# Solved: Proxy Settings in IE 10



## nuyawker (Jan 31, 2003)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 5939 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1920 Mb
Hard Drives: C: Total - 702573 MB, Free - 656015 MB;
Motherboard: Acer, Aspire V5-571P
Antivirus: Windows Defender, Disabled

Don't know why Windows Defender is listed as "DIsabled", it isn't. It is active and working.

My problem is with Internet Explorer 10. The"proxy" box in IE10 - Tools - IE Settings, Connections, LAN Settings keeps getting checked without any input from me. It can happen while I'm on the internet, while I'm reading the news, etc etc. There is no logical sequence of things that I do that causes the box to be checked. It just seems to happen randomly. If there is anyone out there who knows how to resolve this problem, I'd be thrilled to hear from them. This is a real pain the butt.


----------



## Phantom010 (Mar 9, 2009)

Other than the box being checked, are there actually proxy server settings inside?


----------



## nuyawker (Jan 31, 2003)

Yes, the following info applies when the box is checked:
HTTP 127.0.01 Port 16110
Secure 127.0.0.1 Port 16110
Of course, If I uncheck the box, the settings "go away"


----------



## Phantom010 (Mar 9, 2009)

I don't know much about Windows 8 yet, but I'd say there's a program on your computer causing those proxy changes.

Do you have a Nanosat Free to Air FTA receiver (Nano Premium, Lite...) connected to your computer (satellite Internet?) ? Or, using *isatellitelink*?


----------



## TerryNet (Mar 23, 2005)

> Don't know why Windows Defender is listed as "DIsabled"


It's a communication problem between Windows 8 and TSG SysInfo. No estimate on a fix date.


----------



## nuyawker (Jan 31, 2003)

I am connected to the Internet by a "WiFi" modem supplied by my ISP Time Warner. Don't know anything about the program mentioned in your reply.
I've noticed that there are other people with the same problem. I've "googled" this and found other forums that have tried to fix this problem but so far none have been able to resolve this.The only thing attached to this computer is a Canon Printer but that couldn't be the cause because it happens even when the printer isn't attached. In fact, turning on the laptop this morning did not include having to uncheck the proxy box for the first time in weeks.
Any suggestions, short of re-installing Windows 8, would be welcome. 
Thanks guys for taking the time to try to resolve this problem


----------



## Phantom010 (Mar 9, 2009)

I don't see any other reason to use port 16110. Why would that port be used in your proxy settings is beyond me. 

You can still browse with it?


----------



## Phantom010 (Mar 9, 2009)

I have no idea if this will work on Windows 8, since the program hasn't been updated in a long time. However, if it does, it could give us the clues we need to get to the bottom of this. Worth a shot:

1- Please click *HERE* to download *HijackThis.*

2- Run the program. 

3- Click on the *Main Menu* button if not already there.

4- Select *Do a system scan and save a logfile*.

5- Copy and paste the scan log from Notepad into your next reply. *Do not *attach it.

6- *Do not "Fix" anything* unless advised to do so.


----------



## nuyawker (Jan 31, 2003)

Here is the "Hijack This" file I ran last evening. Hope it provides a clue!!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:20 AM, on 2/5/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16453)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Arnie Grossman\Downloads\HijackThis (1).exe
C:\Windows\sysWow64\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:16110;https=127.0.0.1:16110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKCU\..\Run: [2F8153FC0DD235AD6C0E11ABFA0B883A15394A37._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: MR APP Event Service (EventService) - Unknown owner - C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe

--
End of file - 11440 bytes


----------



## Phantom010 (Mar 9, 2009)

1- Run *HijackThis* again.

2- Click on *Open The Misc Tools section *from the Main Menu.

3- Click on *Open Uninstall Manager*.

4- Click on *Save list...*

5- Save the text file to the desktop.

6- Copy and paste the log from Notepad into your next reply.


