Computer Support Forum

Why does IE not follow wpad.dat exclusions but follows proxy.pac exclusions?

Question: Why does IE not follow wpad.dat exclusions but follows proxy.pac exclusions?

Hello,
I am facing an issue with the proxy configuration file extension while using "Use automatic configuration script" in IE.
When using .dat, having an exclude:
if (shExpMatch(url, "*whatismyipaddress.com*")) return "DIRECT";
if (dnsDomainIs(hsot, "whatismyipaddress.com")) return "DIRECT";
if (localHostOrDomainIs(host, "whatismyipaddress.com")) return "DIRECT";
Traffic to http://whatismyipaddress.com still goes through the proxy.
When changing the proxy configuration file extension to .pac instead of .dat:
Traffic to http://whatismyipaddress.com goes Directly to the Internet bypassing the proxy.
User agents:
Win10 IE11: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Win7 IE11: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Have you seen this issue before? I have tested on both Windows 10 and Windows 7 IE 11.
Thank you in advance,
Nael

More replies
Relevance 100%
Preferred Solution: Why does IE not follow wpad.dat exclusions but follows proxy.pac exclusions?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 93.07%
Question: NAV Exclusions

I am pathetic, but boy, am I glad for this site! Does anybody know if the following should be taken out of the Exclusions tab in Norton Antivirus? (v. 5.0) I've recently gotten rid of a lot of spyware and stuff, and am wondering if these things are hangers-on...Thanks so much!!!!

*.VI?
C:\PROGRA~1\TVVIEW~1\TVVX.exe
C:\ProgramFiles\AIM95\Patcher.exe
C:\WINDOWS\SYSTEM\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\TEMP\_INS5176._MP
C:\WINDOWS\TEMP\_ISTMP1.DIR\_INS5576._MP
C"\WININST0.400\suwin.exe
 

Answer:NAV Exclusions

9 more replies
Relevance 91.84%

I am running the latest version of ATA and had a quick question re: exclusions. When I select 'Close and exclude <username>', am I excluding them from that specific issue/instance from those source systems, or making a generic exclusion altogether
of the user?
For example, say the first issue for the user is related to 10 systems and I exclude the user, and then a new issue occurs with 10 different systems, will I see that new alert?
Thx

More replies
Relevance 91.84%
Question: McAfee Exclusions

I found in my Mcafee exclusions 16 files and I am not sure where and what they are. Can you help me understand what they are and if I should remove or be worried?
%systemroot%\security\**\*.edb
%systemroot%\security\**\*.log
%systemroot%\security\**\*.sdb
%systemroot%\SoftwareDistribution\Datastore\Datastore.edb
%systemroot%\SoftwareDistribution\Datastore\Logs\Edb*.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Edb.chk
%systemroot%\SoftwareDistribution\Datastore\Logs\edbres00001.jrs
%systemroot%\SoftwareDistribution\Datastore\Logs\edbres00002.jrs
%systemroot%\SoftwareDistribution\Datastore\Logs\Res1.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Res2.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Tmp.edb
%systemroot%\system32\GroupPolicy\registry.pol

What are the file extensions .edb, .sbd, .chk and .jrs?

Forever learning!

Answer:McAfee Exclusions

OK, these I figured out.. they are excluded to increase stability of the system?
%systemroot%\SoftwareDistribution\Datastore\Datastore.edb
%systemroot%\SoftwareDistribution\Datastore\Logs\Edb*.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Edb.chk
%systemroot%\SoftwareDistribution\Datastore\Logs\edbres00001.jrs
%systemroot%\SoftwareDistribution\Datastore\Logs\edbres00002.jrs
%systemroot%\SoftwareDistribution\Datastore\Logs\Res1.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Res2.log
%systemroot%\SoftwareDistribution\Datastore\Logs\Tmp.edb

Not sure about the others yet.. am I right?

3 more replies
Relevance 91.84%

How do you include the excluded items in Spybot for removal? It offered some explanation but I still don't understand.
 

Answer:Exclusions in Spybot

Gary, the "exclusions" list is basically just a list of everything that Spybot checks for. If you do NOT want it to check for and remove a particular item, then you put a check in the corresponding box in that list. Otherwise leave everything UNchecked.
 

1 more replies
Relevance 91.84%

How to add any program in Mcaffes exclusion list.
Thanks
 

More replies
Relevance 91.84%

Hello.
I use comodo internet security as my security solution and im very satisfied with this program.
However i would like to know which exclusions i should make in the av module please.

Basically im trying to make comodo run as lightly as possible.
I have the av set to stateful.
BB set to block.
Hips disabled.
firewall is set to custom mode.

I have excluded some of my running processes.Just wondered if there were any tips on making comodo lighter.It already runs extremely light but would like to make it lighter if possible.

Thanks.
 

Answer:Comodo av exclusions.

Hello,
If you have setup the Antivirus stateful that you should be fine, as your files will be scanned only once until a new update is released. I would not add any files to the Antivirus exclusions as the benefits are very marginals.

Stateful(Default) - CAV employs a feature called Stateful File Inspection for real time virus scanning to minimize the effects of on-access scanning on the system performance. Selecting the ?Stateful? option means CAV scans only files that have not been scanned since the last virus update - greatly improving the speed, relevancy and effectiveness of the scanning.
Comodo has already optimized the antivirus to be as light as possible..... So I don't think you can do anything to further improve it.

Do you feel any slow downs while using Comodo Internet Security?
 

5 more replies
Relevance 91.84%
Question: WebRoot Exclusions

I just finished a chat with a WebRoot rep. He says files of my choice can be entered into the WebRoot program as safe files and to be left alone by WebRoot. He didn't know when this feature started. Does anyone know if this exclusion is allowed in the 2013 and 2015 editions?
 

Answer:WebRoot Exclusions

He may not know the exact date it became available, but surely he must know if it is available in a particular edition of the product. Especially the 2015 one
If he does not, what a poor advertisement for the product - or perhaps he is just inefficient
That all said - I thought despite many requests they had decided against it
https://community.webroot.com/t5/Id...-specific-files-folders-from-scans/idi-p/3300
being concerned that the very inclusion of the file/folder could leave a security hole if someone managed to establish which file you had excluded.
As it is a permalink on their forum dating back to 2012 - one might expect that they should know the definite answer by now.
[WSA - all versions] Exclusion of specific files/fold&#8203;ers from scans

I have to admit I do not like the product, but that is only of course my opinion. They now include in some of their AV products a system optimizer for want of a better word
http://forums.techguy.org/9076789-post10.html
Reading what it is supposed to do - simply makes me more convinced, that Webroot is not for me or anyone who asked for my view on it .
I do of course appreciate that you did not
 

1 more replies
Relevance 91.02%

Hello everyone,
 
I have an HP desktop and a Toshiba laptop, both updated to Windows 10 and would like to just use Defender as my primary AV. Both computers have Defender enabled, MBAM Premium and MBAE Premium, also running the free version of CryptoPrevent. Defender appears to be working OK but I want to set exclusions in it for my MBAM program.
 
The problem is all of the settings for extensions in Defender are all grayed out and I can not use them at all. I thought it was a real time conflict so I removed MBAM Premium and the exclusions problem still exists. I have not tried removing MBAE or CryptoPrevent. I appreciate any help or suggestions on this.
Thanks,
Jimmy
 
 

Answer:Can not set exclusions in Windows Defender

Very likely a WD problem,  Reinstall your MBAM premium.  I'm thinking about recommending that you download and install Microsoft Windows Defender 1.1.1593 from FileHippo -- see if that will "shake the menu-greyout loose."   I can't vet it, 'cause I haven't tried that, my W7's WD is ok.

0 more replies
Relevance 91.02%

My XP Firewall has P2P Networking as an exclusion. I'm assuming this enables P2P for file sharing only, which I don't do nor want. Would it be safe to delete it or would its deletion interfere with other genuine programmes,please?

Answer:Firewall exclusions - P2P Networking

Im not sure of the answer to your question but I would recommend downloading a freeware firewall such as zonealarm and installing that as windows firewall although better than nothing only offers protection one way. It wont protect you against any malious apps that have got on your system and try to call home

1 more replies
Relevance 91.02%

So I have ESET nod32 AV 11 and I recently installed zemana antilogger, and I dont know what to exclude on both so the two wont conflict. Help please?
PS: Both real-time protections are on.

Answer:Antivirus and Antimalware Exclusions. Need Help!

There should not be any conflicts between ESET and Zemana to worry about.

