Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Couldn't connect to inet & change in HjThis logs


  • Please log in to reply
3 replies to this topic

#1 pfour

pfour

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 03 November 2016 - 11:24 PM

Hello, this is my first post here.  This most likely is a non-issue, but I would appreciate opinions anyway, please.

 

I searched for a good place to post this, but this forum seemed as good as any because I didn't find any other that seemed to be HiJack This specific.  I know it is an older app, but I have used it for years and downloaded it immediately when I got this computer.

 

I was on the internet earlier today, and all was fine.  My kid got on to play a game, which he's done for years, and we haven't had a problem with him doing this for the past couple years as he's gotten older and understands that if he does anything that he's not allowed to (clicking stuff that he shouldn't), then he can't get on for a long time - meaning that we haven't had a security issue in a long time.  He gets off the computer, and later I log back in.  

Even though I am connected to the internet, my browser won't connect to anything:

  1. I ran diagnostics, and everything seemed to be fine,
  2. By chance, I had run a Hijack This scan earlier in the day, and everything was fine.  After this issue, I ran another one, which showed two extra entries, which were O17,
  3. I clicked "fix", and ran another scan.  The new, 3rd log did not show the O17 entries, but
  4. I looked in the Registry, and the entries are still there, which bothers me.
  5. I ran a MalwaryBytes scan and an Avast "Smart Scan", and both said everything is fine.

Here is a link to my imgur album, hjt, for the following screen captures.  A couple have captions, but most don't.  Please let me know if any clarification is needed:

 

http://imgur.com/a/lqgUn

  1. my first scan from when I first got the computer,
  2. the two scans that I ran today (not the 3rd one as it is the same as the 1st), and
  3. screen caps from my registry, just for overkill:
  • HKLM/system/ccs/services/tcpip
  • ditto/tcpip6
  • ditto/wfplwfs
  • ditto/vwififlt

 

1)  Would someone please let me know what, if anything, I need to do?  Can I simply delete these keys  because I don't want them in my registry if they aren't needed?  I've already backed up my registry to prepare for this, and I was going to do it but thought first to ask.  Please remember that I ran a third scan after clicking "fix", and the O17 entries are no longer there.

2)  How is it that these are still in my registry but no longer show on the log?

 

3)  Please let me know what you think of the changes in my HT logs by comparing the first one run on Aug 31, 2015, and the one run today.

 

4)  As an afterthought, I am adding a screen cap as the last photo in the album.  It is of a message that I have always received from HT about denying write access to the Host file.  I remember looking this up, and after reading a couple things, I thought that there was nothing to be worried about.  What do you think?

 

5)  Curiosity:  A lot of the O23 entries have "file missing" after them, but you can't see those in the screen caps.  What do they mean?

 

6)  Another afterthought:

I used CyberGhost for a while today, but I have in the past as well, which did not result in the issues I had today.  I found an address in the registry and searched it on google.  The first several results had to do with CyberGhost, but when I read them all, there was no mention of this IP addy.

 

Actually, there are a lot of ip #'s, and I don't know why I only looked for this one.  It is found in TCPIP/Parameters/Interfaces/{7EBD0B00...}.  I put the IP addy in the photo caption area.

 

Thank you for any help.

 

____________________________________________________________

My info:

Win 8.1
Chrome browser Version 54.0.2840.71 m


Edited by pfour, 03 November 2016 - 11:27 PM.


BC AdBot (Login to Remove)

 


#2 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 04 November 2016 - 02:42 AM

Hi:

 

Welcome. :)

 

You are correct -- HJT is an older, largely outdated tool that has fallen out of favor.  There are other, better alternatives, such as FRST and zoek (the logs from which are not permitted here in this particular area of the forum).

 

If you think you might be infected, then I suggest reading the stickies at the top and then posting, with some diagnostic logs, here: Am I Infected? What do I do?

If you think it's a NON-MALWARE networking issue, then you may wish instead to read the stickies at the top and then post here: Networking

 

Your post is quite long and detailed.

As just a home user, I struggled to determine what the exact problem is.

So, when you post in the other forum, you may wish to present a somewhat shorter, more concise description of the issue to start.

That will help others to more easily decide if it's something in their area of expertise.

They will then ask for additional details, as needed.

<friendly suggestion>

 

Cheers and good luck!

 

MM



#3 pfour

pfour
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 04 November 2016 - 08:06 AM

thank you Moxie Mama :)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:38 AM

Posted 07 November 2016 - 07:53 AM

Expanding on MoxieMomma's comments for you and other readers...HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like FRST, DDS, Zoek, RSIT and OTL that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.

Unless you know how to read and analyze logs from DDS, FRST, OTL, Zoek or RSIT there's no point in downloading and using them. If those tools are needed for a malware infection you should seek assistance from an expert who will advise you accordingly. Like HijackThis, these are powerful tools which rely on trained experts to interpret the log entries, determine what needs to be fixed and plan a strategy for disinfection. Using such tools requires advanced knowledge about the Windows Operating System and can cause system damage if used incorrectly. If you do not have advanced knowledge about computers or training in the use of these tools, you should NOT attempt to use them or fix anything without consulting a expert as to what to fix.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users