nickybee123

anyway 50GBP comin' your way Kevin Thanks again

yes yes and yes. THAT worked Which one do you think it was - the gotomeeting or the registry proxy entry after it? Fixlog.txt

forgot to add the addition.txt also Addition.txt

if teamviewering in is an option for you - happy to let you do it - but not sure if it'll help to poke around

here's the latest FRST after a fresh reboot FRST.txt

unfortunately not much extra use there - lemme get you another scan with FRST - just gotta reboot

Unfortunately Zemana doesn't do much verbose reporting - the most I could get out of going in the report section was this: Product Name    :  Zemana AntiMalware Scan Status    :  Completed Scan Date    :  12/4/2020 11:49:16 AM Scan Type    :  Smart Scan Scan Duration    :  00:00:16 Scanned Objects    :  2026 Detected Objects    :  1 Excluded Objects    :  0 Auto Upload    :  False OS    :  Windows 10 x64 Processor    :  12X Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz BIOS Mode    :  UEFI Domain Info    :  DAHOUSE,False,NetSetupWorkgroupName CUID    :  12DD681C032D972FB15B30 Detections MD5    :   Status    :  Scanned Object    :  software\microsoft\windows\currentversion\internet settings\connections Publisher    :   Size    :  0 Detection    :  MaliciousSetting f Action    :  Delete -----------------------------------------------------------------------

nope. that was ages ago - it's a fairly highly regarded thing installed directly from their github - https://github.com/Open-Shell/Open-Shell-Menu Out of curiosity prior to deleting it by Zemana - is it possible to find out what proxy stuff is being redirected to? Perhaps that could help understanding what it is (or perhaps it keeps varying)

and done. nice idea - but no dice. I disabled ALL non-MSFT services as per that page (had no startup things to disable other than that). Did a boot - checked they were still disabled. Ran Zemana - and got the same stuff. So either (a) it's masquerading as an MSFT service or (b) it ain't a service ;( Nick

Attached as requested... STEALTHMAXscan.zip

Although for what it's worth - Last time Group Policy was applied: 12/3/2020 at 9:56:04 AM This was moments after booting the PC

here it is - not clear how useful it is...I would have imagined there was some setting somewhere that contains a proxy to route all http traffic...but I don't see it anywhere obvious gplist.txt

here you go. To be clear I did a reboot. Made sure that hijack was still there by running Zemana (but NOT CLEARING the found hijack setting) Then I ran the registry query that produced the fixlog.txt Then I cleaned it with Zemana and continued working. (the reason I have to do it this way is because this is my primary laptop - so I need to use it) Fixlog.txt

seems to think it did it...however it didn't make any difference to the hijack ;( still gets recreated after reboot Fixlog.txt

Here you go - for what it's worth. Fixlog.txt