----------



## nuyawker (Jan 31, 2003)

Here is the info you asked for:
Acer Backup Manager
Adobe Reader XI (11.0.01)
Backup Manager v4
CyberLink MediaEspresso 6.5
CyberLink MediaEspresso 6.5
Dolby Advanced Audio v2
Easy Media Player 1.1.12
eBay Worldwide
e-Rewards Notify
Google Chrome
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HID Monitor
HiJackThis
Identity Card
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Java 7 Update 11
LastPass(uninstall only)
Launch Manager
Live Updater
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
MyWinLocker 4
MyWinLocker Suite
MyWinLocker Suite
NTI Media Maker 9
Office Addin
Qualcomm Atheros WiFi Driver Installation
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shredder
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)


----------



## Phantom010 (Mar 9, 2009)

Press the Windows key + R to open a Run box.

Type *regedit*

Press Enter.

Browse to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

In the right-pane, double-click *ProxyServer*.

Delete the value (http=127.0.0.1:16110;https=127.0.0.1:16110).

Also double-click *ProxyEnable* and set value to 0.

Close the registry editor and check IE10 again.

If no change, reboot the computer and check again.


----------



## nuyawker (Jan 31, 2003)

Phantom010 said:


> Press the Windows key + R to open a Run box.
> 
> Type *regedit*
> 
> ...


Did exactly as you suggested. The "Proxy" box was not checked which is a good sign. Will let you know if it occurs again and then we can take it from there.
I really want to thank you for taking your time to help me. There aren't many cases where that happens. I've been around a long time and this is one of only a small number of times where a total stranger has taken their time to help another.


----------



## Phantom010 (Mar 9, 2009)

I don't see any software on your computer that could account for those proxy server settings. Besides, 127.0.0.1 is your computer.

However, malware will use that to bypass antivirus/firewall filters and redirecting to it. In this case, we're seeing port 16110. This port is never used for anything that I know of. In my opinion, your computer has been infected in the past, or still is.

If it still is, the proxy settings will likely be changed again, maybe at next reboot.

They may not return either, but I'm still puzzled about what could have changed those proxy settings.

If you wish, you can ask a malware removal specialist's advice. To do so, please click on *Report* and kindly ask to be moved to the *Virus & Other Malware Removal *forum. Be sure to provide the appropriate reports in that forum after reading *THIS*. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.


----------



## Phantom010 (Mar 9, 2009)

Another thing that would help us determine what's using that port 16110 is a program like *TCPView*.

It doesn't need to be installed. Only run the program's executable.

In the Local Port column, look for port 16110.

In the Process column, note the process(es) using that port 16110.

In the Remote Address column, note the remote address.

If you wish, simply click *File* > *Save As...*

Save to the desktop. This will create a text file on your desktop which you'll be able to attach to your next post.


----------



## nuyawker (Jan 31, 2003)

Told you guys that I'd follow up and let you know if the "fix" worked. It did for a while however this morning, sure enough, the "proxy" box was checked and the same info in the "advanced settings" are applicable: 127.0.0.1 and the same port 16111.
For a while I thought you had it nailed but apparently something else is wrong.
I'll just keep googling this problem until I run across a solution that works.
Thanks for your help.


----------



## Phantom010 (Mar 9, 2009)

nuyawker said:


> Told you guys that I'd follow up and let you know if the "fix" worked. It did for a while however this morning, sure enough, the "proxy" box was checked and the same info in the "advanced settings" are applicable: 127.0.0.1 and the same port 16111.
> For a while I thought you had it nailed but apparently something else is wrong.
> I'll just keep googling this problem until I run across a solution that works.
> Thanks for your help.


I was afraid of that, but I'm not surprised. It's either malware or a program on your computer.

Another thing that would help us determine what's using that port 16110 is a program like *TCPView*.

It doesn't need to be installed. Only run the program's executable.

In the Local Port column, look for port 16110.

In the Process column, note the process(es) using that port 16110.

In the Remote Address column, note the remote address.

If you wish, simply click *File* > *Save As...*

Save to the desktop. This will create a text file on your desktop which you'll be able to attach to your next post.


----------



## nuyawker (Jan 31, 2003)

Did as you suggested and here are the results. Don't know how the data got into this format. If you need me to do something else just let me know and I'll do it. It is actually PORT 16111 that is the concern. Checked yesterday's correspondence and made sure the port number is correct. It is 16111.

