Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone/something has control of my computer


  • Please log in to reply
3 replies to this topic

#1 coachoflife

coachoflife

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 08 April 2016 - 02:39 PM

I have difficulty with e-mail (sending and receiving) sending them turns to red and nothing happens.  Do not get all my e-mails sometimes for weeks or months (these pop up after a period of receiving none for months), surveys I do get affected for a few days and then it changes to another companies surveys not to work or the site being accessed.  One of these sites I can access has not changed or added anything since January and sends me no survey invites.  Websites in general are hit and miss as to when I can access them and watching things by stream is the same and it varies as to how good the quality is even on things I have a paid subscription on.  Queried one of these and they found no problems on their end and on a lot of other things no one else is experiencing any problems.  Playing games loaded by disc I have will result in getting 2 days play and then computer restarts by itself and puts up updates, which fail (first time waited 4 hours and switched off computer as it says do not switch off computer), then I try restore point which fails as does anything else as it always wipes my computer giving me no chance to save anything.  Where it goes back to has viruses and search engine grayed out so no matter which one I put up it can never be changed.  Had the problem for ages, now on 3 computers (bought 2nd one brand new and promptly got same problem), and got it fixed on my first one but it hit me for a load of viruses day after day and then crashed my C drive.  Got latest computer 2nd hand and got same virus/problem after 5 days.  Did click on a pop up on a free sports site to clear it (think I did the same with other 2 computers) and then got problems straight away.  Put wireshark and cports on my new computer and caught some Facebook ports open (do not use now but had account over 2 years ago) blocked these and found a new one from Ireland so blocked all Facebook.  Now things are worse as a lot more things are being affected and not being able to access.  Any help would be much appreciated as I feel I no longer have anymore I can do and buying computers is now becoming an expensive hobby.



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:37 AM

Posted 20 April 2016 - 06:02 PM

Couple of questions before we move onto some deeper look at the issues ....
 
1)  You state you have / had virus on your system; how do you know this?  Was this stated by a AntiVirus program?  If so, what AntiVirus is it?
 
2)  How are your systems connected to the internet?  Are they all wireless or wired?  That is, from the PC to the modem / router in your home.
 
3) Can you run the following utility to see some more info on your system?
 

Please download MiniToolBox, save it to your desktop and run it.

Check mark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 coachoflife

coachoflife
  • Topic Starter

  • Members
  • 118 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 21 April 2016 - 01:58 AM

 
John Barr <johnjbarr07@gmail.com>
07:46 (10 minutes ago)
cleardot.gif
 
cleardot.gif
cleardot.gif
to BleepingComput.
cleardot.gif
 
 
 
 
 
Hi,
 
I have had a few people look at my computer and one of them found a virus hidden in my registry but did not say what he found.  It had been the google redirect virus but that was found and cleared up.  I still had a problem and it has affected my computers in the exact same way.
 
I am connected by a wired connection.
 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by x (administrator) on 21-04-2016 at 07:42:41
Running from "C:\Users\x\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP Compaq dx2450 Microtower PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost127.0.0.1 login.facebook.com
127.0.0.1 blog.facebook.com# 50.31.164.166
========================= IP Configuration: ================================
 
NVIDIA nForce Networking Controller = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : x-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-22-64-BD-6F-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f89b:1bc9:c5dc:d57b%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 21 April 2016 07:29:50
   Lease Expires . . . . . . . . . . : 22 April 2016 07:29:50
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234889828
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-41-12-97-00-22-64-BD-6F-69
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.lan:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.lan
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2a00:1450:4009:812::200e
  212.56.71.155
  212.56.71.170
  212.56.71.165
  212.56.71.152
  212.56.71.144
  212.56.71.166
  212.56.71.154
  212.56.71.159
  212.56.71.163
  212.56.71.176
  212.56.71.181
  212.56.71.148
  212.56.71.177
  212.56.71.174
  212.56.71.185
  212.56.71.187
 