3 more replies
Relevance 91.02%

Is there a way I can modify the Show Desktop.scf to exclude a program from minimizing? I basically want my desktop widgets to stay on the desktop, which would be the point of using Show Desktop for me.

Thanks,
David

Answer:Show Desktop Exclusions?

Hopefully the solution for this works for vista too.

1 more replies
Relevance 91.02%

I'm wanting to exclude Eset from shadow mode and so far I have excluded the following folders...
Are there anymore I need to add?
 

Answer:Shadow Defender Exclusions

check if it uses the "users" folders.

be sure ESET doesn't write to the registry when it does updates.
 

11 more replies
Relevance 91.02%

Is it possible to exclude specific programs from appearing in the list on the first window of the Start Menu? I'm not talking about the pinned items section, but the one below that for frequently used programs.

Answer:Start Menu Exclusions

right-click and 'remove from this list'?

...or do they come back?

sorry if it's really obvious...

6 more replies
Relevance 91.02%

How do you set Malwarebytes exclusions in Norton. I have Norton Internet Security v 17.8.0.5, and am running Malwarebytes (pro) for the realtime scans.

Ever since installing Malwarebytes (pro), my system occasionally runs extremely slow, with the screen freezing for minutes at a time. I don't want to remove Norton if I don't have to, and this was suggested to me in another forum topic.

Thank you,

Econguy

Answer:How do I set Malwarebytes exclusions for Norton

There may be issues (such as freezing, loss of performance, etc), with the following anti-virus programs and Malwarebytes' Anti-Malware real-time protection:E - McAfee VirusScan Enterprise 8.xF - Trend Internet Security ProH - AVG Anti-VirusI - Microsoft Security Essentials on Windows XPJ - Norton 360 version 4If you are experiencing such issues, please read the appropriate section in Common Issues, Questions, and their Solutions which explains how to add file exclusions in order to aid in compatibility.

3 more replies
Relevance 91.02%

Hi Guys,
is it possible to filter out a combination of user and computer? For example I would like to exclude SMB enumeration from a machine (which is currently possible) and in combination from a special user (which seems not possible), because I know its a false
positive.
is there any way? Otherwise I could imagine this as a feature request.
Regards

More replies
Relevance 91.02%

I was not totally sure which forum would be best for this question.

I am setting up Windows 8.1 Industry for Kiosk type products. When I enabled UWF with the following exclusions.

HKLM\LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
HKLM\LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi

I randomly get 169.254.. for the IP address. This happens with both IPv4 DHCP enabled and IPv4 static address assignment.
ipconfig /renew and ipconfig /release report "No operation can be performed on Ethernet while it has its media disconnected."

The link light is on and I see network traffic.
From the network adapter page I can disable/enable the adapter and most of the time it will get a valid IP address.

Thank you

Alan

More replies
Relevance 91.02%

Are there any anti-virus exclusions that are needed for ATA?  Thanks!!

More replies
Relevance 91.02%

I am confused how this works , if anybody can explain it i would appreciate it.

Answer:How to use "file exclusions in Kaspersky AV .

Hi herbman Basically, "file exclusion" is when you add a file (or even a folder, process or application) to a "white list" of an Antivirus product. Which means that this Antivirus will disregard whatever this file is, whatever this process do or whatever that application is, even if it's malicious. It's like if you give that file/process/application a free pass over the Antivirus. I did an example for you using my Kaspersky Internet Security 2015:In this exclusion rule I'm creating, I'm substracting the MaliciousFile.exe file, located in C:\Test from every protection components of Kaspersky. Which means that the file Antivirus feature will not flag it and delete it, the Web Antivirus will let it go throught, on Scan time, that file will be ignored, on Application Control the process will be ignored and so on.Do you want to know how to add a file to be excluded on Kaspersky, or do you know how but you weren't sure of what it does?

10 more replies
Relevance 89.79%

Does anyone have a link to what files and folders should be excluded for our antivirus software (McAfee)? I've tried googling but can't find anything for Windows 10

Answer:Recommended Windows 10 Antivirus exclusions

A/V, Computer software is written to exclude certain folders. These programs are to protect the OS from user bad habits.

2 more replies
Relevance 89.79%

Does anyone have a link to what files and folders should be excluded for our antivirus software (McAfee)? I've tried googling but can't find anything for Windows 10

Answer:Recommended Windows 10 Antivirus exclusions

A/V, Computer software is written to exclude certain folders. These programs are to protect the OS from user bad habits.

5 more replies
Relevance 89.79%

Hello everyone,

I am a long-time lurker here but this is my first post here. I have an HP desktop and a Toshiba laptop, both updated to Windows 10 and would like to just use Defender as my primary AV. Both computers have Defender enabled, MBAM Premium and MBAE Premium, also running the free version of CryptoPrevent. Defender appears to be working OK but I want to set exclusions in it for my MBAM programs. The problem is all of the settings for extensions in Defender are all grayed out and I can not use them at all. I thought it was a real time conflict so I removed MBAM Premium and the exclusions problem still exists. Here is a screen shot of my Defender exclusion settings page. I appreciate any help or suggestions on this.

Thanks,

Jimmy

Answer:Unable to set exclusions in Windows Defender

Hello and welcome:

I don't personally use WD, but it looks as if you got some good responses with suggestions in your topic over at bleeping?
Can not set exclusions in Windows Defender - Anti-Virus, Anti-Malware, and Privacy Software

It looks as if you will need to reinstall or repair WD....?

Perhaps one of our forum members here will have some additional advice.

Please let us know how it goes, so that we can all learn.

Thanks,
MM

4 more replies
Relevance 89.79%

Hello everyone,

I am a long-time lurker here but this is my first post here. I have an HP desktop and a Toshiba laptop, both updated to Windows 10 and would like to just use Defender as my primary AV. Both computers have Defender enabled, MBAM Premium and MBAE Premium, also running the free version of CryptoPrevent. Defender appears to be working OK but I want to set exclusions in it for my MBAM programs. The problem is all of the settings for extensions in Defender are all grayed out and I can not use them at all. I thought it was a real time conflict so I removed MBAM Premium and the exclusions problem still exists. Here is a screen shot of my Defender exclusion settings page. I appreciate any help or suggestions on this.

Thanks,

Jimmy

More replies
Relevance 89.79%

When I run Norton Anti-virus it excludes:*.nch*.dbx\system volume informationWhy is it set to do this (default)? Should I set it to check them?

Answer:Virus Check File Exclusions

click heredbx files are OE data files

1 more replies
Relevance 89.79%

Hi,
Are there any specific Antivirus exclusions recommended for DCs running the lightweight gateway? I am aware of those needed for the ATA center, but can't find anything specific for gateways. There is a mention on an old thread in this forum, but that just
refers to the generic list of AV exclusions for various Microsoft products, of which ATA is not even mentioned!

Thanks
Richard

More replies
Relevance 89.79%

Need some help with Norton Internet Security and keeping it from deleting/clearing my cookies for websites like this or others when I have my log-in credentials saved. Basically every time I run a scan it clears my cookies making me have to re-log in to all my sites.

Anyone who's using NIS know how to keep it from doing this?

Please, no NIS bites or get something else. Would like the answer to this one.

Thanks.

Answer:Norton Internet Security & exclusions

This is somewhat strange. This never happened to me when I was running NIS. Are you sure it is NIS doing it and not e.g. CCleaner.

Since the beginning of the year my NIS license had expired and I am using MSE in the interim. But as soon as I find one of those zero dollar deals again I will get back to NIS.

If nothing else, I would call the Symantec help line. Maybe you have some odd setting. Those guys at the help line have always been very helpful when I was facing a NIS problem.

5 more replies
Relevance 89.79%

Need some help with Norton Internet Security and keeping it from deleting/clearing my cookies for websites like this or others when I have my log-in credentials saved. Basically every time I run a scan it clears my cookies making me have to re-log in to all my sites.

Anyone who's using NIS know how to keep it from doing this?

Please, no NIS bites or get something else. Would like the answer to this one.

Thanks.

BTW this is a Win 8 laptop, and I installed NIS myself.

Answer:Norton Internet Security & exclusions

Unknown about NIS.
But I use Norton 360 with NO problems with log-in's after a norton scan.

4 more replies
Relevance 89.79%

Incase some of you are not aware Microsoft have a recommended list files/folders that should be excluded from On-Access Anti Virus scanning.