[System Process]	0	TCP	grossmans	54587	107.14.47.58	http	TIME_WAIT	1	249	11	15,428 
[System Process]	0	TCP	grossmans	54455	107.14.47.16	http	TIME_WAIT	3	1,122	32	45,307 
[System Process]	0	TCP	grossmans	54456	msnbc.com	http	TIME_WAIT 
[System Process]	0	TCP	grossmans	54457	107.14.47.58	http	TIME_WAIT	7	10,127	59	82,464 
[System Process]	0	TCP	grossmans	54458	msnbc.com	http	TIME_WAIT	1	345	2	381 
[System Process]	0	TCP	grossmans	54459	107.14.47.16	http	TIME_WAIT	1	354	6	8,198 
[System Process]	0	TCP	grossmans	54460	107.14.47.58	http	TIME_WAIT	1	1,359	1	1,057 
[System Process]	0	TCP	grossmans	54461	107.14.47.16	http	TIME_WAIT	3	1,112	13	16,777 
[System Process]	0	TCP	grossmans	54462	107.14.47.58	http	TIME_WAIT	3	4,394	6	6,767 
[System Process]	0	TCP	grossmans	54463	107.14.47.16	http	TIME_WAIT	1	386	7	8,895 
[System Process]	0	TCP	grossmans	54464	107.14.47.58	http	TIME_WAIT	7	10,580	21	26,519 
[System Process]	0	TCP	grossmans	54465	107.14.47.58	http	TIME_WAIT	1	1,327	1	869 
[System Process]	0	TCP	grossmans	54469	lax02s01-in-f27.1e100.net	http	TIME_WAIT	3	1,951	4	3,718 
[System Process]	0	TCP	grossmans	54470	65.55.121.231	http	TIME_WAIT	1	371	1	1,592 
[System Process]	0	TCP	grossmans	54471	65.55.121.231	http	TIME_WAIT	6	2,194	6	6,996 
[System Process]	0	TCP	grossmans	54472	lax02s01-in-f27.1e100.net	http	TIME_WAIT	5	2,766	6	4,196 
[System Process]	0	TCP	grossmans	54474	lax04s08-in-f14.1e100.net	http	TIME_WAIT	2	1,283	12	15,741 
[System Process]	0	TCP	grossmans	54475	107.14.47.136	http	TIME_WAIT	1	588	1	248 
[System Process]	0	TCP	grossmans	54476	107.14.47.136	http	TIME_WAIT	2	1,662	2	709 
[System Process]	0	TCP	grossmans	54477	lax02s01-in-f0.1e100.net	http	TIME_WAIT 
[System Process]	0	TCP	grossmans	54478	lax02s01-in-f0.1e100.net	http	TIME_WAIT	1	619	4	2,705 
[System Process]	0	TCP	grossmans	54485	a23-15-190-251.deploy.akamaitechnologies.com	http	TIME_WAIT	1	375	17	23,653 
[System Process]	0	TCP	grossmans	54486	107.14.47.17	http	TIME_WAIT	1	352	1	578 
[System Process]	0	TCP	grossmans	54487	107.14.47.17	http	TIME_WAIT	3	1,078	3	1,679 
[System Process]	0	TCP	grossmans	54488	107.14.47.16	http	TIME_WAIT	2	1,539	2	1,905 
[System Process]	0	TCP	grossmans	54492	107.14.47.17	http	TIME_WAIT	12	4,815	54	68,582 
[System Process]	0	TCP	grossmans	54493	107.14.47.17	http	TIME_WAIT	11	4,389	25	25,418 
[System Process]	0	TCP	grossmans	54494	107.14.47.41	http	TIME_WAIT	5	3,742	37	51,705 
[System Process]	0	TCP	grossmans	54498	107.14.47.17	http	TIME_WAIT	3	1,177	5	4,530 
[System Process]	0	TCP	grossmans	54499	107.14.47.17	http	TIME_WAIT	10	4,147	143	199,883 
[System Process]	0	TCP	grossmans	54500	107.14.47.17	http	TIME_WAIT	1	379	8	11,442 
[System Process]	0	TCP	grossmans	54501	65.55.121.232	http	TIME_WAIT	2	746	2	2,167 
[System Process]	0	TCP	grossmans	54515	65.55.121.232	http	TIME_WAIT	2	746	2	2,619 
