Jump to content

Odd UDP/TCP Ports?


Recommended Posts

Hello, I'm not a big computer guy so apologies if this question comes off as dumb. But i was doing some computer testing/troubleshooting and did netstat, noticed a lot of odd ports i don't recognize, Ports up in the 40-50k range, are these normal? Biggest one I have is 61318, Snapshot related. PID's seem to be system processes.

Not saying they're viruses or anything as I have noticed nothing out of the ordinary when using this laptop, Malwarebytes scan comes back clean. Just a bit curious, any insight would help.


image.png.2e0d90104054f02edbd18aabf9d2d634.png

Link to post
Share on other sites

I'm sorry but that graphic is too granular.  We need to see the bigger picture to come to any conclusion. 

There are ~65K TCP and another ~65K UDP Ports.  Use of high port numbers is not necessarily unusual.

Example 1:

Spoiler

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            tpc:0                  LISTENING
  TCP    0.0.0.0:445            tpc:0                  LISTENING
  TCP    0.0.0.0:515            tpc:0                  LISTENING
  TCP    0.0.0.0:554            tpc:0                  LISTENING
  TCP    0.0.0.0:623            tpc:0                  LISTENING
  TCP    0.0.0.0:1025           tpc:0                  LISTENING
  TCP    0.0.0.0:1026           tpc:0                  LISTENING
  TCP    0.0.0.0:1027           tpc:0                  LISTENING
  TCP    0.0.0.0:1028           tpc:0                  LISTENING
  TCP    0.0.0.0:1029           tpc:0                  LISTENING
  TCP    0.0.0.0:1030           tpc:0                  LISTENING
  TCP    0.0.0.0:2869           tpc:0                  LISTENING
  TCP    0.0.0.0:2968           tpc:0                  LISTENING
  TCP    0.0.0.0:3389           tpc:0                  LISTENING
  TCP    0.0.0.0:5357           tpc:0                  LISTENING
  TCP    0.0.0.0:10243          tpc:0                  LISTENING
  TCP    0.0.0.0:16992          tpc:0                  LISTENING
  TCP    127.0.0.1:1102         tpc:0                  LISTENING
  TCP    127.0.0.1:1103         tpc:0                  LISTENING
  TCP    127.0.0.1:6543         tpc:0                  LISTENING
  TCP    127.0.0.1:20103        Blue-PC:20104          ESTABLISHED
  TCP    127.0.0.1:20104        Blue-PC:20103          ESTABLISHED
  TCP    127.0.0.1:21713        Blue-PC:21714          ESTABLISHED
  TCP    127.0.0.1:21714        Blue-PC:21713          ESTABLISHED
  TCP    127.0.0.1:21715        Blue-PC:21716          ESTABLISHED
  TCP    127.0.0.1:21716        Blue-PC:21715          ESTABLISHED
  TCP    127.0.0.1:43227        tpc:0                  LISTENING
  TCP    192.168.1.25:139       tpc:0                  LISTENING
  TCP    192.168.1.25:445       Violet-PC:49746        ESTABLISHED
  TCP    192.168.1.25:7767      rock:imaps             ESTABLISHED
  TCP    192.168.1.25:8039      imap:imaps             ESTABLISHED
  TCP    192.168.1.25:8270      69.173.156.148:https   FIN_WAIT_2
  TCP    192.168.1.25:8590      93:https               ESTABLISHED
  TCP    192.168.1.25:8845      dlipman-1:1040         ESTABLISHED
  TCP    192.168.1.25:19953     ec2-54-229-239-4:https  ESTABLISHED
  TCP    192.168.1.25:20111     rock:imaps             ESTABLISHED
  TCP    192.168.1.25:21149     Violet-PC:RDP          ESTABLISHED
  TCP    192.168.1.25:21154     dlipman-1:microsoft-ds  ESTABLISHED
  TCP    192.168.1.25:22938     imap:imaps             ESTABLISHED
