Jump to content

nickybee123

Honorary Members
  • Posts

    50
  • Joined

  • Last visited

Everything posted by nickybee123

  1. yes yes and yes. THAT worked Which one do you think it was - the gotomeeting or the registry proxy entry after it? Fixlog.txt
  2. if teamviewering in is an option for you - happy to let you do it - but not sure if it'll help to poke around
  3. unfortunately not much extra use there - lemme get you another scan with FRST - just gotta reboot
  4. Unfortunately Zemana doesn't do much verbose reporting - the most I could get out of going in the report section was this: Product Name    :  Zemana AntiMalware Scan Status    :  Completed Scan Date    :  12/4/2020 11:49:16 AM Scan Type    :  Smart Scan Scan Duration    :  00:00:16 Scanned Objects    :  2026 Detected Objects    :  1 Excluded Objects    :  0 Auto Upload    :  False OS    :  Windows 10 x64 Processor    :  12X Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz BIOS Mode    :  UEFI Domain Info    :  DAHOUSE,False,NetSetupWorkgroupName CUID    :  12DD681C032D972FB15B30 Detections MD5    :   Status    :  Scanned Object    :  software\microsoft\windows\currentversion\internet settings\connections Publisher    :   Size    :  0 Detection    :  MaliciousSetting f Action    :  Delete -----------------------------------------------------------------------
  5. nope. that was ages ago - it's a fairly highly regarded thing installed directly from their github - https://github.com/Open-Shell/Open-Shell-Menu Out of curiosity prior to deleting it by Zemana - is it possible to find out what proxy stuff is being redirected to? Perhaps that could help understanding what it is (or perhaps it keeps varying)
  6. and done. nice idea - but no dice. I disabled ALL non-MSFT services as per that page (had no startup things to disable other than that). Did a boot - checked they were still disabled. Ran Zemana - and got the same stuff. So either (a) it's masquerading as an MSFT service or (b) it ain't a service ;( Nick
  7. Although for what it's worth - Last time Group Policy was applied: 12/3/2020 at 9:56:04 AM This was moments after booting the PC
  8. here it is - not clear how useful it is...I would have imagined there was some setting somewhere that contains a proxy to route all http traffic...but I don't see it anywhere obvious gplist.txt
  9. here you go. To be clear I did a reboot. Made sure that hijack was still there by running Zemana (but NOT CLEARING the found hijack setting) Then I ran the registry query that produced the fixlog.txt Then I cleaned it with Zemana and continued working. (the reason I have to do it this way is because this is my primary laptop - so I need to use it) Fixlog.txt
  10. seems to think it did it...however it didn't make any difference to the hijack ;( still gets recreated after reboot Fixlog.txt
  11. ah whoops. I did run it - but I forgot to attach (and subsequently deleted it because I'm an idiot ;)) should I run it again from the fixlist.txt above - or is there no point since the fixes were already done?
  12. Emsisoft didn't find anything. Ran the Fixlog.txt Zemana still finds hijack after reboot... ;( Forensics_201202-090215.txt
  13. ok same as before. Attached is RKLOG (again) - followed by FRST and addition. And also the Zemana output is: MD5 : Status : Scanned Object : software\microsoft\windows\currentversion\internet settings\connections Publisher : Size : 0 Detection : MaliciousSetting f Action : Delete Addition.txt FRST.txt rklog2.txt
  14. ok so be clear - am I rebooting at the START of this cycle - and then doing the steps with the hijack "active" I ask only because I disable it every time unless you tell me otherwise
  15. Here you go - as requested done after reboot - before running Zemana. Noticed that the reported references (I looked at the report) list both PopcornTime and Tencent (the latter is because of WeChat - the former is because of well, PopcornTime ) Don't recognise some of the other entries. RKlog.txt
  16. Fixlog.txt No changes - still there after reboot. Here is the fixlog.txt - btw - everytime I reboot - I run Zemana to remove the Hijack. Which means that your fixlist was processed with the Hijack removed. Would you prefer that I process the fixlist with the Hijack present (I assume it shouldn't matter) but just checking.
  17. I did indeed. Administrator cmd.exe - is there a way I can confirm if it "stuck" because when I did the group policy commands and pushed Enter - there was no response of any kind - it just accepted it and moved on Nick
  18. Same same. The fix was fairly quick. Asked for reboot - after reboot checked Zemana and it still found it. Attached Fixlog as requested Fixlog.txt
  19. No dice on the first attempt out of the gate. Zemana still finds it after reboot. No clues in what it says however - it's just: MD5 : Status : Scanned Object : software\microsoft\windows\currentversion\internet settings\connections Publisher : Size : 0 Detection : MaliciousSetting f Action : Delete As for Fixlog.txt and the zipfile they are attached. 01.12.2020_01.14.02.zip Fixlog.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.