Czepa Posted May 29, 2022 ID:1517627 Share Posted May 29, 2022 Hi, i think i may have some browser exploit or graphics card exploit. i have a few browser mods (waterfox userchrome.js), a taskbar mod, and sophia script to un-spyware windows itself. wheni scroll over something the popup text box stays until i scroll over the taskbar, in the past it would screw with windows focus and programs on the taskbar wewre unclickable until i right clicked it. sometimes id get a box that says search just sit in the middle of the screen for a long time over all apps. i will update all these mods and see if that does anything, but here is a log, i need to know if my computer is being remotely acessed or resources being used in any way. thanks!: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 12:23:20 PM, on 28/05/2022 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.19041.1566) Boot mode: Normal Running processes: C:\Program Files (x86)\GlassWire\GWIdlMon.exe C:\Program Files (x86)\GlassWire\GlassWire.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Users\Ross\AppData\Local\Discord\app-1.0.9004\Discord.exe C:\Program Files (x86)\OpenOffice 4\program\swriter.exe C:\Program Files (x86)\OpenOffice 4\program\soffice.exe C:\Program Files (x86)\OpenOffice 4\program\soffice.bin C:\Program Files (x86)\Battle.net\Battle.net.exe C:\ProgramData\Battle.net\Agent\Agent.7779\Agent.exe C:\Program Files (x86)\Battle.net\Battle.net.exe C:\Program Files (x86)\Battle.net\Battle.net.exe C:\Program Files (x86)\Battle.net\Battle.net.exe G:\Downloads\HijackThis(2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: (no name) - AutorunsDisabled - (no file) O4 - HKLM\..\Run: [UAC-2 MixEfx Startup] "C:\Program Files (x86)\ZOOM\UAC-2 MixEfx\UAC-2 MixEfx Startup.exe" O4 - HKCU\..\Run: [7 Taskbar Tweaker] "C:\Users\Ross\AppData\Local\Programs\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe" -hidewnd O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing) O23 - Service: CredentialEnrollmentManagerUserSvc_2239cc - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: Easy Anti-Cheat (Epic Online Services) (EasyAntiCheat_EOS) - Epic Games, Inc. - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lokinet for Windows (lokinet) - Loki Foundation - C:\Program Files\Lokinet\bin\lokinet.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Windows\System32\DriverStore\FileRepository\nv_dispsig.inf_amd64_145fe9c72c40de0a\Display.NvContainer\NVDisplay.Container.exe O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing) O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9971779a1c712866\RtkAudUService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Stardock Start10 (Start10) - Stardock Software, Inc - C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\steamservice.exe O23 - Service: SteelSeries Update Service (SteelSeriesUpdateService) - Unknown owner - C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: zmuac2service - ZOOM - C:\Program Files\ZOOM\UAC-2 Driver\zmuac2service.exe -- End of file - 9288 bytes my intention is to disable absolutely everything i can so long as it doesnt screw with normal operation. i dont need any RCP stuff although i know windows uses them for local tasks now.... (this has to be a security risk) if you give instrucions please dont hesistate to be detailed and go through multiple steps i know my way around windows very well. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2022 ID:1517631 Share Posted May 29, 2022 Hello. Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. We will do more later. Link to post Share on other sites More sharing options...
Czepa Posted May 29, 2022 Author ID:1517637 Share Posted May 29, 2022 hi sorry for the late reply, i ran it first with browser open accidentally, then closed the browser and ran it again, both as admin: # ------------------------------- # Malwarebytes AdwCleaner 8.3.2.0 # ------------------------------- # Build: 03-23-2022 # Database: 2022-03-15.3 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 05-29-2022 # Duration: 00:00:03 # OS: Windows 10 Pro # Scanned: 32048 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1405 octets] - [08/06/2021 05:28:02] AdwCleaner[C00].txt - [1595 octets] - [12/06/2021 18:42:38] AdwCleaner[S01].txt - [1527 octets] - [29/05/2022 12:30:23] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ########## i ran basic repair afterwards Link to post Share on other sites More sharing options...
Czepa Posted May 29, 2022 Author ID:1517638 Share Posted May 29, 2022 basic repair gave me a blue screen of death because i opened the browser to post the log i think. i scanned again when it restarted, basic repair worked but there was 1 less item scanned 32,047 vs 32,048 Link to post Share on other sites More sharing options...
Czepa Posted May 29, 2022 Author ID:1517639 Share Posted May 29, 2022 2 things i was wondering about: 'unknown object' is that a file that exists? like a spoof file placed there by sophia script (a powershell script that cleans everything and i accidentally deleted windows calculator :( oops) should i disable powershell? second - if i select the nvidia services and hit fix will this reinstall them properly or potentially break them? im pretty eager to select some of them like the realtek audio which i dont need the winsock basic repair deleted my temp gauges, but i can get them back. thankyou once again Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 29, 2022 Solution ID:1517665 Share Posted May 29, 2022 Please do not go off doing things on your own. I will guide you. I am presuming that this system is on Windows 10. If not, Stop and let me know. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use thuis guide https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html [2] Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
Czepa Posted May 29, 2022 Author ID:1517679 Share Posted May 29, 2022 29/05/2022 23:46:13 PM Files scanned: 965702 Detected files: 6 Cleaned files: 6 Total scan time 01:36:34 Scan status: Finished i will not post the rest of the log, they were all PUPs just things i had downloaded years ago in my storage drive, games and applications. i will not post potentially incriminating information. none of the pups were currently installed applications Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2022 ID:1517706 Share Posted May 29, 2022 The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned. Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517762 Share Posted May 30, 2022 here it is. is it possible this could have restored some of the microsoft telemetry and remote access services? i may run sophia after this whole process to make sure. msert.log Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517763 Share Posted May 30, 2022 no infections found. the log doesnt really say much about anything Link to post Share on other sites More sharing options...