You can find the article here: Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7

Here's their recommendations for Windows 2000, XP, Vista, 7, Server 2003 and Server 2008 and 2008 R2:

Microsoft Windows Update or Automatic Update related filesThe Windows Update or Automatic Update database file. This file is located in the following folder: %windir%\SoftwareDistribution\Datastore
Exclude the Datastore.edb file.
The transaction log files. These files are located in the following folder:%windir%\SoftwareDistribution\Datastore\Logs
Exclude the following files:Edb*.log

Note The wildcard character indicates that there may be several files.
Res1.log. The file is named Edbres00001.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Res2.log. The file is named Edbres00002.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Edb.chk
Tmp.edb
The following files in the %windir%\security path should be added to the exclusions list:*.edb
*.sdb
*.log
*.chk
Note If these files are not excluded, security databases are typically corrupted, and Group Policy cannot be applied when you scan the folder. The wildcard character ... Read more

Answer:Recommended Virus Scanning Exclusions

Nice find DC187, thanks.

5 more replies
Relevance 88.97%

I recently got McAfee Total Protection 10.0 and so far i like it better than Norton (which i had before).
But i would like to know if it is possible to set file exclusion filters for the On-Access scanner so that it is not constantly scanning my commonly used files. Whenever i build a project in Visual Studio, it seems to be running, scanning all those source code files. It seemed to slow down the compiler quite a bit.
I read that it uses heuristic algorithms to determine what programs you use often and i assume it means that McAfee would eventually ignore files used frequently by those programs as they are of little risk. But i'm not sure if that's what it actually does.
I use McAfee VirusScan Enterprise 8.7 at work, and there is a way to set file exclusions there, but how do i do it in Total Protection 10.0? Is there even a way?
 

More replies
Relevance 88.97%

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser:... Read more

More replies
Relevance 88.97%

Hello,
I have been testing AppLocker executable rules and was wondering how to go about managing the monthly security updates? How should i go about making sure that the updates get installed and not blocked. Ultimately our plan is to block everything and make
rules for what would be allowed. Hoping others are already doing this and can provide some input or suggestions. 
Thank you!
Steve

More replies
Relevance 88.97%

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser:... Read more

Answer:Avast keeps asking for Mail Shield Security Exclusions

I'm sorry for the second topic, the browser gave me internet error (or something) and I clicked refresh.

1 more replies
Relevance 87.74%

Hello Guys,
My system:
Toshiba  / Satellite C55-A   /  Intel ® Celeron  ® N2820
64 bit Windows 8.1
I am at the end of my rope. I have tried everything. First, let me say I am not good at technical things on a computer, just enough to be dangerous. So if some things I say seem crazy, they probably are.  So here is the story. About a week ago I received a email on my go daddy webmail.  www.login.securserver.net. That is how I long into that email. Now, that is not my main email. My main email is gmail, which I use the most.
The email I received on the go daddy email was a Notice of Apperance in Court #00406341. It contained a zip file,  Court Notification 00406341.zip.   Of course being stupid, I unzipped the file, thinking it was something important, since I have some court cases ongoing for business.
With research  I think it is a Kuluoz or another one that starts with  A.  cant remember.
It put a zip file in my downloads folder  Court_Notification_00406341.doc, which shows as File Type: Java Script file, 8.84kb.  That is the only one I noticed, not sure if they are more somewhere.  Then things started getting a little weird. Nothing major, I still get emails, still send them, and my system seems to be running normally, except for Avast Mail Shield security exclusions ,  It keeps poping up at least 40 times a day, saying 
 
Now, here I used to get different info, like websit... Read more

Answer:Avast keeps giving me Mail Shield Security Exclusions

hi,
 
We will start with FRST to remove some items from the log.
 
Usually Iam only on this site once or twice per day so you may not get a reply from me until the next day.
 
Copy/paste whats below in the box into notepad. Save it as fixlist.txt in the same location you have FRST, your desktop. Click the FRST icon like before and this time click on the fix button just once. When done you will find a fixlog on your desktop. Please post the fixlog in your reply. Machine may reboot to finish the process.

HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Philip\tmp2098815588907764838.exe
C:\Users\Philip\tmp3347511962698503720.exe
C:\Users\Philip\tmp7839474401173251832.exe
2014-03-10 16:57 - 2014-03-10 16:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
SearchScopes: HKU\S-1-5-21-2793440623-1628646824-2415799637-1001 -> {21A3F5B1-BB9E-458A-815D-54E44AA350A8} URL =
CHR HKU\S-1-5-21-2793440623-16286... Read more

5 more replies
Relevance 87.74%

When trying to view quarantined files in Windows Defender, error: "The array bounds are invalid." I'm told this may be the result of an infection.
 
 

Answer:Windows Defender won't allow me to view quarantined files or add exclusions

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===If you have set up this proxy setting and need it I SUGGEST YOU REMOVE IT FROM THE FIX BELOW BEFORE SAVING THE FILE.ProxyServer: [S-1-5-21-2833761558-109576032-3060188747-1001] => http=127.0.0.1:56486;https=127.0.0.1:56486===Remove thi idle Crawler using the Add/Remove Programs applet.Idle Crawler (HKLM-x32\...\EACAAFE5-8EF2-5B46-A569-5A6C2BE6286C) (Version: 154.0.0.1703 - GREYSTONE VENTURES LP) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CreateRestorePoint:
CloseProcesses:

() D:\Program Files\015\slfhyizrqi32.exe
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\priceless_310315.lnk [2015-04-11]
ShortcutTarget: priceless_310315.lnk -> C:\ProgramData\{3bef08e0-4997-b04c-3bef-f08e04992381}\Priceless_310315.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2833761558-109576032-3060188747-1001] => http=127.0.0.1:56486;https=127.0.0.1:56486
FF user.js: detected! => C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\b4udxpl6.default\user.js [2015-04-10]
FF Extension: HQCinema Pro 2.1V10.04 - C:\Users\Matt\AppData\Roamin... Read more

2 more replies
Relevance 86.1%

Microsoft Advanced Thread Analytics - Pass-the-Ticket address exclusions

Hello - How can i add an IP Range ?
I need to exclude the VPN IP Address Range, because we have a lot of false-positive Pass-the-Ticket Alerts when User switch IP due to VPN connection.

More replies
Relevance 86.1%

Hello there,
I'm working on Applocker. The goal is to block %temp% of malware like executables and scripts.
I got some events like this :
Nom du journal :Microsoft-Windows-AppLocker/MSI and Script
Source :       Microsoft-Windows-AppLocker
Date :         13/03/2017 13:04:36
ID de l?événement :8006
Catégorie de la tâche :Aucun
Niveau :       Avertissement
L?exécution de %OSDRIVE%\USERS\XXXXXX\APPDATA\LOCAL\TEMP\SDIAG_A39673E6-4323-49BD-917D-937D0805355F\TS_UNUSEDDESKTOPICONS.PS1 a été autorisée mais elle aurait été empêchée si la stratégie AppLocker avait été appliquée.
      <PolicyName>SCRIPT</PolicyName>
      <RuleId>{6E9C9CCA-3D1D-43DC-8340-466D6E6BF53A}</RuleId>
      <RuleName>%OSDRIVE%\USERS\*\APPDATA\LOCAL\TEMP\*.PS1</RuleName>
      <RuleSddl>D:(XD;;FX;;;S-1-1-0;((APPID://PATH Contains "%OSDRIVE%\USERS\*\APPDATA\LOCAL\TEMP\*.PS1")       <FilePath>%OSDRIVE%\USERS\XXXXXX\APPDATA\LOCAL\TEMP\SDIAG_A39673E6-4323-49BD-917D-937D0805355F\TS_UNUSEDDESKTOPICONS.PS1</FilePath>
      <FileHash>6A199A65B6165B3683AFA060E225A4E972379CD4F11ACF0BE6B21B931983637F</FileHash>
    &nb... Read more

More replies
Relevance 82%

I have been struggling with a malware changing my proxy settings to http://wpad.com.gr/proxy.pac.
 
This affects my system proxy settings in PC Settings - Networ - Proxy - Use Automatic Configuration Script (ON) - Acript Address http://wpad.com.gr/proxy.pac.
 
I have used TDSKill and it deleted a file "router.exe" from my windows folder. And Adware Cleaner removed some registry entries alongside some folder in Chrome that has something like "\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com"
 
Then after resetting my settings and manually turning off Automatic Configuration Script in PC Settings, everything was fine and my google searches were back to 2015. A day later it changed, I scanned with Adware cleaner and it found same stuffs, I cleaned, And it;s back again.
 
