And here’s the result of the wpad.browsersecurity.info;wpad.dat registry search in FRST.
Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by J (2016-01-25 02:53:05)
Running from C:\Users\J\Downloads
Boot Mode: Normal
================== Search Registry: “wpad.browsersecurity.info;wpad.datwpad.browsersecurity.info;wpad.datwpad.browsersecurity.info;wpad.dat” ===========
===================== Search result for “wpad.browsersecurity.info” ==========
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-18-f8-fc-b3-bc]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{3142DACA-A70C-4FA8-8D89-76BE9E073974}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-18-f8-fc-b3-bc]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{3142DACA-A70C-4FA8-8D89-76BE9E073974}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1a-70-e1-b3-6b]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
===================== Search result for “wpad.dat” ==========
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-18-f8-fc-b3-bc]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{3142DACA-A70C-4FA8-8D89-76BE9E073974}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-18-f8-fc-b3-bc]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{3142DACA-A70C-4FA8-8D89-76BE9E073974}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-21-581647834-421146410-1571146747-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1a-70-e1-b3-6b]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad{6FDF2C48-F807-44D9-B3CA-286B311C7367}]
“WpadDetectedUrl”=“http://wpad.browsersecurity.info/wpad.dat”
====== End of Search ======