  TCP    192.168.1.25:23110     rock:imaps             ESTABLISHED
  TCP    192.168.1.25:23111     rock:imaps             ESTABLISHED
  TCP    192.168.1.25:23180     server-18-238-80-48:https  CLOSE_WAIT
  TCP    192.168.1.25:23203     rock:imaps             ESTABLISHED
  TCP    [::]:135               Blue-PC:0              LISTENING
  TCP    [::]:445               Blue-PC:0              LISTENING
  TCP    [::]:515               Blue-PC:0              LISTENING
  TCP    [::]:554               Blue-PC:0              LISTENING
  TCP    [::]:623               Blue-PC:0              LISTENING
  TCP    [::]:1025              Blue-PC:0              LISTENING
  TCP    [::]:1026              Blue-PC:0              LISTENING
  TCP    [::]:1027              Blue-PC:0              LISTENING
  TCP    [::]:1028              Blue-PC:0              LISTENING
  TCP    [::]:1029              Blue-PC:0              LISTENING
  TCP    [::]:1030              Blue-PC:0              LISTENING
  TCP    [::]:2869              Blue-PC:0              LISTENING
  TCP    [::]:3389              Blue-PC:0              LISTENING
  TCP    [::]:5357              Blue-PC:0              LISTENING
  TCP    [::]:10243             Blue-PC:0              LISTENING
  TCP    [::]:16992             Blue-PC:0              LISTENING
  TCP    [::1]:20034            Blue-PC:20036          ESTABLISHED
  TCP    [::1]:20036            Blue-PC:20034          ESTABLISHED
  UDP    0.0.0.0:500            *:*                    
  UDP    0.0.0.0:969            *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:4500           *:*                    
  UDP    0.0.0.0:5004           *:*                    
  UDP    0.0.0.0:5005           *:*                    
  UDP    0.0.0.0:5355           *:*                    
  UDP    0.0.0.0:51338          *:*                    
  UDP    0.0.0.0:51339          *:*                    
  UDP    0.0.0.0:51340          *:*                    
  UDP    0.0.0.0:51341          *:*                    
  UDP    0.0.0.0:51342          *:*                    
  UDP    0.0.0.0:51343          *:*                    
  UDP    0.0.0.0:55107          *:*                    
  UDP    0.0.0.0:59497          *:*                    
  UDP    0.0.0.0:59499          *:*                    
  UDP    0.0.0.0:59662          *:*                    
  UDP    0.0.0.0:61669          *:*                    
  UDP    0.0.0.0:64261          *:*                    
  UDP    127.0.0.1:1900         *:*                    
  UDP    127.0.0.1:64265        *:*                    
  UDP    192.168.1.25:137       *:*                    
  UDP    192.168.1.25:138       *:*                    
  UDP    192.168.1.25:520       *:*                    
  UDP    192.168.1.25:1900      *:*                    
  UDP    192.168.1.25:2968      *:*                    
  UDP    192.168.1.25:64264     *:*                    
  UDP    [::]:500               *:*                    
  UDP    [::]:968               *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:4500              *:*                    
  UDP    [::]:5004              *:*                    
  UDP    [::]:5005              *:*                    
  UDP    [::]:59498             *:*                    
  UDP    [::]:59500             *:*                    
  UDP    [::]:61670             *:*                    
  UDP    [::]:64262             *:*                    
  UDP    [::1]:1900             *:*                    
  UDP    [::1]:64263            *:*                    

