Jump to content

HijackThis logs


Go to solution Solved by Maurice Naggar,

Recommended Posts

Thank you for the Malwarebytes-support tool report.
The 4 most recent scans by Malwarebytes from the 28th thru the 31st of May have reported no malware. Let's do one new Scan.

Launch Malwarebytes.
Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

NOTE:

For the record, AND because other people do read these topics, The github link to the latest community version of HJT is perfectly fine. I have even gotten it and have run it on one of my Windows 10 rigs.

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites

Thanks for the clarification ill run it tomorrow after work.

goodnight, and cheers for all your help so far

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/31/22
Scan Time: 10:34 PM
Log File: caf1c6fa-e0ee-11ec-87fc-b42e99ecce76.json

-Software Information-
Version: 4.5.9.198
Components Version: 1.0.1689
Update Package Version: 1.0.55626
License: Free

-System Information-
OS: Windows 10 (Build 19044.1706)
CPU: x64
File System: NTFS
User: Miranda\Ross

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 296531
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 26 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

That is a fine report. At your next opportunity, get very latest Release of Mozilla Firefox browser.
Mozilla Firefox 86.0 that is currently on this machine is way out of date  >>>  Version 101.0 is the newest release.  https://securitygarden.blogspot.com/2022/05/mozilla-firefox-version-1010-released.html

Link to post
Share on other sites

The Malwarebytes had found no malware. PC is good to go.

Next,
when you get caught up, do a Backup of this system to offline storage, Backup is your best friend.
Also,

I would recommend getting a report on the update status of some key apps.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

sorry for the late reply, ive been busy with work. and other issues

 

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 02.06.2022 14:29:38
Path starting: C:\Users\Ross\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Ross
VersionXML: 9.81is-29.05.2022
___________________________________________________________________________

Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0409)
Installation date OS: 27.02.2021 05:28:58
LicenseStatus: Windows(R), Professional edition Volume activation will expire : 229254 minutes
Boot Mode: Normal
Default Browser: C:\Program Files\Waterfox\waterfox.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [385.8 Gb] Free: [79.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 2)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.9.198 v.4.5.9.198
GlassWire 2.3 (remove only) v.2.3.397
-------------------------- [ SecurityUtilities ] --------------------------
RogueKiller version 15.5.1.0 v.15.5.1.0
GlassWire 2.3 (remove only) v.2.3.397
--------------------------- [ OtherUtilities ] ----------------------------
GPL Ghostscript v.9.53.3 Warning! Download Update
Uninstall old version and install new one.
Steam v.2.10.91.91
OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.00 (64-bit) v.6.00.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
qBittorrent 4.3.3 v.4.3.3 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.12 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning! Download Update
Waterfox (x64 en-US) v.G4.1.2.1
Microsoft Edge v.88.0.705.81 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird (x86 en-US) v.91.9.1
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\GlassWire\GlassWire.exe v.2.3.397.0
C:\Program Files (x86)\GlassWire\GWIdlMon.exe v.2.3.397.0
GlassWire Control Service (GlassWire) - The service is running
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe v.2.3.397.0
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1302
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1058
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.00 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------

 

OOPS, HERE IT IS RAN AS ADMINISTRATOR:

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 03.06.2022 01:59:30
Path starting: C:\Users\Ross\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Ross
VersionXML: 9.81is-29.05.2022
___________________________________________________________________________

Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0409)
Installation date OS: 27.02.2021 05:28:58
LicenseStatus: Windows(R), Professional edition Volume activation will expire : 228564 minutes
Boot Mode: Normal
Default Browser: C:\Program Files\Waterfox\waterfox.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [386.3 Gb] Free: [78.9 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 2)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.9.198 v.4.5.9.198
GlassWire 2.3 (remove only) v.2.3.397
-------------------------- [ SecurityUtilities ] --------------------------
RogueKiller version 15.5.1.0 v.15.5.1.0
GlassWire 2.3 (remove only) v.2.3.397
--------------------------- [ OtherUtilities ] ----------------------------
GPL Ghostscript v.9.53.3 Warning! Download Update
Uninstall old version and install new one.
Steam v.2.10.91.91
OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.00 (64-bit) v.6.00.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
qBittorrent 4.3.3 v.4.3.3 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.12 Warning! Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning! Download Update
Waterfox (x64 en-US) v.G4.1.2.1
Microsoft Edge v.88.0.705.81 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird (x86 en-US) v.91.9.1
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\GlassWire\GlassWire.exe v.2.3.397.0
C:\Program Files (x86)\GlassWire\GWIdlMon.exe v.2.3.397.0
GlassWire Control Service (GlassWire) - The service is running
C:\Program Files (x86)\GlassWire\GWCtlSrv.exe v.2.3.397.0
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1302
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1058
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner v.6.00 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------

 

 

Link to post
Share on other sites

Thank you. RogueKiller you should uninstall. That type of tool ought not to be used on your own; but rather, only with the guidance of a trained malware removal specialist.

CCleaner is no longer recommend by most of the security community, ever since after it was sold to an outside party by Piriform. Instead, you can use the built-in-Windows "CLEANMGR" app.

Your attention is also needed for all the items marked in red from this last report. 

GPL Ghostscript v.9.53.3 Warning!   Download Update
Uninstall old version and install new one.

OpenOffice 4.1.11 v.4.111.9808 Warning!   Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.00 (64-bit) v.6.00.0 Warning!   Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning!   Download Update
--------------------------------- [ P2P ] ---------------------------------
qBittorrent 4.3.3 v.4.3.3 Warning!   Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.12 Warning!   Download Update
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning!   Download Update

Microsoft Edge v.88.0.705.81 Warning!   Download Update

Further

I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

*

I believe your system is good to go. I will guide you on removing the tools I had you use.😀

Link to post
Share on other sites

sorry, ive been experiencing domestic abuse. why the question about crypto app? i use a browser addon wallet, but dont use it much. crypto is gambling and a pyramid/ponzi scheme destined to fail, or succeed at devaluing all stores of value (great - reset).

if i block cs9.wac.phicdn.net or all phicdn.net in my router will this cause problems?

CLEANMGR.exe doesnt open, is there a way to navigate to it through menus?

Link to post
Share on other sites

Hello. The reason I inquired about "crypto"-type apps is my mistake. I confused another person's case with yours. My apology. Please ignore my inquiry about that.
Blocking cs9.wac.phicdn.net should not cause a problem.
On how to start & use Cleanmgr see https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html
I very much regret your experiencing domestic abuse.

Edited by Maurice Naggar
amended notes
Link to post
Share on other sites

As one measure to beef-up web browsers:
Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard on EDge & on Waterfox.

See Support article how-to for Waterfox /Firefox
https://support.malwarebytes.com/hc/en-us/articles/4413298841747--Install-Malwarebytes-Browser-Guard-on-Firefox-browser

For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
*
We have run scans with 
Adwcleaner
Malwarebytes
ESET Onlinescanner
MS Safety Scanner
Kaspersky KVRT

*

I would like us to run a custom script to do some housekeeping & to run some additional checks. That needs to be done using a trusted tool Farbar FRST. Since I am unsure whether it is already on the machine, I would like you to download it, making sure you save it to a folder, and to remember where.

you can simply download & save a new copy of the tool FRST64.exe from this link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

NEXT

Run this procedure. The script works as a pair along with FRST64. They both need to be saved on the same folder on your machine.

This custom script is for  CZEPA  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do  checks & some  cleanups. 

We will use FRST64   to run a custom script.    The system will be rebooted after the script has run.

NOTE-1:  This script will  check on Microsoft Defender & make sure it is up-to-date & do scans. It will also get a status check on services. The script will also run System File Checker ( SFC) and DISM to check the Windows system.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

  • Please save the (attached file named) FIXLIST.txt   to the   same   folder where you saved FRST64

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the   folder where FRST64 is.


RIGHT click on FRST64  and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. 
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick with me.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.