable to get rid of. The main symptoms are that I am unable to change my proxy server settings in Windows 10. It appears to use this setting http=127.0.0.1:8080;. The result of this is that I am unable to do searches in the omnibar of Google Chrome (just takes me to a blank page) and I can't visit certain webpages, also if I am able to do a Google search the "Search Tools" button is missing.
 
I looked around on the internet and have tried a few fixes, I've deleted or changed the registry entries mentioned in Philip Turner's reply here: https://community.spiceworks.com/topic/446898-can-t-disable-proxy-in-ie10?page=1
 
I also changed the entry mentioned here: https://fixedit.itxpress.biz/2014/10/08/unable-to-disable-windows-proxy-setting/
 
Making these changes allowed me to change the proxy server settings and once I change "Automatically detect settings" to on and "Use a a proxy server" to off then the issue is fixed and everything behaves normally. 
 
The problem is, once I restart my computer the settings revert back and are again unable to be changed unless I delete/change all the above registry entries again. I'm pretty sure that whatever did this is still on my computer somewhere and I need some help finding and eliminating it. Either that, or there is still some hidden registry entry that I am unable to find.
 
I have... Read more

Read other answers
RELEVANCY SCORE 62.8

Hi All

I want traffic to a specific secure website(*.paypal.com) to go through a Proxy server and port - 192.168.34.34 on port 1818

Now, I know under Internet Options, you can specify a proxy address, but then all traffic will go through that Proxy. I want to direct traffic ONLY to *.paypal.com to go through the proxy.

Do you perhaps set this in the hosts file like this:

192.168.34.34 1818 *paypal.com
But I don't think this will work Any idea how to do this? certainly it must be possible?

Thanks
 

A:Internet Proxy Setting for one specific domain address

What's the purpose of directing traffic for that one website through the proxy?
 

Read other 1 answers
RELEVANCY SCORE 62.8

My internet was working fine, i thought it was the cat5 cable came loose but no cause i can connect on the network and transfer files and what things.. my other computer connects to the internet just fine..

I use firefox and my proxy settings were changed, so under configure proxies to access the internet, i checked No proxy, since that is the default option when i don't use a proxy but after clicking ok, ok and restarting

Nothing changed and now I don't know what to do to restore the connection.
 

A:Internet not working and I've tried to reset original no proxy setting

I'm going to have this moved to the Storage and Networking forum where your previous thread was posted.
 

Read other 6 answers
RELEVANCY SCORE 62

I've been unable to use my laptop computer fully for almost two months now. I have a feeling when I downloaded an extension for Chrome, a bad malware was attached to it. I cannot access the internet through any of my browsers: Chrome, Firefox, or even the dreaded Internet Explorer. When trying to go to a site in Chrome, the message "this page cannot be displayed because an internal server error has occurred." In the lower left hand corner if my homepage does load and I type in a different address, the text "waiting for proxy tunnel" is visible. I've never seen that before and I'm pretty sure that I'm going through a proxy since I have Comcast as my ISP. Another message I would see after attempting to go to a website is "ERR_PROXY_CONNECTION_FAILED."   On the rare occasion that I do get to a new webpage, the https is crossed out. When checking to see if it was just Chrome acting up, Firefox would show an error message 'the proxy server is refusing connections" or it wouldn't change from the homepage at all. I've done Google searches on the fixing the proxy problem and when I checked the LAN settings in the Internet Options, I'm unable to uncheck the "use a proxy server for your LAN" option (greyed out). I don't believe that was checked before, but then again, I had no need to mess with those settings. In order to install programs to help fix this (i.e. Farbar Recovery), I had to use another computer other than mine, copy the download file to a flash drive, then paste it t... Read more

A:Unable to Search Internet, Proxy Server in Internet Options Uncheckable. Help!

Hello dixie6000 and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  ... Read more

Read other 18 answers
RELEVANCY SCORE 62

Dear Gurus
 
Appreciate you kind assistance i suspect my laptop is infected as at random times more frequent these few days once click on 
 
a link it gets redirected to advert page of sort...
 
 
Thank you in advance in you prompt reply...
 
 
Thank You

A:Laptop possibly infected random url redirect while browsing no proxy setting

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and ... Read more

Read other 1 answers
RELEVANCY SCORE 61.6

I have discovered that in my Internet Settings, the "Use Automatic Configuration Script" box is automatically being checked and the field populated, no matter if I uncheck it and delete the field.
 
This is affecting my Google Search results.
 
The text in the field is http://127.0.0.1:8080/proxy.pac
 
I've also search for the field value in my reg editor and even if I delete the text from all the entries in there, it still comes back, even after a restart.
 
Is this Malware, possibly?  FRST.txt and Addition.txt attached. (Had to zip the FRST file as it said it was too big)
 
Thanks in advance.

A:Can't remove Auto Config Script Proxy Setting in Internet Settings

PS. I've tried to post the log text in a reply but it won't work - the connection keeps timing out.

Read other 11 answers