Please help me.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Xtian (administrator) on ASUS on 26-02-2015 07:21:27
Running from C:\Users\Xtian\Desktop
Loaded Profiles: Xtian (Available profiles: Xtian & Baux & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the proces... Read more

Answer:Malware changing my proxy settings to http://wpad.com.gr/proxy.pac Please help

Hi. My name is Brian, and I would be happy to look into your issue.
 
- General Instructions -
Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
Any fixes provided by myself are for this log file only and should not be used on any other systems.
Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
You have 4 days to reply to each post or the topic will be closed.
Please feel free to ask any questions, especially if you are having problems with my instructions.
- Save ALL Tools to your Desktop-
 
All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depen... Read more

35 more replies
Relevance 74.21%

Hello ladies/gents, I've got a rather frustrating problem which I'm hoping somebody can help me with.

The Company which I work for has recently acquired a hosted web security solution, which acts as a web proxy amongst other things.

We have got a DNS CNAME setup which refers to one of our webservers as 'wpad', and when IE is configured to 'automatically detect settings' - wpad is accessed and the proxy settings are obtained from the wpad.dat file which lives on our webserver.

The wpad.dat file contains proxy exceptions and rules which are generated by the hosted web security system.

The hosted solution which we're using requires that all users login from a known IP address - which is fine for our office users, but is causing problems for remote users. The default behaviour of IE is that if WPAD is not reachable, then proxy settings will be ignored and the user will be allowed directly to the internet - but unfortunately the wpad file is being cached on the local laptops causing the users to be blocked from the internet (as they're not from a known IP).

I've written a .bat script which runs a simple del \wpad*.dat /s command which the users can use to clear the cached file - but I'd like to prevent IE from caching the file in the first place!

I found a Microsoft article here: How to disable automatic proxy caching in Internet Explorer which unfortunately doesn't work for us. I setup a test GP object and performed the change manually to the registry, neither had an ... Read more

More replies
Relevance 74.21%

Hello,
I configured http://wpad/wpad.dat pac file. It works very well with all browsers and applications. Browsers and applications could work in failover. But I can't configure it to work with that scenario: 
Two proxies with different access permissions.
Some people connect to first proxy, that allows social sites.
Other people connect to second proxy, that blocks social sites.
How to use separate proxies for specific people?

More replies
Relevance 73.39%

Hi All,
Proxy Settings for MS Live Messenger which can?t be set to use WPAD url, msn messenger does not seem to be able to read wpad config file, can anyone tell me what settings i should use, thanks in advance

More replies
Relevance 72.57%

There is a bug in Microsoft's WPAD: If the DHCP server doesn?t respond with a ?valid? response to a proxy request, WPAD just keeps asking. Why and when will this be fixed?  

This floods DHCP logs with DHCPInform messages. Does Windows expect to get different answer, by asking over and over? 

Answer:When will Microsoft fix Web Proxy Auto-Discovery Protocol (WPAD)?

We're trying our best to improve the performance, but as a workaround, you can
add the line:
dhcp-option=252,"\n" to dnsmasq.conf.add if you think this is an annoying issue.
You can refer to links below:
Windows 7 flooding DHCP server with DHCPINFORM messages
http://brielle.sosdg.org/archives/522-Windows-7-flooding-DHCP-server-with-DHCPINFORM-messages.html
Troubleshooting: log continuously filled with DHCPINFORM / DHCPACK
http://wiki.openwrt.org/doc/howto/dhcp.dnsmasq#troubleshooting
NOTE:
This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these
sites and has not tested any software or information found on these sites.
Regards


Yolanda
TechNet Community Support

3 more replies
Relevance 70.11%

Hello Friends,
We were using Proxy-PAC (Automatic configuration script) in IE to access the internet, same has been removed and now Internet is accessible without proxy, there is no option is selected in IE Proxy settings.. settings is like below ...

Question is, still we found that client systems are using WPAD to access internet and we can see hits are coming to WPAD DNS entries.
Please suggested how can we completely remove WPAD from client systems.

Regards,
Shyam H

MCP, MCTS

More replies
Relevance 50.02%

Follow me and I will follow back! Then post your Instagram name as a reply and people will follow you then you follow them back etc etc ...
If just 100 people join in then everyone gets an extra 100 followers!
Simples!

More replies
Relevance 47.97%
Question: WPAD

I have a copy of WPAD.dat file.  is it possible for me to copy to local path  eg  c:\users\abc\desktop\wpad.dat   then configure IE to use this WPAD.dat file?  
I tested working in Google Chrome but not IE11.  

More replies
Relevance 47.97%
Question: Wpad

Hi I was interested to set the WPAD on my network. Before I implemented it I made my research and it many are saying that it is not that safe as a rogue proxy could be easily set. Has anyone ever used this feature and do you know if it true that a man in the middle attack would be easy to do with this kind of setup??

Thanks.
 

Answer:Wpad

8 more replies
Relevance 47.97%
Question: WPAD

I have a copy of WPAD.dat file.  is it possible for me to copy to local path  eg  c:\users\abc\desktop\wpad.dat   then configure IE to use this WPAD.dat file?  
I tested working in Google Chrome but not IE11.  

More replies
Relevance 47.15%

Hi,
We are setting up a new transparent web proxy on one of our subnets, and on the other subnets we are using explicit proxy which the clients get the WPAD url trough option 252 in DHCP. On the new subnet with transparent proxy, no WPAD is configured in DNS
or DHCP. We would like to use "Automatically detect settings" on all machines, and this shouldn't cause any issues as it would go to direct communication when not finding WPAD on the new subnet.
Now to the problem: Even trough no WPAD is configured to be offered in DNS or DHCP for the new subnet, IE still pulls the WPAD from the other subnet, if the client ever has been on that network, and tries to use the explicit proxy that blocks the traffic from
that network.
Why is IE continuing to grab information from a WPAD that isn't offered? Same goes for Skype for business and Outook that uses exchange Online. Non-MS applications like Chrome does not use the WPAD, and acts correctly.
We have verified that the WPAD isn't offered trough FwcTool so configuration should be correct, but we still seen in C:\Windows\ServiceProfiles\LocalService\winhttp that it pulls the PAC.
Any ideas?

More replies
Relevance 47.15%

Hi,

We use a WPAD file hosted on a Websense appliance and use IE11 on Windows 7 x64.

We are seeing some performance issues with the Websense delivery of WPAD and have discovered that every computer is making a large amount of calls to the websense appliance to retrieve WPAD.dat. (Up to 1000 per machine in some cases)

We have worked with Websense and found that they were returning a 'no-cache' option in the WPAD response header. Via a patch we have had this removed.
However I still can't find a cached WPAD file on my machine that I am using for testing and have checked all the registry entries I can think of related to caching.
Does anyone have any ideas?

For reference, the WPAD.dat is (edited of course):
//
// Start of Script
function FindProxyForURL(url, host)
{
// Convert everything to lower case
var lhost = host.toLowerCase();
host = lhost;
//Local Networking Match
if (isPlainHostName(host) ||
shExpMatch(host, "localhost.*") ||
shExpMatch(host, "*.ourdomain.net") ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0"))
return "DIRECT";
//Host Matching
if (dnsDomainIs(host, "*.partnerdomain1.com") ||
dnsDomainIs(ho... Read more

More replies
Relevance 46.74%

hello,
We have intranet network and internal website installed on old server, we recently moved the intranet website to another server, but after that windows security dialog keep popup for entering username/password ( wpad.localdomain ). we already created dns
record to point to the new server ( holding the website ) and group policy. what the cause of what massage and what else should be configured.
Regards,

More replies
Relevance 46.74%

 Addition.txt   66.74KB
  0 downloads     Found a chrome extension Dealz. Attempted to uninstall. Fail due to being locked. unable to remove to delete extension. Malware bytes found and removed some things. along with ADWcleaner. Currently I went to google sync and logged in. Stoped and cleared syncing for this PC. Uninstalled chrome and reinstalled it.
When I open chrome I get wpad.browsersecurity.info. See image link. http://i.imgur.com/VjwqnDe.png
When full scan is done. Malwarebytes no longer detects anything. Windows defender, nothing. ADWcleaner, nothing.
 
Much appreciated effort. Thanks.
 
-TOM
 

More replies
Relevance 46.33%

I'm at wits end here. Since yesterday whenever I connect to my router (via Ethernet) svchost tries to connect to some obscure IP. 217.70.184.38. The previous night it never did this and I've not installed anything new. I'm using Comodo and my defense+ and firewall have both been on permanently. Windows 7 64bit SP1.

