While cleaning up a client computer I found an issue with Internet Explorer where the proxy seeting could not be changed with out it automatically reverting back to its original setting. This persistant issue seemed related to a typical group policy setting but this was not possible because the system was running Windows 7 Home. Many others on the Internet had reported the issue with only one resolution, editing the registry.
The registry changes didn't seem to be long lasting until I found an article by Philip Turner that provided some additional registry keys that I was missing in my search.
What is CIR Registry?
CIR Registry is a software program developed by ITE, is considered a driver that is commonly found on Dell systems. Other technical notes report this as part of the PC DT/NB product and is a single-function PCI Express to PCI bridge, which is compliant with the PCI Express Base. This driver supports PCI-to-PCI bridge with subtractive decode for legacy devices.
The Microsoft Surface RT runs a special version of Windows called Windows RT. The Surface RT has an ARM based microprocessor instead of the traditional Intel/x86 compatible processor used with most other Windows based systems. This different processor requires an operating system that is compatible, hence the Windows RT operating system.
One unique aspect to the Windows RT operating system is that malware written for the standard versions of Windows will not run and therfore won't infect a Surface RT device. In addtion, all apps that are capable of being installed on the Surface RT must be downloaded from the Microsoft App store and contain a digital signature that allows them to run. This is another way in which viruses and malware are prevented from running on the Surface RT. This doesn't mean that the Surface RT is immune to viruses, it just means that a virus would have to be crafted specifically for use with Windows RT.
While fixing a client computer I kept having an issue trying to update their Malwarebytes application. Each time the update would attempt to run it would just hang. The system was fairly clean with the exception of one malware application, Babylon Toolbar. The system was also installed with Norton Antivirus, which has not been an issue in the past.
After several attempts to get the update...
I use to be a frequent visitor to CNET for downloads of trial software and in some cases updates to software which I purchased previously. After my last encounter with CNET I have to recommend to all my clients to stay away from any download from CNET for risk of downloading any number of malware and garbageware onto their computers.
There are allot of good free applications that many of us in the IT field like to use. CNET has been in the past one of the great locations to easily find the utility application you need when you don't have it readily available. We make it a habit to discourage most end users from using any Windows or Mac based tool that can be downloaded from the Internet unless they have extensive experience and intimate knowledge of the system the are using it on. A backup is always a best practice before installing any software.
The Search Protect malware is often inadvertently installed with other freeware applications. We won't go into the details of this application, there is plenty of information published already. These days you don't get anything for free, it seems many of these free applications come with malware bundled with them, Search Protect being one of them.
We see this application often on client computers and removing it can be difficult. The application is constantly changing so these steps might work or they might not. But it won't hurt to give it a try.
While working with a client system we found that the Internet Explorer or any other browser application kept having issues with accessing the Internet. Reseting the browser settings would temporarily resolve the problem but it would quickly return the moment we would leave the client.
It turns out the client was using Juno as their e-mail application. As the user would review their mail they would occasionally get a message that had a hyperlink in the message to a web site. When clicking the link Juno would automatically open by change the proxy settings to force the browsing through their system.