 

Example 2:
 

Spoiler

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            a:0                    LISTENING
  TCP    0.0.0.0:445            a:0                    LISTENING
  TCP    0.0.0.0:515            a:0                    LISTENING
  TCP    0.0.0.0:554            a:0                    LISTENING
  TCP    0.0.0.0:2869           a:0                    LISTENING
  TCP    0.0.0.0:2968           a:0                    LISTENING
  TCP    0.0.0.0:3389           a:0                    LISTENING
  TCP    0.0.0.0:5040           a:0                    LISTENING
  TCP    0.0.0.0:5357           a:0                    LISTENING
  TCP    0.0.0.0:7250           a:0                    LISTENING
  TCP    0.0.0.0:10243          a:0                    LISTENING
  TCP    0.0.0.0:49664          a:0                    LISTENING
  TCP    0.0.0.0:49665          a:0                    LISTENING
  TCP    0.0.0.0:49666          a:0                    LISTENING
  TCP    0.0.0.0:49667          a:0                    LISTENING
  TCP    0.0.0.0:49668          a:0                    LISTENING
  TCP    0.0.0.0:49670          a:0                    LISTENING
  TCP    0.0.0.0:49680          a:0                    LISTENING
  TCP    127.0.0.1:49754        a:0                    LISTENING
  TCP    192.168.1.48:139       a:0                    LISTENING
  TCP    192.168.1.48:3389      Blue-PC:21149          ESTABLISHED
  TCP    192.168.1.48:49744     dlipman-1:1040         ESTABLISHED
  TCP    192.168.1.48:49746     Blue-PC:microsoft-ds   ESTABLISHED
  TCP    192.168.1.48:49747     dlipman-1:microsoft-ds  ESTABLISHED
  TCP    192.168.1.48:49748     20.25.241.18:https     ESTABLISHED
  TCP    192.168.137.1:139      a:0                    LISTENING
  TCP    [::]:135               Violet-PC:0            LISTENING
  TCP    [::]:445               Violet-PC:0            LISTENING
  TCP    [::]:515               Violet-PC:0            LISTENING
  TCP    [::]:554               Violet-PC:0            LISTENING
  TCP    [::]:2869              Violet-PC:0            LISTENING
  TCP    [::]:3389              Violet-PC:0            LISTENING
  TCP    [::]:5357              Violet-PC:0            LISTENING
  TCP    [::]:7250              Violet-PC:0            LISTENING
  TCP    [::]:10243             Violet-PC:0            LISTENING
  TCP    [::]:49664             Violet-PC:0            LISTENING
  TCP    [::]:49665             Violet-PC:0            LISTENING
  TCP    [::]:49666             Violet-PC:0            LISTENING
  TCP    [::]:49667             Violet-PC:0            LISTENING
  TCP    [::]:49668             Violet-PC:0            LISTENING
  TCP    [::]:49670             Violet-PC:0            LISTENING
  TCP    [::]:49680             Violet-PC:0            LISTENING
  UDP    0.0.0.0:123            *:*                    
  UDP    0.0.0.0:500            *:*                    
  UDP    0.0.0.0:3389           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:3702           *:*                    
  UDP    0.0.0.0:4500           *:*                    
  UDP    0.0.0.0:5004           *:*                    
  UDP    0.0.0.0:5004           *:*                    
  UDP    0.0.0.0:5005           *:*                    
  UDP    0.0.0.0:5005           *:*                    
  UDP    0.0.0.0:5050           *:*                    
  UDP    0.0.0.0:5353           *:*                    
  UDP    0.0.0.0:5355           *:*                    
  UDP    0.0.0.0:53487          *:*                    
  UDP    0.0.0.0:54909          *:*                    
  UDP    0.0.0.0:54910          *:*                    
  UDP    0.0.0.0:54911          *:*                    
  UDP    0.0.0.0:54912          *:*                    
  UDP    0.0.0.0:54913          *:*                    
  UDP    0.0.0.0:54914          *:*                    
  UDP    0.0.0.0:57311          *:*                    
  UDP    0.0.0.0:58966          *:*                    
  UDP    0.0.0.0:62370          *:*                    
  UDP    127.0.0.1:1900         *:*                    
  UDP    127.0.0.1:54908        127.0.0.1:54908        
  UDP    127.0.0.1:61741        *:*                    
  UDP    192.168.1.48:137       *:*                    
  UDP    192.168.1.48:138       *:*                    
  UDP    192.168.1.48:1900      *:*                    
  UDP    192.168.1.48:2968      *:*                    
  UDP    192.168.1.48:61739     *:*                    
  UDP    192.168.137.1:67       *:*                    
  UDP    192.168.137.1:68       *:*                    
  UDP    192.168.137.1:137      *:*                    
  UDP    192.168.137.1:138      *:*                    
  UDP    192.168.137.1:1900     *:*                    
  UDP    192.168.137.1:2968     *:*                    
  UDP    192.168.137.1:61740    *:*                    
  UDP    [::]:123               *:*                    
  UDP    [::]:500               *:*                    
  UDP    [::]:3389              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:3702              *:*                    
  UDP    [::]:4500              *:*                    
  UDP    [::]:5004              *:*                    
  UDP    [::]:5005              *:*                    
  UDP    [::]:5353              *:*                    
  UDP    [::]:5355              *:*                    
  UDP    [::]:57312             *:*                    
  UDP    [::]:58967             *:*                    
  UDP    [::]:62370             *:*                    
  UDP    [::1]:1900             *:*                    
  UDP    [::1]:61738            *:*                    
  UDP    [fe80::c28b:c074:ec9a:264a%11]:1900  *:*                    
  UDP    [fe80::c28b:c074:ec9a:264a%11]:61737  *:*                    

 

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

I can just copypaste the netstat log for you.