Some of it seems to be IPV6 traffic? Strange, some sort of IPV4 tunneling possibly? Also, ignore 213.199.181.90, I'm just blocking Microsoft.

Anyway, I did multiple malware scans (malwarebytes, spybot, super-antispyware, Dr. Web, Gmer) and never found a thing. I also re-imaged my entire system HDD to 3 weeks ago, but the exact same behavior occurs (And it never did so previously). So time to dig deeper...

Using TCP View I found the Svchost process attempting the connection. I then moved on to Process Monitor to track the PID and found that the service NIS (Network Store Interface Service) is initiating the connection.

So that doesn't help much.

So I fired up Wireshark. Following the TCP traffic I originally got nothing, but then I gave up and decided to let the connection through. Managed to follow those packets and I got:





GET /wpad.dat HTTP/1.1Connection: Keep-AliveAccept: */*Host: 217.70.184.38HTTP/1.1 404 Not FoundServer: BaseHTTP/0.3 Python/2.6.6Content-type: text/htmlVary: HostContent-Length: 384Accept-Ranges: bytesDate: Wed, 27 Jun 2012 11:21:03 GMTAge: 0Via: 1.1 varnishConnection: close<!DOCTYPE html P... Read more

Answer:Strange outgoing connection for WPAD?

I've fixed the problem! And as I suspected, it isn't malware (after 7 different scans I can confirm that)! Instead it's a case of unintentional spoofing. It looked very much like a man-in-the-middle attack but it wasn't quite there yet...

Here's what happened: My router, a Trendnet TEW-658BRM, places my local network on the default domain "domain.name". When Windows attempted to look for the WPAD file (in case it needs to make use of a proxy to connect to the internet) it contacted my router at that domain (the request would have been wpad.domain.name/wpad.dat). The router can't provide the WPAD file and usually this wouldn't be a problem as the WPAD request wouldn't translate into a real URL outside of the network, but in my case it did. If you visit http://wpad.domain.name you'll notice that it redirects you to a parked page provided by gandi.net. Whois reveals that this domain was registered on the 26 June - the same time the connections begun appearing in my firewall logs. Those connection were to gandi.net. From that date onward whenever my router received the request for a WPAD file it did a check and discovered the domain wpad.domain.name on the internet and so forwarded the request to that server. Obviously no WPAD file actually exists there and as such I picked up the Error 404 for the WPAD HTTP GET request in Wireshark.

The solution was to change my local domain to something that couldn't be resolved ... Read more

2 more replies
Relevance 46.33%

Good day!
A Windows Security window started popping up in the desktop PC of our users yesterday.
The specific message is "The server wpad.<localdomain> at wpad.<localdomain> requires a username and password. Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without
a secure connection)."
It's irritating our users and they are asking if it's a security issue.
We never enabled a WPAD in our network. What triggered it and how do we disable it?

Answer:Windows Security Pop-up Window Re: WPAD

I am honestly not sure why this is happening.  The only thing I can imagine is that somehow your router is giving out this setting (Automatically detect settings) in it's DHCP responses.
To overcome this permanently, one way would be to apply a Group Policy.  The setting you are looking for is:
User Configuration/Windows Components/Internet Explorer Maintenance/Connection/Automatic Browser Configuration.
Turn this off.

8 more replies
Relevance 45.51%

Hi, I'm trying to remove some malware from a relative's computer. Everytime he opens up Google Chrome, Malwarebytes stops a "wpad.browser.securityinfo" site from opening up on this computer. I've run a full Malwarebytes scan but it doesn't detect anything. I've attached the FRST and Addition logs for your review.
 
Thank you!

More replies
Relevance 45.51%

I have Windows 7  and my netstat -ano showed me that there was an instance of svchost.exe trying to connect to the host 72.52.4.121 (which apparently now is offline), so i installed Wireshark and it showed a GET /wpad.dat request, so i googled a little and people say its a virus but noone how to solve it.
 
I hope you can help me, here is my FRST log:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by h4x0r (administrator) on H4X0R-PC (18-08-2015 19:13:36)
Running from C:\Users\h4x0r\Desktop\Arreglando
Loaded Profiles: h4x0r (Available Profiles: h4x0r & Invitado)
Platform: Windows 7 Ultimate (X64) Language: Español (España, internacional)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\... Read more

Answer:My PC wants a file called wpad.dat from unidentified server

Hello megatronchote and welcome to BleepingComputer!              
 
My name is Sirawit and I'm here to help you.
 
Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.
 
If I don't reply after 3 days, feel free to PM me.               
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both ... Read more

3 more replies
Relevance 45.1%

My work PC's already 4 years old and it's a DIY desktop,not a branded one. And since the day I bought it till now, I've been very keen on avoiding all kinds of trouble, especially viruses. But last night, actually it's been a week, a lot of things had been going on with it from problems with the network icon loading times, long post boot times, recurring browser redirects, to almost 82 proxy entries (Wpad related) in my registry. My latest DDS scan also revealed I have more than 50 domain listings??? I managed to clean the 82 proxies but I think there are still remnants. I can only do much as my knowledge permits, hope someone here can help. Attached here are my scans. Thank you very much in advance.

More replies
Relevance 45.1%

I keep getting messages from Trend Micro saying that it is blocking attempted access to 141.x.x.x/wpad.dat. I have run a Trend Micro scan and a Malwarebytes scan, but not found anything.

Here is the HijackThis file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:20:09 PM, on 6/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PKWARE\PKZIPM\14.00.0023\PKTray.exe
C:\Program Files (x86)\ACT\Act for Windows\Sage.ACT.Integration.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hp\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\lisah.TCK0\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search ... Read more

More replies
Relevance 45.1%

Microsoft is warning of an attack that could be used to divert someone's web traffic through a malicious proxy server. Applications such as Internet Explorer use the Web Proxy Automatic Discovery (WPAD) protocol to find a file that enables a browser to configure its proxy settings. However, it's possible to plant a configuration file that would route traffic through a malicious proxy...pcadvisor.co.uk

More replies
Relevance 45.1%

My Computer, Running Windows 7, started showing issues about internet connection - The Proxy server Not responding. The device or resource (web proxy) is not set up to accept connections on port "8080". The issue was fixed when I ran a full scan in Malwarebytes (Other Ant-virus/malware like MS Security essential or 360 Total Security couldn't help).
 
But whenever I am connected to internet, Malwarebytes keeps giving pop-up - Malicious website blocked - wpad.browsersecurity.info. 
IE still shows error - The Proxy server Not responding.
 
I tried with many anti-malwares like RogueKiller, Combofix, FRS, SUPERAntiSpyware etc . But nothing could help and detect/remove that malware.
Registry also failed to display any wpad.browsersecurity.info values. Similar software is not found in control panel / browser extensions. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2016
Ran by moncy (administrator) on MONCY-PC (01-08-2016 22:53:38)
Running from E:\sheba\2. downloads\MALWRES\Anti-Malwares\FRST
Loaded Profiles: moncy (Available Profiles: moncy & Classic .NET AppPool & WeSites & DefaultAppPool)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-sc... Read more

More replies
Relevance 45.1%

My Computer Running Windows 7 started showing issues about internet connection - The Proxy server Not responding. The device or resource (web proxy) is not set up to accept connections on port "8080". The issue was fixed when I ran a full scan in Malwarebytes (Other Ant-virus/malware like MS Security essential or 360 Total Security couldn't help).
 
But whenever I am connected to internet, Malwarebytes gives pop-up - Malicious website blocked - wpad.browsersecurity.info. 
IE still shows error - The Proxy server Not responding.
 
I already ran many anti-malwares like RogueKiller, Combofix, FRS, SUPERAntiSpyware etc when i was going through some similar issues in this forum. But nothing could help and detect/remove that malware.
Registry also not displaying any wpad.browsersecurity.info values. Similar softwares are not found in control panel / browser extensions. 
 
 
 
 

Answer:Frequent pop ups from Malwarebytes blocking wpad.browsersecurity.info

Since you have run RogueKiller and ComboFix...please follow the guidance at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .
 
Note that the new topic is to be posted in the same forum containing the Prep Guide, not in the Windows 7 forum.
 
Thanks.
 
Louis

1 more replies
Relevance 45.1%

Given a case number and unable to continue .. need phone number

More replies
Relevance 44.69%

My Computer, Running Windows 7, started giving troubles with internet connection - The Proxy server Not responding. The device or resource (web proxy) is not set up to accept connections on port "8080". The issue gets fixed in Google Chrome when I ran a full scan in Malwarebytes (Other Ant-virus/malware like MS Security essential or 360 Total Security couldn't help). 
 