 
Pinging google.com [212.56.71.155] with 32 bytes of data:
Reply from 212.56.71.155: bytes=32 time=18ms TTL=59
Reply from 212.56.71.155: bytes=32 time=18ms TTL=59
 
Ping statistics for 212.56.71.155:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 18ms, Maximum = 18ms, Average = 18ms
Server:  dsldevice.lan
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
  2001:4998:44:204::a7
  2001:4998:58:c02::a9
  98.139.183.24
  98.138.253.109
  206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=110ms TTL=50
Reply from 98.139.183.24: bytes=32 time=109ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 109ms, Maximum = 110ms, Average = 109ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 22 64 bd 6f 69 ......NVIDIA nForce Networking Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.1     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.1    276
      192.168.1.1  255.255.255.255         On-link       192.168.1.1    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.1    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::f89b:1bc9:c5dc:d57b/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/21/2016 07:31:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 09:47:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 10:37:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 06:11:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 04:32:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 11:00:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 10:01:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 08:37:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 02:48:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 02:23:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/21/2016 07:29:50 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%2
 
Error: (04/21/2016 07:29:50 AM) (Source: Service Control Manager) (User: )
Description: The AVG Service service failed to start due to the following error: 
%%1053
 
Error: (04/21/2016 07:29:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
 
Error: (04/21/2016 07:29:50 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error: 
%%2
 
Error: (04/20/2016 09:46:06 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%2
 
Error: (04/20/2016 09:46:06 PM) (Source: Service Control Manager) (User: )
Description: The AVG Service service failed to start due to the following error: 
%%1053
 
Error: (04/20/2016 09:46:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG Service service to connect.
 
Error: (04/20/2016 09:46:06 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service failed to start due to the following error: 
%%2
 
Error: (04/20/2016 10:36:19 AM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service failed to start due to the following error: 
%%2
 
Error: (04/20/2016 10:36:19 AM) (Source: Service Control Manager) (User: )
Description: The AVG Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (04/21/2016 07:31:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 09:47:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 10:37:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 06:11:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/20/2016 04:32:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 11:00:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 10:01:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 08:37:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 02:48:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2016 02:23:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
AVG (HKLM\...\{B478848A-12D4-41C5-8DCA-83E4F2AD8022}) (Version: 16.41.7441 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{1D261E72-509D-4F21-BE63-7E923F4664BA}) (Version: 16.0.4540 - AVG Technologies) Hidden
FMW 1 (HKLM\...\{1F610B48-81E7-4A33-AFC9-1D7602C80732}) (Version: 1.52.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{860B418B-F90B-465A-BC1D-04B518045C72}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 53%
Total physical RAM: 3966.49 MB
Available physical RAM: 1838.06 MB
Total Virtual: 7931.17 MB
Available Virtual: 5693.76 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:148.67 GB) (Free:111.64 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\X-PC
 
Administrator            Guest                    UpdatusUser              
x                        
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
05-04-2016 14:24:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
05-04-2016 18:33:25 Windows Update
05-04-2016 19:31:49 Windows Modules Installer
05-04-2016 20:47:25 Restore Operation
06-04-2016 12:43:36 Windows Update
09-04-2016 21:10:02 Windows Update
15-04-2016 02:00:13 Windows Update
18-04-2016 19:51:33 Windows Update
 
**** End of log ****
cleardot.gif
 
 
 
profile_mask2.png
Mail Delivery Subsystem <mailer-daemon@googlemail.com>
07:46 (10 minutes ago)
cleardot.gif
 
cleardot.gif
cleardot.gif
to me
cleardot.gif
 
 
 
 
 
Delivery to the following recipient failed permanently:

     bleep@bleepingcomputer.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain bleepingcomputer.com by aspmx.l.google.com. [2607:f8b0:4001:c13::1a].

