New
#111
So here is an update. I wasn't really seeing anything looking through processes, so I checked out GlassWire (sweet application by the way, thanks! I'll be keeping it!) and I decided to narrow down the time to the minimum allowed (1 hour) between 3pm and 4pm today knowing that Malwarebytes reported an attempted outbound connection at 3:39pm. I didn't see our pesky proxy IP or address though, only a few which I illustrate with arrows that do seem kind of odd to me but perhaps just outside my understanding of windows services. I decided to look under Host Processes for Windows Services because it seems to be going through svchost.exe.
Any of these look suspicious to you?
A little offtopic. korbinperry I advise you to use PNG for screen captures. Way better than JPEG for that purpose.
Well,
The ff02::1:3 points to multicast addressing
what is ff02::c? - ب*ث Google
The e4280.g.akamaiedge.net - akamai is a CDN (Content Delivery Service). Nothing to worry about if you know what it's from. It's related to MAC (Apple), I think (with the edge in there).
what is ff02::c? - ب*ث Google
fe80:88c8:6423:5c74:ce52 looks to be an IPv6 address. Some info:
IPv6 address - Wikipedia
The KAME project
How to Scan IPv6 Addresses with Qualys FreeScan Network Security Blog | Qualys, Inc.
A VirusTotal scan of 69.197.188.122 gives 2 hits for malware:
https://www.virustotal.com/en/url/f7...is/1478817995/
Sorry, I don't seem to be much help at this for you.
You're right, I should have known better lol! Bad habit!
That's okay! I appreciate your direction none the less! I am going to continue to try and investigate as I notice it, but for now I feel much more comfortable..I have the 69.197.188.122 address blocked in and out, and my browser hasn't force closed and reset my proxy or anything since I deleted the scheduled task, bad certs, and cleaned up the registry entry.
Hello again! So two days have passed, and I have been looking through my Malwarebytes Log and haven't seen a single incoming or outgoing connection that looks malicious. For now I feel confident it is gone! Thanks again for all the help, I'm glad this thread is showing up in google search results now with some of the key terms like the "69.197.188.22" IP address and "proxy" because no major software seems to pick this up and no one seems to have any info about it anywhere!
I started having the same problemThursday, without the pop up, it was asking for my password, entered it, & come back wrong password, not sure how to get help with Google, but always have Bing& Edge, if needed.
Attachment 43714
I have cleanup with kasperky, ccleaner, adwcleaner and doesn't work. How to solve it ?[/QUOTE]