But whenever I am connected to internet, Malwarebytes keeps giving pop-up - Malicious website blocked - wpad.browsersecurity.info. When I disabled online protection of Malwarebytes, the Proxy error appeared again. And I could see the following entries in the registry:
 
Key -> HKEY_CURRENT_USER\software\microsoft\windows\CurrentVersion\Internet Settings\Wpad\<key value>\ 
Value Name -> WpadDetectedUrl
Value Data -> http://wpad.browsersecurity.info/wpad.dat
 
Key ->HKEY_USERS\S-1-5-21-2008440364-1844915008-329570366-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\software\microsoft\windows\CurrentVersion\Internet Settings\Wpad\<key value>\ 
Value Name -> WpadDetectedUrl
Value Data -> http://wpad.browsersecurity.info/wpad.dat
 
If I delete WpadDetectedUrl value, the browser gets connected to the internet via the router. 
But I can see (in Task manager) many instances of iexplorer/chrome is getting created and each time malware bytes (when enabled) gives pop-up saying Malicious website blocked - wpad.browsersecurity.info.
 
I tried with many... Read more

More replies
Relevance 44.28%

Hi All,

I just booted up a brand new PC this morning with Windows 10 installed. I can connect to the internet via WIFI but when using any of my 2 browsers (Edge & Firefox) neither of them will load any pages. Edge did initially after a few mins of loading but now won't at all.

When I troubleshoot (right clicking the Wifi icon) I get this error message: "The device or resource (wpad.net) is not set up to accept connections on port "The World Wide Web (HTTP)"

I tried changing DNS settings (didn't work) So I found this solution posted by Microsoft:

a. Open Internet Explorer 10 desktop version.
b. Click on Tools and select Internet Options.
c. Click on the Connections tab and click on LAN Settings button.
d. Uncheck the option: Automatically detect settings, then click on OK to exit the window.
e. Click on OK again to save the settings and exit the Internet Options window.
f. Restart the computer and check if the issue is resolved.

I couldn't find these options in Microsoft Edge so I opened Internet Options in Windows 10 and did it there... but no joy. I've also disabled proxies in Firefox which had no effect.

I'm on a UPC Horizon Box, WIFI connection, 300mps with a strong connection (full bars). I'm typing this on my other laptop which has no connections issues at all.

Any ideas on how I can resolve this?? It's driving me nuts!!

More replies
Relevance 41.41%

Hello, as the title indicates, my problem is that something on my computer is continuing to set my LAN Settings to use the proxy PAC detailed. My internet explorer is completely not working (cannot access any web pages). My league of legends client (which goes through IE I believe) is also not working. All other internet applications are working fine. Any help removing this would be greatly appreciated!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by CortseaM (administrator) on ANGUS-PC (13-12-2015 10:34:53)
Running from C:\Users\CortseaM\Desktop
Loaded Profiles: CortseaM (Available Profiles: CortseaM)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc... Read more

Answer:Unable to remove AutoConfig Proxy: http://127.0.0.1:8080/proxy.pac

UPDATE: After booting into safe mode, the proxy.pac file has dissapeared and full functionality has returned. I do not know what I did to cause this. I am hoping I did not just bandaid the problem, but I felt that you all should know.

2 more replies
Relevance 41.41%

Hello.  Recently I was downloading some software
from a survey and learned that a lot of that stuff contains
viruses.  Well I went to uninstall it, and when I did
I can no longer use the internet, and it gives me a proxy error.
When I go to change the proxy settings it has it saved to "<-loopback>" and
the address is "http=127.0.0.1:59943;https=127.0.0.1:59943"
Whenever I try to change it, it doesn't save.  And it is
I'm typing this from my girlfriend's unaffected computer.
I try running Maleware Bytes, but it doesn't run, and I can't seem to get into safe
mode on this computer for some reason.  
I'm running Windows 8.1, and oddly enough I see no suspicious background processes.  
That's my problem, if someone could help me I'd greatly appreciate it. 

Answer:Proxy virus. Won't let me change or auto-detect proxy settings

Please do the following.  Please download and run RKill RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.   Please download RKill and install it. When RKill is run it will display a console screen similar to the one below:  When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill. Attention:  At this time you need to run the software posted below. While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are: 1)  Rename Rkill so that it has a .com extension. 2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.   After all of the scans have run successfully you should reboot the computer to restore the processes and Windows Registry entries.   Please run Malwarebytes AntiMalware Please download Malwarebytes Anti-Malware.  After cli... Read more

2 more replies
Relevance 41%

Ok, the title is a little confusing, what I need is a program to put on my internet computer that will let me simply 'connect to network' (using my wifi card) and have access to ALL ports for ALL my programs. I have several important programs that I need to be able to run, but which wont right now bc my current proxy is a proxy (i.e. you must use proxy-supporting programs bc they redirect to a specific IP address with a specific 1 port)

I'd love a program akin to MS's ICS (NAT addressing) --- every time I try to enable ICS, my computer freezes during startup and I have to boot into safe mode and uninstall ICS entirely before it will boot again (tried this on a fresh Windows 98 install too... no idea why it wont run)

Most of my programs require a range of ports to be open, they also dont have a palce to type in a proxy server's address...

please help!
-Ash
 

Answer:need a proxy-like program to serve DSL to wireless net WO proxy IP settings

Could you explain a bit more about your current setup, specifically the proxy? Do you have any specific reason why you are running a proxy and why you can't just bypass it?
 

11 more replies
Relevance 41%

am trying to install panda cloud antivirus on my laptop but is asking for proxy, proxy user and password

Answer:how can i get panda cloud antivirus proxy, proxy user, and p

Unless you are actively using a proxy server, you can safely ignore that and let it connect through your normal internet connection. -----IT Desktop & Network Consultant - MOS Master Certified, MCP, MCSA, MCITP - Windows 7, CCNA Certificate Pending, A+, Network +::geek::

2 more replies
Relevance 41%

On one of my win 10 machines i have the error "Some settings are managed by your system administrator"
when i open internet setting in ie, on other computers its fine.

Then I noticed in win 10 settings manual proxy setup was enabled, http\s at 8080 with server loopback.

I turned it off, but it keeps enabling,

any ideas?

Answer:Lan and proxy problem, manual proxy gets enabled all the time.

If a proxy is set its either malware or anti virus software it can scan all network traffic what is your anti virus

1 more replies
Relevance 41%

On one of my win 10 machines i have the error "Some settings are managed by your system administrator"
when i open internet setting in ie, on other computers its fine.

Then I noticed in win 10 settings manual proxy setup was enabled, http\s at 8080 with server loopback.

I turned it off, but it keeps enabling,

any ideas?

Answer:Lan and proxy problem, manual proxy gets enabled all the time.

If a proxy is set its either malware or anti virus software it can scan all network traffic what is your anti virus

1 more replies
Relevance 41%

 eb_win10proxy-1.png   37.74KB
  0 downloads
 
Malwarebytes Anti-Malware Home (Premium) didn't find anything.
 
Any ideas?
 
EDIT: Emsisoft Emergency Kit seemed to have found something very relevant. I deleted the file and restarted but it keeps appearing in 'Automatic proxy setup' :/
 

 eb_win10proxy-2.png   17.41KB
  0 downloads

Answer:http://ɴ.net/proxy.pac appearing in Windows 10 Proxy settings

Hello kingmustard and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do&... Read more

2 more replies
Relevance 40.59%

Hi!

I just did a fresh install of windows 10 x 64. I remained in Build 1709. I did not format the HD, just fresh install. I have a brand new Router/Modem - AT&T Arris. I installed this myself, I installed similar hardware 5-10 times over my life, hooking up cables, I am good at it My download is 50Mbps and UP 6-7. I think I did ok installing.

I am getting this problem in Event Viewer, "Name resolution for the name wpad timed out after none of the configured DNS servers responded." This is a home PC, not connected to anything but the internet. It is hardwired. I am not a network admin - just a guy and his PC.