[System Process]	0	TCP	grossmans	54516	107.14.47.16	http	TIME_WAIT	3	1,240	13	15,519 
[System Process]	0	TCP	grossmans	54517	107.14.47.17	http	TIME_WAIT	3	1,220	8	10,644 
[System Process]	0	TCP	grossmans	54518	107.14.47.17	http	TIME_WAIT	3	1,252	18	23,219 
[System Process]	0	TCP	grossmans	54519	107.14.47.17	http	TIME_WAIT	3	1,228	8	8,976 
[System Process]	0	TCP	grossmans	54520	65.55.121.231	http	TIME_WAIT	4	1,492	5	7,550 
[System Process]	0	TCP	grossmans	54525	lax02s01-in-f28.1e100.net	http	TIME_WAIT	1	426	1	360 
[System Process]	0	TCP	grossmans	54535	65.55.121.231	http	TIME_WAIT 
[System Process]	0	TCP	grossmans	54536	107.14.47.16	http	TIME_WAIT	3	1,204	9	10,816 
[System Process]	0	TCP	grossmans	54537	107.14.47.16	http	TIME_WAIT	4	1,629	6	5,465 
[System Process]	0	TCP	grossmans	54539	107.14.47.16	http	TIME_WAIT	2	832	7	9,172 
[System Process]	0	TCP	grossmans	54540	a23-3-228-174.deploy.akamaitechnologies.com	http	TIME_WAIT	3	3,494	12	15,422 
[System Process]	0	TCP	grossmans	54541	107.14.47.16	http	TIME_WAIT	1	416	1	720 
[System Process]	0	TCP	grossmans	54542	107.14.47.17	http	TIME_WAIT	3	1,239	3	2,081 
[System Process]	0	TCP	grossmans	54543	107.14.47.17	http	TIME_WAIT	1	416	1	766 
[System Process]	0	TCP	grossmans	54544	107.14.47.16	http	TIME_WAIT	3	1,243	7	8,016 
[System Process]	0	TCP	grossmans	54545	107.14.47.16	http	TIME_WAIT	1	416	1	765 
[System Process]	0	TCP	grossmans	54547	107.14.47.17	http	TIME_WAIT	3	1,306	17	23,616 
[System Process]	0	TCP	grossmans	54549	107.14.47.17	http	TIME_WAIT	2	809	8	10,413 
[System Process]	0	TCP	grossmans	54550	107.14.47.17	http	TIME_WAIT	2	815	8	9,633 
[System Process]	0	TCP	grossmans	54551	107.14.47.17	http	TIME_WAIT	2	826	2	1,415 
[System Process]	0	TCP	grossmans	54555	a23-3-228-174.deploy.akamaitechnologies.com	http	TIME_WAIT	4	5,016	7	7,482 
[System Process]	0	TCP	grossmans	54556	a23-3-228-174.deploy.akamaitechnologies.com	http	TIME_WAIT	3	3,766	6	6,823 
[System Process]	0	TCP	grossmans	54558	a23-3-228-174.deploy.akamaitechnologies.com	http	TIME_WAIT	4	6,076	4	588 
[System Process]	0	TCP	grossmans	54559	server-205-251-203-209.lax3.r.cloudfront.net	http	TIME_WAIT	1	922	2	1,677 
[System Process]	0	TCP	grossmans	54563	lax04s09-in-f27.1e100.net	http	TIME_WAIT	1	479	1	727 
[System Process]	0	TCP	grossmans	54564	lax02s01-in-f28.1e100.net	http	TIME_WAIT	1	486	1	631 
[System Process]	0	TCP	grossmans	54565	lax04s08-in-f28.1e100.net	http	TIME_WAIT	6	2,742	89	120,424 
[System Process]	0	TCP	grossmans	54568	a23-3-228-174.deploy.akamaitechnologies.com	http	TIME_WAIT	2	2,654	4	4,518 
[System Process]	0	TCP	grossmans	54571	lax04s08-in-f28.1e100.net	http	TIME_WAIT	1	607	1	692 
[System Process]	0	TCP	grossmans	54572	8.12.226.149	https	TIME_WAIT	3	891	5	4,002 
[System Process]	0	TCP	grossmans	54574	107.14.47.136	http	TIME_WAIT	2	3,106	12	14,935 
[System Process]	0	TCP	grossmans	54576	107.14.47.49	http	TIME_WAIT	1	904	5	6,437 
