Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a feeling my computers being used from another source.


  • Please log in to reply
7 replies to this topic

#1 ReverseClassic

ReverseClassic

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 07 October 2013 - 12:06 AM

I've been having this problem for a while, I keep seeing random files and having random problems!

I've reformatted a couple times and the problem always comes back, I'm so confused and I hope I've posted this in the right place.



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:40 AM

Posted 07 October 2013 - 12:09 AM

What kind of files are you seeing?

Please download MiniToolBox, and save it to your desktop and run it.
Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

===================
Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

#3 ReverseClassic

ReverseClassic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 07 October 2013 - 12:13 AM

Thank you so much for the quick response, here's the log.

MiniToolBox by Farbar  Version: 13-07-2013
Ran by john (administrator) on 07-10-2013 at 01:12:10
Running from "C:\Users\john\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1    localhost

========================= IP Configuration: ================================

Killer Wireless-N 1103 Network Adapter = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Hardware not present)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : PapaJahn
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : PizzaPALACE

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-49-DD-1C-1C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : PizzaPALACE
   Description . . . . . . . . . . . : Killer Wireless-N 1103 Network Adapter
   Physical Address. . . . . . . . . : 7C-E9-D3-99-C0-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::39c6:8a82:43a3:d303%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.5.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Monday, October 07, 2013 12:39:54 AM
   Lease Expires . . . . . . . . . . : Tuesday, October 08, 2013 12:39:53 AM
   Default Gateway . . . . . . . . . : 192.168.5.1
   DHCP Server . . . . . . . . . . . : 192.168.5.1
   DNS Servers . . . . . . . . . . . : 192.168.5.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.PizzaPALACE:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{49DD1C1C-3E72-4814-BA17-E6CD846E169A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:7c:1868:78e8:519a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::7c:1868:78e8:519a%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  PapaJohns
Address:  192.168.5.1

Name:    google.com
Addresses:  2607:f8b0:4009:800::1008
      74.125.225.40
      74.125.225.32
      74.125.225.34
      74.125.225.37
      74.125.225.35
      74.125.225.38
      74.125.225.46
      74.125.225.36
      74.125.225.41
      74.125.225.33
      74.125.225.39


Pinging google.com [74.125.225.39] with 32 bytes of data:
Reply from 74.125.225.39: bytes=32 time=29ms TTL=54
Reply from 74.125.225.39: bytes=32 time=28ms TTL=54

Ping statistics for 74.125.225.39:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server:  PapaJohns
Address:  192.168.5.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=48ms TTL=51
Reply from 98.138.253.109: bytes=32 time=44ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 44ms, Maximum = 48ms, Average = 46ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...00 ff 49 dd 1c 1c ......TAP-Windows Adapter V9
 17...7c e9 d3 99 c0 78 ......Killer Wireless-N 1103 Network Adapter
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.5.1      192.168.5.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        192.0.0.0        255.0.0.0         On-link       192.168.5.2    281
      192.168.5.2  255.255.255.255         On-link       192.168.5.2    281
  192.255.255.255  255.255.255.255         On-link       192.168.5.2    281
   198.199.88.225  255.255.255.255      192.168.5.1      192.168.5.2     25
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.5.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.5.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:9d38:6abd:7c:1868:78e8:519a/128
                                    On-link
 17    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::7c:1868:78e8:519a/128
                                    On-link
 17    281 fe80::39c6:8a82:43a3:d303/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 17    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

=========================== Installed Programs ============================

µTorrent (Version: 3.3.2.30180)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Alienware Command Center (Version: 2.8.8.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.21025)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1025.1216.20147)
Catalyst Control Center InstallProxy (Version: 2012.1025.1216.20147)
Catalyst Control Center Localization All (Version: 2012.1025.1216.20147)
CCC Help Chinese Standard (Version: 2012.1025.1215.20147)
CCC Help Chinese Traditional (Version: 2012.1025.1215.20147)
CCC Help Danish (Version: 2012.1025.1215.20147)
CCC Help Dutch (Version: 2012.1025.1215.20147)
CCC Help English (Version: 2012.1025.1215.20147)
CCC Help Finnish (Version: 2012.1025.1215.20147)
CCC Help French (Version: 2012.1025.1215.20147)
CCC Help German (Version: 2012.1025.1215.20147)
CCC Help Italian (Version: 2012.1025.1215.20147)
CCC Help Japanese (Version: 2012.1025.1215.20147)
CCC Help Korean (Version: 2012.1025.1215.20147)
CCC Help Norwegian (Version: 2012.1025.1215.20147)
CCC Help Portuguese (Version: 2012.1025.1215.20147)
CCC Help Russian (Version: 2012.1025.1215.20147)
CCC Help Spanish (Version: 2012.1025.1215.20147)
CCC Help Swedish (Version: 2012.1025.1215.20147)
ccc-utility64 (Version: 2012.1025.1216.20147)
Dell System Detect (Version: 5.3.0.3)
ESET NOD32 Antivirus (Version: 7.0.104.0)
HGST Align Tool (Version: 2.0.154)
IDT Audio (Version: 1.0.6330.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Display Audio Driver (Version: 6.14.00.3097)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Rapid Storage Technology (Version: 10.0.0.1046)
League of Legends (Version: 3.0.0)
lucky leap 1.0.0 (Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MyPC Backup  (Version: )
Pando Media Booster (Version: 2.6.0.7)
PowerISO (Version: 5.7)
PowerXpressHybrid (Version: 1.00.0000)
PX Profile Update (Version: 1.00.1.)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.304)
Razer Synapse 2.0 (Version: 1.14.4)
Realtek PCIE Card Reader (Version: 6.1.7600.64)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.26.0)
Synaptics Pointing Device Driver (Version: 15.1.19.0)
TunnelBear 2.0.17.0 (Version: 2.0.17.0)
VLC media player 2.1.0 (Version: 2.1.0)
WinRAR 5.00 (32-bit) (Version: 5.00.0)
Z Engine (Version: 2.5.0.30_NA)

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 16331.82 MB
Available physical RAM: 13868.41 MB
Total Pagefile: 66330.02 MB
Available Pagefile: 63758.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.42 GB) (Free:832.73 GB) NTFS

========================= Users: ========================================

User accounts for \\PAPAJAHN

Administrator            Guest                    john                     


**** End of log ****

 



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:40 AM

Posted 07 October 2013 - 12:16 AM

I saw nothing suspicious in your installed programs.

What files make you think that you are being attacked?

#5 ReverseClassic

ReverseClassic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 07 October 2013 - 12:19 AM

Nothing that is currently installed, I've tried to remove everything but things keep happening
Could someone be remotely connecting to my computer and messing with stuff?



#6 ReverseClassic

ReverseClassic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 07 October 2013 - 12:38 AM

I have a good example, I just restarted my computer and for network inrastucture is says linksys WRT350N for network and I'm using a dlink DIR-665
which keeps flashing between other devices and Network infrastructure.

When I restarted this page was blocked by a proxy, I had to disable it.



#7 ReverseClassic

ReverseClassic
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 07 October 2013 - 12:45 AM

4qr47t.jpg



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:04:40 AM

Posted 07 October 2013 - 06:26 AM

How many Networking devices do you have installed, which one is owned by your ISP?

What was the error message that came up when trying to access this page?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users