Sandor Posted May 30, 2022 ID:1517773 Share Posted May 30, 2022 I'm sorry for intervention. Just FYI @Czepa, You were using an outdated and no longer supported version of HiJackThis. Here is official fork https://github.com/dragokas/hijackthis 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517778 Share Posted May 30, 2022 Hello @Czepa The Safety Scanner does not do "microsoft telemetry" other than just sending the scan results to the Microsoft cloud. You may do a new scan with a different tool. Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517787 Share Posted May 30, 2022 @Maurice Naggar before i do that, can you please let me know if the github HijackThis mentioned above is legit and not potentially dangerous? i originally came here for simple clarification about what 'unknown owner' means, specifically if this means that a file of the same/similar name exists (being spoofed by malware). Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517791 Share Posted May 30, 2022 Hello. The link cited by Sandor is legitimate. It is not dangerous. as to "unknown owner" that does not by itself mean a actual threat. I suggest you go forward with the scan with Kaspersky tool. Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517797 Share Posted May 30, 2022 but what does 'unknown owner' actually mean? does it mean that file is there but the ID is not what is expected? ok, doing the scan before bed, next reply after that may take a while. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517812 Share Posted May 30, 2022 What is the Windows operating system Version and build number? That I definitely want to know. How did you happen to get & run HijackThis ? What is your main goal as concerns the system ? I can guide you to running The Windows System File Checker tool ( SFC ) to check Windows system files. I can relay tips to minimize all auto-starts to the absolute minimum. While I am glad to see that there is a team working on HijackThis Fork 3, we here rely mainly on using Malwarebytes + Adwcleaner + Farbar FRST We have not used HijackThis in many years. I have not used HJT in many many years. I am unsure whether it reports on Edge browser or other browsers that have been developed in more recent years. Today malware is much more complex, and HijackThis cannot be the sole tool. and, imho, really as a last resort type. I somewhat guess that the "unknown owner" indicates that HJT cannot determine the "publisher" of that particular file or element. I mean the properties of a file, like perhaps, a signature. Lastly, let me say, you ought not to be running & looking at HJT unless under guidance of a trained expert who is intimately knowledgeable of & regularly uses HJT. I can help you check on the integrity of Windows. I can help you to check for potential malware infection. However, we will not be using HJT as a primary tool. Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517814 Share Posted May 30, 2022 i cannot screenshot it..... where is the log file placed? Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517815 Share Posted May 30, 2022 it picked up nothing. 4 processing errors on some discord files, probably because they are in use. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517835 Share Posted May 30, 2022 Kaspersky Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20220123_113021.klrRight-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517840 Share Posted May 30, 2022 version 2 1H2 build 19044.1706 4 hours ago, Maurice Naggar said: Hello. The link cited by Sandor is legitimate. It is not dangerous. as to "unknown owner" that does not by itself mean a actual threat. I suggest you go forward with the scan with Kaspersky tool. but cause the file is missing too, does this mean that its a file that has been placed there potentially by someone who has gained access to my system? like this: "Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)" do you see the capitalization differences in the file name? maybe i can check the publisher somehow? the one actually present in the file system has the capitalizations. i checked alot of the things listed as file missing and i would like it if they actually were deleted altogether, so long as it doesnt destroy functionality. i do not like windows phoning home all the time just on principle, its like android phones and their base band modem Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517842 Share Posted May 30, 2022 <Report> <Metadata Version="1" PCID="{BEF1DF85-CBE6-5C63-33F1-4F3CB0F0A9CC}" LastModification="2022.05.31 01:16:47.059" /> <EventBlocks> <Block0 Type="Scan" Processed="2854011" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="132983998051681871" Object="" Info="Started" /> <Event1 Action="Scan" Time="132984046070572687" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> report_2022.05.30_23.56.03.txt Link to post Share on other sites More sharing options...
Czepa Posted May 30, 2022 Author ID:1517843 Share Posted May 30, 2022 im not posting any information that could allow someone to hack me am i? lets say they already have my IP Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517851 Share Posted May 30, 2022 Very good result. KVRT "Scan" Processed="2854011" Found="0" No, what you have posted cannot be used to hack you. There are multiple layers of safety practices you can apply & follow religiously to prevent potential threats from even having a foot-hold. I need more information from this machine. Close as many other apps as you can before running this report. I would like a report set for review. This is a report only. Please download MALWAREBYRES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply Link to post Share on other sites More sharing options...
Czepa Posted May 31, 2022 Author ID:1517963 Share Posted May 31, 2022 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Czepa Posted May 31, 2022 Author ID:1517964 Share Posted May 31, 2022 15 hours ago, Maurice Naggar said: Hello. The link cited by Sandor is legitimate. It is not dangerous. as to "unknown owner" that does not by itself mean a actual threat. I suggest you go forward with the scan with Kaspersky tool. the reason i ask is because i talked with a developer friend and he said to be cautious of forks like this and mentioned that alot of github malware posting profiles have had provocative political statements. and although i agree with the statement it says on his the page linked: "Hi, I am Stanislav Polshyn - a lawyer, security observer and malware researcher from Ukraine (Chernobyl, Na'Vi, Щедрик, Colony of USA). Yankee go home!" ive downloaded it, but ill wait till later to run it. Link to post Share on other sites More sharing options...
Recommended Posts