[System Process]	0	TCP	grossmans	54580	66.150.149.24	http	TIME_WAIT	1	514	1	327 
[System Process]	0	TCP	grossmans	54581	pool-ace1-adcom-ntc-alien.evip.aol.com	http	TIME_WAIT	1	1,054	2	1,515 
[System Process]	0	TCP	grossmans	54584	lax02s01-in-f27.1e100.net	https	TIME_WAIT	3	903	4	2,894 
[System Process]	0	TCP	grossmans	54585	107.14.32.25	http	TIME_WAIT	1	577	1	219 
[System Process]	0	TCP	grossmans	54590	a23-15-63-139.deploy.akamaitechnologies.com	http	TIME_WAIT	1	323	41	59,486 
[System Process]	0	TCP	grossmans	54592	107.14.47.41	http	TIME_WAIT	2	1,471	3	2,490 
[System Process]	0	TCP	grossmans	54594	107.14.47.58	http	TIME_WAIT	1	418	7	9,826 
[System Process]	0	TCP	grossmans	54597	107.14.47.40	http	TIME_WAIT	3	2,687	4	3,989 
[System Process]	0	TCP	grossmans	54598	107.14.47.58	http	TIME_WAIT	1	384	7	9,826 
[System Process]	0	TCP	grossmans	54599	107.14.47.49	http	TIME_WAIT	1	775	1	385 
[System Process]	0	TCP	grossmans	54600	107.14.47.17	http	TIME_WAIT	1	376	1	428 
[System Process]	0	TCP	grossmans	54601	107.14.47.17	http	TIME_WAIT	1	380	1	426 
[System Process]	0	TCP	grossmans	54602	107.14.47.17	http	TIME_WAIT	1	383	1	435 
[System Process]	0	TCP	grossmans	54603	107.14.47.34	http	TIME_WAIT	1	775	1	1,389 
[System Process]	0	TCP	grossmans	54604	107.14.47.136	http	TIME_WAIT	1	1,398	1	248 
BtTray.exe	5240	TCP	Grossmans	6544	Grossmans	0	LISTENING 
BtTray.exe	5240	TCP	Grossmans	49234	localhost	6543	ESTABLISHED 
BtvStack.exe	5760	TCP	Grossmans	6543	Grossmans	0	LISTENING 
BtvStack.exe	5760	TCP	Grossmans	6543	localhost	49234	ESTABLISHED 
chrome.exe	5084	TCP	Grossmans	51949	localhost	16111	ESTABLISHED 
chrome.exe	6876	TCP	grossmans	54250	da-in-f125.1e100.net	5222	ESTABLISHED 
dasHost.exe	1724	UDP	Grossmans	ws-discovery	*	* 
dasHost.exe	1724	UDP	Grossmans	ws-discovery	*	* 
dasHost.exe	1724	UDP	Grossmans	58904	*	* 
dasHost.exe	1724	UDPV6	grossmans	3702	*	* 
dasHost.exe	1724	UDPV6	grossmans	3702	*	* 
dasHost.exe	1724	UDPV6	grossmans	58905	*	* 
explorer.exe	3380	TCP	grossmans	51874	bn1wns1011413.wns.windows.com	https	ESTABLISHED 
explorer.exe	3380	UDP	Grossmans	63970	*	* 
IScheduleSvc.exe	1688	TCP	Grossmans	11001	Grossmans	0	LISTENING 
IScheduleSvc.exe	1688	TCP	Grossmans	11002	Grossmans	0	LISTENING 
IScheduleSvc.exe	1688	UDP	Grossmans	11003	*	* 
Jhi_service.exe	2000	TCPV6	[0:0:0:0:0:0:0:1]	49156	grossmans	0	LISTENING 
LiveComm.exe	3844	UDP	Grossmans	52693	*	* 
lsass.exe	672	TCP	Grossmans	49155	Grossmans	0	LISTENING 
lsass.exe	672	TCPV6	grossmans	49155	grossmans	0	LISTENING 
MRAPP.Event.Service.exe	1768	TCPV6	[0:0:0:0:0:0:0:1]	51886	[0:0:0:0:0:0:0:1]	16116	ESTABLISHED 
MRAPP.Event.Service.exe	1768	TCP	grossmans	54453	ec2-107-23-109-148.compute-1.amazonaws.com	https	CLOSE_WAIT	3	824	10	5,181 
MRAPP.UI.exe	2104	TCP	Grossmans	16111	localhost	51949	ESTABLISHED 
MRAPP.UI.exe	2104	TCP	Grossmans	16116	Grossmans	0	LISTENING 