Spoiler

Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1684
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5040           0.0.0.0:0              LISTENING       6756
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING       1380
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING       1204
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING       2784
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING       2904
  TCP    0.0.0.0:49668          0.0.0.0:0              LISTENING       5376
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING       1344
  TCP    127.0.0.1:9080         0.0.0.0:0              LISTENING       6092
  TCP    127.0.0.1:43227        0.0.0.0:0              LISTENING       6036
  TCP    127.0.0.1:49720        127.0.0.1:65001        ESTABLISHED     6000
  TCP    127.0.0.1:49725        0.0.0.0:0              LISTENING       12384
  TCP    127.0.0.1:49725        127.0.0.1:49745        ESTABLISHED     12384
  TCP    127.0.0.1:49745        127.0.0.1:49725        ESTABLISHED     15744
  TCP    127.0.0.1:50027        127.0.0.1:50028        ESTABLISHED     18472
  TCP    127.0.0.1:50028        127.0.0.1:50027        ESTABLISHED     18472
  TCP    127.0.0.1:50029        127.0.0.1:50030        ESTABLISHED     18732
  TCP    127.0.0.1:50030        127.0.0.1:50029        ESTABLISHED     18732
  TCP    127.0.0.1:65001        0.0.0.0:0              LISTENING       6000
  TCP    127.0.0.1:65001        127.0.0.1:49720        ESTABLISHED     6000
  TCP    192.168.0.192:139      0.0.0.0:0              LISTENING       4
  TCP    192.168.0.192:54785    18.238.109.26:443      CLOSE_WAIT      6036
  TCP    192.168.0.192:58747    34.107.243.93:443      ESTABLISHED     18472
  TCP    192.168.0.192:58815    35.186.227.140:443     TIME_WAIT       0
  TCP    192.168.0.192:59090    52.137.106.217:443     TIME_WAIT       0
  TCP    192.168.0.192:59093    52.137.106.217:443     TIME_WAIT       0
  TCP    192.168.0.192:59142    20.42.65.89:443        ESTABLISHED     9028
  TCP    [::]:135               [::]:0                 LISTENING       1684
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:49664             [::]:0                 LISTENING       1380
  TCP    [::]:49665             [::]:0                 LISTENING       1204
  TCP    [::]:49666             [::]:0                 LISTENING       2784
  TCP    [::]:49667             [::]:0                 LISTENING       2904
  TCP    [::]:49668             [::]:0                 LISTENING       5376
  TCP    [::]:49670             [::]:0                 LISTENING       1344
  TCP    [HOMEIP]:49683  [2603:1030:a07:a::400]:443  ESTABLISHED     5480
  TCP    [HOMEIP]:49835  [2606:4700:4400::ac40:97c3]:443  ESTABLISHED     18880
  TCP    [HOMEIP]:49837  [2606:4700:4400::6812:2aca]:443  ESTABLISHED     19140
  TCP    [HOMEIP]:49838  [2606:4700:4400::ac40:97c3]:443  ESTABLISHED     19140
  TCP    [HOMEIP]:56564  [2603:1036:30c:909::2]:443  FIN_WAIT_1      9028
  TCP    [HOMEIP]:56566  [2600:1405:8400:6::17d1:54d3]:443  LAST_ACK        9028
  TCP    [HOMEIP]:56571  [2606:2800:11f:17a5:191a:18d5:537:22f9]:443  LAST_ACK        9028
  TCP    [HOMEIP]:58179  [2607:f8b0:402a:80c::200e]:443  ESTABLISHED     18472
  TCP    [HOMEIP]:59060  [2620:1ec:bdf::71]:443  TIME_WAIT       0
  TCP    [HOMEIP]:59061  [2600:1901:0:8e3f::]:443  ESTABLISHED     18472
  TCP    [HOMEIP]:59062  [2600:1901:0:e988::]:443  ESTABLISHED     18472
  TCP    [HOMEIP]:59089  [2607:f8b0:402a:80b::2005]:443  ESTABLISHED     18472
  TCP    [HOMEIP]:59139  [2600:1405:8400:6::17d1:54d3]:443  ESTABLISHED     9028
  TCP    [HOMEIP]:59140  [2600:1405:8400:6::17d1:54d3]:443  ESTABLISHED     9028
  TCP    [HOMEIP]:59141  [2603:1036:30c:909::2]:443  ESTABLISHED     9028
  TCP    [HOMEIP]:59143  [2603:1063:27:2::254]:443  ESTABLISHED     9028
  TCP    [HOMEIP]:59144  [2620:1ec:bdf::71]:443  ESTABLISHED     9028
  TCP    [HOMEIP]:59145  [2a01:111:202c::254]:443  ESTABLISHED     9028
  UDP    0.0.0.0:500            *:*                                    5980
  UDP    0.0.0.0:4500           *:*                                    5980
  UDP    0.0.0.0:5050           *:*                                    6756
  UDP    0.0.0.0:5353           *:*                                    2348
  UDP    0.0.0.0:5355           *:*                                    2348
  UDP    0.0.0.0:52365          *:*                                    2348
  UDP    0.0.0.0:54394          *:*                                    6000
  UDP    0.0.0.0:59643          *:*                                    2348
  UDP    0.0.0.0:59779          *:*                                    18472
  UDP    0.0.0.0:65431          *:*                                    2348
  UDP    127.0.0.1:10010        *:*                                    12384
  UDP    127.0.0.1:49664        127.0.0.1:49664                        5948
  UDP    127.0.0.1:55788        *:*                                    8928
  UDP    192.168.0.192:137      *:*                                    4
  UDP    192.168.0.192:138      *:*                                    4
  UDP    192.168.0.192:5353     *:*                                    6000
  UDP    [::]:500               *:*                                    5980
  UDP    [::]:4500              *:*                                    5980
  UDP    [::]:5353              *:*                                    2348
  UDP    [::]:5355              *:*                                    2348
  UDP    [::]:50661             *:*                                    18472
  UDP    [::]:52365             *:*                                    2348
  UDP    [::]:54395             *:*                                    6000
  UDP    [::]:58643             *:*                                    18472
  UDP    [::]:59643             *:*                                    2348
  UDP    [::]:59772             *:*                                    18472
  UDP    [::]:65431             *:*                                    2348
  UDP    [::1]:5353             *:*                                    6000