The error that the other server returned was:
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1  https://support.google.com/mail/answer/6596 dd9si14922161igc.27 - gsmtp


----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to;
        bh=osXtJ5ua8nDT/I8kr1pSw15o3RDcvh54o+B5pf1Dai8=;
        b=A15VYAqy97419kiZG5gim7y2MqXFOuSSdy/caWbgvi9jdmXCBxZxVraRWHi72o38v8
         qv+EINufRzefSnYiaF246RD3rQ+VRlOy93FnlwaR0lauUy39VNuMjmrAIlTQNeEbmaAD
         Vznhn94mQxh4XCdFyhg14Fv3JSq518khNEI58r8fXpuVltvHvw/LA29hi3288wS+NlMA
         eZ1oArVca8Qgk1HgkPod6KLjjH7112AKxJYWkOcfBxBt8Q8T0Evf4Ed3RsWqenr5+13C
         6tj8IRavgUL0njSHl4pIfc0lyBrOX/spvKiVCgJS1ctHBA/WOCL2nDugvE4B8GAr82Oo
         AZIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to;
        bh=osXtJ5ua8nDT/I8kr1pSw15o3RDcvh54o+B5pf1Dai8=;
        b=MGOBLEHWaXJ0uSixounk4h42VR6qSwL0gMNs9iB02IvG/+6OyMVhFQmGJKCJapBBCV
         oFSOs90yn9gdgsNFH8jfk+Nm6oeuCNYfIutc632Wl7v5DCi02u2rVkB1k8MMoe12joLa
         dbYfPy4lBPaGo3zIxnRwVFm/AND0D99XI6r89DX1zo57zkTboQ2s9MAX9kcpLOOteCV4
         BOB2EnVfb8QdKLcynOnAcygsf+95Niz+sgUFN8+e6z8hFUnuRmlbWlrLML20W5u4NHUJ
         ac1Xxj0fMLhFRseya1oMND4lXMo2yFAnEFtAgEY/a8JVdAlNuEA3oRTyDRjHPVQvPgzJ
         Q0Ng==
X-Gm-Message-State: AOPr4FWKk937ouXAktm205yHjGVyGAsnF3FKikWzfRPAwPoy5DEy4QNgsKB2GGncbYYat/YteGiH7ipbqCXD8w==
MIME-Version: 1.0
X-Received: by 10.50.160.41 with SMTP id xh9mr1521209igb.64.1461221197065;
 Wed, 20 Apr 2016 23:46:37 -0700 (PDT)
Received: by 10.36.18.8 with HTTP; Wed, 20 Apr 2016 23:46:37 -0700 (PDT)
In-Reply-To: <be04716d5cc66942c80b2bf2b17ec93c@www.bleepingcomputer.com>
References: <be04716d5cc66942c80b2bf2b17ec93c@www.bleepingcomputer.com>
Date: Thu, 21 Apr 2016 07:46:37 +0100
Message-ID: <CAFiJoTEWXFkAZKgVJ85sQB788kk0UO9CcowFpYKPwySDaMgOkg@mail.gmail.com>
Subject: Re: A new reply has been posted to Someone/something has control of
 my computer
From: John Barr <johnjbarr07@gmail.com>
To: "BleepingComputer.com" <bleep@bleepingcomputer.com>
Content-Type: multipart/alternative; boundary=001a11380a1663d93d0530f912a3
 
----- Message truncated -----
 
 
 
 
 
 
no_photo.png
 
cleardot.gif
 
Mail Delivery Subsystem (mailer-daemon@googlemail.com)


#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:37 AM

Posted 22 April 2016 - 12:32 AM

Thank you for the log.  I have reviewed it and see a few items that I would like to further invistigate but the proper tools are not allowed on this forum.  Please start a new topic at this forum ( Virus, Trojan, Spyware, and Malware Removal Logs ) and please read the header post -  Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . The first logs that are needed will be the FRST logs. For reference, you can mention this thread in this forum ( http://www.bleepingcomputer.com/forums/t/610602/someonesomething-has-control-of-my-computer/ ) . I will look for your post and you can request myself but anyone on that board will be able to help solve the issues.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users