MRAPP.UI.exe	2104	TCP	grossmans	51952	da-in-f125.1e100.net	5222	ESTABLISHED 
MRAPP.UI.exe	2104	TCP	Grossmans	16111	Grossmans	0	LISTENING 
MRAPP.UI.exe	2104	UDP	Grossmans	ws-discovery	*	* 
MRAPP.UI.exe	2104	UDP	Grossmans	ws-discovery	*	* 
MRAPP.UI.exe	2104	TCPV6	grossmans	16111	grossmans	0	LISTENING 
MRAPP.UI.exe	2104	TCPV6	grossmans	16116	grossmans	0	LISTENING 
MRAPP.UI.exe	2104	TCPV6	[0:0:0:0:0:0:0:1]	16116	[0:0:0:0:0:0:0:1]	51886	ESTABLISHED 
OUTLOOK.EXE	4484	UDP	Grossmans	57487	*	* 
PmmUpdate.exe	6064	TCP	grossmans	54329	ec2-23-23-172-158.compute-1.amazonaws.com	http	CLOSE_WAIT 
services.exe	656	TCP	Grossmans	49157	Grossmans	0	LISTENING 
services.exe	656	TCPV6	grossmans	49157	grossmans	0	LISTENING 
svchost.exe	828	TCP	Grossmans	epmap	Grossmans	0	LISTENING 
svchost.exe	892	TCP	Grossmans	49153	Grossmans	0	LISTENING 
svchost.exe	924	TCP	Grossmans	49154	Grossmans	0	LISTENING 
svchost.exe	924	UDP	Grossmans	isakmp	*	* 
svchost.exe	2812	UDP	Grossmans	ssdp	*	* 18	2,394 
svchost.exe	2812	UDP	grossmans	ssdp	*	* 
svchost.exe	2812	UDP	Grossmans	ws-discovery	*	* 
svchost.exe	2812	UDP	Grossmans	ws-discovery	*	* 
svchost.exe	996	UDP	Grossmans	ws-discovery	*	* 
svchost.exe	996	UDP	Grossmans	ws-discovery	*	* 
svchost.exe	924	UDP	Grossmans	ipsec-msft	*	* 
svchost.exe	1028	UDP	Grossmans	llmnr	*	* 
svchost.exe	2812	UDP	grossmans	57583	*	* 18	2,394 
svchost.exe	2812	UDP	Grossmans	57584	*	* 18	2,394 
svchost.exe	2812	UDP	Grossmans	59575	*	* 
svchost.exe	996	UDP	Grossmans	60725	*	* 
svchost.exe	828	TCPV6	grossmans	epmap	grossmans	0	LISTENING 
svchost.exe	892	TCPV6	grossmans	49153	grossmans	0	LISTENING 
svchost.exe	924	TCPV6	grossmans	49154	grossmans	0	LISTENING 
svchost.exe	924	UDPV6	grossmans	500	*	* 
svchost.exe	892	UDPV6	[fe80:0:0:0:ed44:7a8a:4968:4a27]	546	*	* 
svchost.exe	2812	UDPV6	[0:0:0:0:0:0:0:1]	1900	*	* 
svchost.exe	2812	UDPV6	[fe80:0:0:0:ed44:7a8a:4968:4a27]	1900	*	* 
svchost.exe	996	UDPV6	grossmans	3702	*	* 
svchost.exe	996	UDPV6	grossmans	3702	*	* 
svchost.exe	2812	UDPV6	grossmans	3702	*	* 
svchost.exe	2812	UDPV6	grossmans	3702	*	* 
svchost.exe	924	UDPV6	grossmans	4500	*	* 
svchost.exe	1028	UDPV6	grossmans	5355	*	* 
svchost.exe	2812	UDPV6	[fe80:0:0:0:ed44:7a8a:4968:4a27]	57581	*	* 
svchost.exe	2812	UDPV6	[0:0:0:0:0:0:0:1]	57582	*	* 
svchost.exe	2812	UDPV6	grossmans	59576	*	* 
svchost.exe	996	UDPV6	grossmans	60726	*	* 
System	4	TCP	grossmans	netbios-ssn	Grossmans	0	LISTENING 
System	4	TCP	Grossmans	microsoft-ds	Grossmans	0	LISTENING 
System	4	TCP	Grossmans	wsd	Grossmans	0	LISTENING 
System	4	UDP	grossmans	netbios-ns	*	* 111	5,550 
System	4	UDP	grossmans	netbios-dgm	*	* 1	201	1	201 
System	4	TCPV6	grossmans	microsoft-ds	grossmans	0	LISTENING 
System	4	TCPV6	grossmans	wsd	grossmans	0	LISTENING 
wininit.exe	564	TCP	Grossmans	49152	Grossmans	0	LISTENING 
wininit.exe	564	TCPV6	grossmans	49152	grossmans	0	LISTENING