 

Link to post
Share on other sites

I really don't see anything.

I suggest acquainting your self with a GUI utility such as TCPView (Microsoft Sysinternals ) and CurrPorts (NirSoft).

Then you can visually see what software is making connections on-the-fly (refreshed per time interval) to what sites using what ports.  You can also have the software resolve IP to name.

CurrPorts Example:

Image.thumb.jpg.234e668b456fbf8b820dcebd2ffdd9c7.jpg

  • Like 1
Link to post
Share on other sites

If you don't see anything then it's most likely something I'm over analyzing and I don't think I'll mess with it any further, I'll still take a look at the two programs you've recommended. But at the moment I'm contempt with the answer you have given, Thank you for your time 🙂

Link to post
Share on other sites

  • Root Admin

If you want, we can have your runs some scans and post back the logs and let you know if we find anything wrong with the system @AphexTwin

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

Wouldn't hurt to do :)

For AdwCleaner I couldn't click "quarantine" as requested in instructions as nothing malicious was found. Hope that doesn't effect anything.

For MalwareBytes the scan cuts off at 200k items scanned, an advanced scan (This was one I did a while ago) shows about 400k items scanned, is that something to worry about?

Malwarebytes Scan Report 2024-10-01 103059.txt AdwCleaner[S00].txt FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

Thank you for the logs. There are no obvious signs of any infection but the system did have some faults on the Mullvad VPN and network which perhaps may have shown as something odd for you.

Let's go ahead and do a generic clean up @AphexTwin

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\coder\Desktop\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Thank you for the log. That looks to have run well overall.

I would go ahead and uninstall Mullvad VPN and then re-install it. I use Mullvad VPN myself and love it.

https://mullvad.net/en/download/vpn/windows

 

Please go ahead and run the following for me @AphexTwin

 

Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Thank you


Please Uninstall, Update, or otherwise address the following as appropriate for your computer

 

Then RESTART the computer and check for Windows Updates and install any found

 

Aside from that we look to be all set now. I'll give you a closing speech and close your topic soon. Thank you for working with us on your issues.

 

 

 

 

Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well.

Please follow the directions below to remove the logs and tools we've used. If any are still left after that you can manually uninstall or delete them.

Take care and stay safe out there. Try to follow as much of the advise below as you can as well.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt. You can close it.

 

We're glad that we were able to assist you.

 

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Discord "should" be up to date as I had an update prompt up earlier this afternoon. I'll check for updates again to make sure.

Will go ahead and update LibreOffice to its most up-to-date version.

image.png.04bdbd7311c5ac824642ea042f6d58e1.png

Will post KRNL log when completed.

Other then that, I have no other concerns, you have been really helpful and I am very appreciative, Thank you very much and have a great day/night.

kprm-20241001202643.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.