I did the normal things SFC/Scan & Trouble shooter - no luck.... Do I just ignore it? I have a "Latency" issue with a game, could this be the cause?
(Should I identify that PID/Process ID? How do I do that?)
- System

- Provider

[ Name] Microsoft-Windows-DNS-Client
[ Guid] {1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}

EventID 1014

Version 0

Level 3

Task 1014

Opcode 0

Keywords 0x4000000010000000

- TimeCreated

[ SystemTime] 2017-11-25T21:02:00.535593000Z

EventRecordID 884

Correlation

- Execution

[ ProcessID] 2580
[ ThreadID] 4052

Channel System

Computer DESKTOP-9DVSDJF

- Security

[ UserID] S-1-5-20


- EventData

QueryName wpad
AddressLength 128
Address 17000000000... Read more

Answer:Fresh Install Win10 "Name resolution for the name wpad timed out" DNS

By default your router will be set as DNS set pcs to the fast 208.67.220.220. & 208.67.222.222

0 more replies
Relevance 40.18%

Title says it all. Need a good one. To hide my IP and continually change it correct? I can't find a proxy software, all the ones I used don't work.

Thanks for helping.
 

Answer:Someone explain what a Proxy does, and someone suggest me a Proxy Software

a rpoxy is like a portal that all data goes through

you don't install s/w on yr machine unless you want to act as a portal or you want to use TOR

just search google for a proxy list and choose one and enter the IP/# into the proxy settings of Firefox
 

2 more replies
Relevance 40.18%

Hi

I was wondering if there was a program or IE addon that changes your proxy. I have one that is a drop down menu (is a IE toolbar) but I have to add proxy's to it manually. Is there a program/toolbar that has a list already set inside the program or one that reads a text document (So I can paste the list of proxies in, not enter each one in manually).

Thanks
 

Answer:Proxy Changer; with built in Proxy list

*bumb*
 

1 more replies
Relevance 40.18%

I have installed a driver from Wells Fargo for a check scanner. This driver installs a service that connects the scanner to a Wells Fargo's server.  For some reason it bypasses the proxy settings in IE.  Is there a way to either force this
particular service through the proxy or to globally set all network traffic to be sent through the proxy.  Keep in mind that the proxy server is not located on our local network but is remote so I can't set the Default gateway to the proxy. And I
have used netsh.exe to set the WinHTTP proxy settings to match IE to no avail. Any help would be much appreciated.

More replies
Relevance 40.18%

Hello I found this topic (http://www.bleepingcomputer.com/forums/t/600543/strange-entry-in-lan-proxy-settings-that-i-cannot-delete) that dealt with the same issue that I had but it has since then been closed, so I cannot reply. My problem is identical, my LAN settings keep being changed to include "http://ɴ.net/proxy.pac". But I don't seem to have installed the same programs as the other user, so my infection must have come from something else. I have downloaded Malewarebytes, ADWClaner but it's still there. So I have Farbar Recovery Scan and RogueKiller ready to go. I'm ready to provide any information and files that are needed to help me get this thing off my computer!

Answer:LAN proxy settings keep changing (http://ɴ.net/proxy.pac)

Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Right click to run as administrator (XP users ... Read more

25 more replies
Relevance 40.18%

I am having an issue with the PROXY settings in Windows 10. In a nutshell, this is the problem I'm experiencing, when you click on the Settings in Windows 10, go to Network and Internet, then go to and click on Proxy, the manual proxy setup will not stay OFF. I've updated windows 10 several times, ran troubleshooters, fiddled with registry settings, contacted Microsoft Support who had me create a new user profile but nothing seems to keep it off. When I select at the top automatically detect settings to ON and turn the manual proxy setup to OFF, about 2 mins later after searching it auto turns back ON on its own. I have ran Malwarebytes Prem., Advanced Systemcare Pro, and Norton Prem. and no malware issues or viruses. IF ANYONE CAN HELP Please let me know, I would greatly appreciate a solution to this issue.
 

More replies
Relevance 38.54%

We use a wnt4.0 system with MS proxy server 2.0. I have had several websites, that are not blocked by our filtering service, not open. A proxy reports screen comes up:
"64 The specified network name is no longer available".
I know the sites are ok because I can view them with a dial-up that I have on the same computer.
 

Answer:Microsoft Proxy/Proxy Report 64

9 more replies
Relevance 38.54%

Hi, new to the forum so hope I am posting this in the correct location.

Here's what i am trying to do:

1. Send all traffic from my LAN, or a single IP address on my LAN through an external proxy server.

The reason i need to do this is that I live in France, but I have satellite TV (SKY) from the my home country, UK, and to use some of the services such as on-demand TV I need the satellite box to present itself with a UK WAN IP Address. I also have an internet radio which i use to connect to a few UK radio stations, but again a couple of the stations I like to listen to do not allow connections from IP addresses outside of the UK, so if I can route this traffic through a UK proxy it should fix the problem.

So, what I was thinking was that I need to install some sort of proxy server on my LAN, between the ADSL router and all the computers/devices currently on the LAN and either route all traffic through an external proxy in the UK, or setup rules on the internal proxy to route only the traffic from select internal IPs through the external proxy.

Now, where I am stuck is that I have not worked in IT for over 4 years now, and to be honest I seem to forgot a lot, so I need some help here.

1. What proxy can I use on the LAN? Either Linux or Windows, I have spare PC or Laptop to run it on. Preferably free software.
2. A proxy service in the UK that will allow me to route my traffic through them. I don't mind if I have to pay a small amount each month.
3. Some explana... Read more

Answer:Proxy all LAN traffic through an External Proxy in the UK

i'm afraid we cannot help you here as you are trying to bypass the broadcasters rules for receiving this information
i do understand you are a subscriber - but the service is only for UK based residents
 

1 more replies
Relevance 38.54%

Hp made it so I cannot turn off my proxy server but the server is broken and I need to pay them 60 bucks to see if they can fix it (see, not guranteed)
 
Does anyone know how to fix it without needing to turn it off? Because its locked onto being on and I cannot un-check it.

Answer:Proxy not responding, cannot turn proxy off

See discussion here: windows 8.1 proxy settings - HP Support Forum - 3854544
 
It could be adware as one user there mentioned....(BrowserSafeGuard)
Check your browser add-ons for that and you might run these two programs to check for other such adware.
AdwCleaner Download
Junkware Removal Tool Download
 
Eset online scanner finds and remove a lot of adware and malware.
Free Virus Scan | Online Virus Scanner from ESET
 
Actually, the mention of BrowserSafeGuard being the cause of the problem was linked to
from my first link. It's here: Can't turn off proxy server in my connections setting | DaniWeb

4 more replies
Relevance 37.31%

I appear to be the victim of some piece of malware or virus that has added a proxy server setting that I am unable to get rid of. The main symptoms are that I am unable to change my proxy server settings in Windows 10. It appears to use this setting http=127.0.0.1:8080;. The result of this is that I am unable to do searches in the omnibar of Google Chrome (just takes me to a blank page) and I can't visit certain webpages, also if I am able to do a Google search the "Search Tools" button is missing.
 
I looked around on the internet and have tried a few fixes, I've deleted or changed the registry entries mentioned in Philip Turner's reply here: https://community.spiceworks.com/topic/446898-can-t-disable-proxy-in-ie10?page=1
 
I also changed the entry mentioned here: https://fixedit.itxpress.biz/2014/10/08/unable-to-disable-windows-proxy-setting/
 
Making these changes allowed me to change the proxy server settings and once I change "Automatically detect settings" to on and "Use a a proxy server" to off then the issue is fixed and everything behaves normally. 
 
The problem is, once I restart my computer the settings revert back and are again unable to be changed unless I delete/change all the above registry entries again. I'm pretty sure that whatever did this is still on my computer somewhere and I need some help finding and eliminating it. Either that, or there is still some hidden registry entry that I am unable to find.
 
I have... Read more

More replies
Relevance 37.31%

Hello TSF,

As requested, I'm posting my follow up log. I have a question though...

When I ran Housecall, it came up with two or three viruses that it said it couldn't eliminate. Unfortunately, it was 3:30 in the morning and I wasn't thinking that clearly and turned the computer off without writing down the virus names. I will rerun Housecall, but I wonder what to do when this happens?

Thanks, as always, for your incredible assistance!

:)
Jamie

Logfile of HijackThis v1.99.0
Scan saved at 8:42:16 PM, on 1/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\... Read more

Answer:Follow up to follow up log :)

Hi


Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".If any EXE files have been selected go into HijackThis/Config/Misc/Tools/ and open process manager. Select the EXE files (if they are there) and click Kill process before deleting.


Files highlighted in BLACK in the log will need to be removed from your hard drive.

Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please reboot and post a new log when finished...