----------



## nuyawker (Jan 31, 2003)

Here is something really strange that just happened. I read a post on another thread where the user complained of the exact same symptoms we are working on. When Voila, he mentioned that he had installed a program called "ERewards Notifier" and suddenly began experiencing the problem. Guess what? I just installed that program as well a while back. I just Uninstalled it and now we'll see whether that was the culprit or not.
Actually what happened is as follows:
Saw that MRAPP.UI was using Port 16111. Googled "MRAPP.UI and hit on the above information regarding ERewards Notifier.


----------



## Phantom010 (Mar 9, 2009)

I don't know what e-Rewards is exactly or what it does, but you do have *e-Rewards Notify *in your list of programs. It seems to be some sort of shopping club, with promotions. If you don't need it, uninstall it.


----------



## nuyawker (Jan 31, 2003)

I did uninstall it. Will watch and see if the problem comes up again. Hopefully this will be the last time I post anything regarding this problem.
Thanks again for your help.


----------



## Phantom010 (Mar 9, 2009)

You're welcome!

By the way, did it change Chrome's proxy settings as well?


----------



## nuyawker (Jan 31, 2003)

Yes, Made accessing the Internet with any program impossible. Surely one of the strangest mysteries I've encountered. Hope this is "the fix". If it isn't I'll let you know somehow.
Thanks again.


----------



## Phantom010 (Mar 9, 2009)

I don't know for what purpose it would choose that port. I can't find much information on it.


----------



## nuyawker (Jan 31, 2003)

You've done enough work with me for today. I'm thinking that the problem is solved although it'll take a day or so to verify that it is truly fixed. Can't begin to tell you how much I appreciate your time and effort plus your directions to the proper programming that identified the problem and helped solve it.
Keeping my fingers crossed!


----------



## Phantom010 (Mar 9, 2009)

I really hope *e-Rewards* was the culprit. Sure looks like it though.

If you see those proxy settings again, even though the program is gone, go back into the registry and delete the proxy server again.

Do you recall ever installing that program? What was its use?


----------



## nuyawker (Jan 31, 2003)

It's use was to notify me that a new survey was ready.
Uninstalled the program yesterday. Started PC this morning and, sure enough, NO PROBLEM. No need to reset the proxy server settings, everything worked fine.
Seems to me that was the problem. For now we'll mark this as "SOLVED". If anything goes wrong, I'll find a way to let you know.
Many thanks for your time and effort. YOU ARE THE MAN!!!!!


----------



## Phantom010 (Mar 9, 2009)

I'm glad all is well! :up:

Feel free to post again if the problem recurs.


----------