O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL (file missing)
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe

3 more replies
Relevance 37.31%
Question: follow ups

hey guys,

i posted a few follow up questions under the thread "computer help" by bernacks about submitting things to lavasoft and booked space. If you could shed some light i would appreciate it.

thanks, you guys are a huge help
 

Answer:follow ups

I've sent a message to Aaron asking about the Lavasoft submission site and whether he is having problems with it.

Thanks for trying to submit that file from your other thread. As I mentioned in it, wait for somebody better with HJT logs than I to further assist you.
 

2 more replies
Relevance 37.31%
Question: AVI Help Follow Up

Thanks to all those who helped in the first topic, but things are still grim. Using AVI Codec I found out why I couldn't play the Seinfeld/AVI files, so I got DivX 3.11 Alpha, installed it, and it still doesn't work. And all my video converters won't let me convert the .AVI files to something different. Please, PLEASE, help me!
 

Answer:AVI Help Follow Up

This should end your codec woes. http://www.free-codecs.com/download/ACE_Mega_CoDecS_Pack.htm

Now, before you download this codec pack you should know a few things. This is a very big file, 44 mbs. If you have a dial-up connection it will take you forever to download. Be aware that this download is a budle-package of not just codecs but programs that use codecs and change & enhance video. This download can be very invasive to your computer. I noticed that after I installed it that a few things would load upon booting my computer. They would show up in my taskbar. I had to manually disable them. Not a major problem, just an annoyance. A few things showed up in my control panel also. You don't need to worry about them or get rid of them. I just thought I'd give you the heads-up first. After you download it you should scan the download for viruses. You can never be too careful.

This is the Mother of all codec downloads, so, if you still have problems with your .avi files after this... I don't know what to suggest.

Enjoy.
 

3 more replies
Relevance 37.31%

Hi.
This is the third thread I have started about the same problem. Everytime I start a thread, I get a prompt response with ideas on what to try. After I do what I am told, and post the results, I never get a follow up response. I know there are a lot of posts on here that need to be responded to, and I do appreciate the help I have received so far, but I feel like I am in the middle of a fix, and I don't want to just stop there.

Rather than retyping everything that has occurred up until this point, here is a link to my previous thread:
http://forums.techguy.org/showthread.php?p=1623129&mode=linear#post1623129

Thanks.
 

Answer:Can someone please follow up???

Ryan, you should reply to your original thread instead of starting a new one.

I'll ask a Mod to close this one, since you are receiving help on the other one.
 

1 more replies
Relevance 37.31%
Question: HJT Log Follow-Up

=====I've already run CWShredder.exe and have installed DelDomains.inf=====Logfile of HijackThis v1.99.1Scan saved at 1:28:30 AM, on 1/2/1999Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ntir.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\system32\gearsec.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\desk98.exeD:\Wesley\Utilities\NetPumper\NetPumperIEProxy.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Roxio&... Read more

Answer:HJT Log Follow-Up

HiUninstall from Add\Remove Programs:WintoolsYou may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.This is very important ! Internet Explorer should remain closed during the cleanup. If you open Internet Explorer the fix will fail. (Steps 1 - 8)Please make sure that you can view all hidden files: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsPlease download About:Buster from here: About:Buster Download. Once it is downloaded extract it to c:\aboutbuster. We will use that program later in this process. Don't use it yet.Download Ad-aware SE: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Copy the contents of the Quote Box below to Notepad.Click File menu -> Save and name the file as remove.regChange the Save as Type to All FilesSave this file on the desktop.We will use it later.REGEDIT4[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ 11F??#????`I]... Read more

3 more replies
Relevance 37.31%
Question: Follow up

Hi, I noticed that alot of people viewed my post and no one replied. I really do need help, is my problem unfixable? Let me know if I have done something discourteous, I just saw alot of other posts where someone posted a log and I thought it was commonplace. I have run all kinds of stuff and NOTHING is finding this garbage. a-squared was the latest thing I ran and it hasn't changed anything. I have the sygate firewall up and running now but still have the same old probs. Please help.
thanks,
steven

Answer:Follow up

Please remember that the HJL team is made up of volunteers. As you can see, they have a pretty full plate, and try to take new logs on a first come, first served basis. Please be patient, and someone will help you as soon as they can.
Regards,
John

1 more replies
Relevance 36.9%
Question: robots no follow

Hi, I need to place a robots no follow on one of my pages only, can someone tell me how to do this exactly?

Answer:robots no follow

Between the html head tags enter:<META NAME=?ROBOTS? CONTENT=?NOINDEX?>

4 more replies
Relevance 36.9%

Good morning,this is a follow up to my post yesterday. Does any one know whether the recovery thumb drive thatAcer sales to take your Aspire Switch 10 back to factory fresh: repartitions, reformats, and places all needed files on the C drive as well as the 2 hidden partitions? The thumb drive in question has the following information on a sticker on the side:2-13-150930-02665FS.NPCA0.04SACER  As per my post yesterday I am dead in the water at this point. I have a feeling from everything I have been reading and from my testing that the recovery thumb drive depends on the two hidden partitions be intact and all already formatted. Can someone tell me what format their Aspire Switch hard drive (flash drive) is in? NTFS, FAT32, exFAT ?With this one showing RAW across the board, I am stuck. I know of no way to format a RAW to whatever needed format this Netbook needs without losing data.And if the recovery keys depends on data in the hidden partitions to be intact, then......... Gary

Answer:follow up to need help with SW5-012-interesting pr...

The Recovery thumb drive will recover the computer to factory configuration, including the Recovery partitions.If your Recovery partitions were intact, they would be usable and you wouldn't need the Recovery drive.Will your SW5 boot from USB? 

5 more replies
Relevance 36.9%

been a few days trying to do all that is suggested. attached is my hijack this log, and shownew and panda log. All others would not work, not in safe or normal mode. Bitdefender would not work, some of the spywares did not pick up anything.Please help me, computer is so slow it is tempting to throw it out and start over. I now have spyware doctor blocking estalive (whatever that means) but no matter what I do it never goes away. Thanks fro any help.
 

Answer:tried to follow all directions

Welcome to Major Geeks!

If you can run ShowNew, you should be able to run GetRunKey. Please explain why you cannot run it and attach the requested log.

I see multiple antivirus applications (only one should ever be installed) and multiple antispyware applications in your HJT log. Which ones are still installed and which are paid and which are free trials. Do you really use AOL Antispyware, if not you should uninstall it. You should only keep one realtime antispyware tool installed too. So only one of the below should be installed and the others should be uninstalled:
AOL AntiSpyware
AVG Anti-Spyware - is this the trial from the READ ME? You said it would not work. Why?
Spy Sweeper
Spyware Doctor

What is the below for?
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
 

4 more replies
Relevance 36.9%

Please advise what I should check on following hijack this log..Thank You

ckThis v1.95.0
Scan saved at 6:03:33 PM, on 7/15/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%78%31%2e%63%67%69?%31%30%30
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%63/%78%31%2e%63%67%69?%31%30%30
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%62/%... Read more

Answer:coolsearch bug..log to follow

Download and run CWShredder, it will remove all of coolweb:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Post a fresh HT log after running.
 

1 more replies
Relevance 36.9%
Question: EMET Follow-up

Assuming support for a group of workstations that are logging their EMET events centrally and wondering how folks react to and follow-up with user EMET mitigations.  Is the assumption that EMET protected against a real threat and if so are there efforts
to isolate the cause/source of the mitigation and is this done proactively or reacting to a user complaint?  Should one assume that the mitigation and application shutdown took care of the immediate threat and another tool (or EMET) will address the problem
going forward.  Freely admit my age and lack of technical skills but have done a good deal of log reviews preceding and following mitigations without identifying the source.  In some cases, it appears that the application was crashing prior to the
EMET mitigation being fired so perhaps naively assume that the application fault caused the EMET event.  Would be interested in hearing how others determine the validity of the mitigation and what follow-up activities should take place.  Is is worth
having someone look at the machine forensically?  Are there other tools that allow some rapid assessment?  Large parts of my environment is comprised of non-persistent virtual desktops so could have the user log off which shuts down the machine and
they will pull a fresh image when they log back on.  If the problem is associated to a specific file then assume that I have only temporarily escaped the issue.  Have posted other t... Read more

More replies
Relevance 36.9%
Question: Combofix follow up

I ran combofix following the apearance of a green background stating your system has a serious error. Google search recommended the use of combofix, now just need someone to analize the results. I believe the problem is now resolved. After running both AVG anti virus and malwarebytes no problems were found.

Answer:Combofix follow up

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

4 more replies