Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help.. I am being targeted. I'm at the end of my rope.

  • Please log in to reply
5 replies to this topic

#1 HubCallsMeTinHat


  • Members
  • 3 posts
  • Local time:12:42 AM

Posted 07 May 2017 - 03:45 AM

 have been having major issues with viruses, hijacking, hacking. I'm on my 3rd PC in 45 days. No matter how much I secure my gateway, hard resets, change passwords, all the remote in sessions with HP and MS, AV removals.. I can't get rid of what is plaguing me. HP spent almost 4hrs remoted to my PC I have had for 4 days, and only used on Microsoft and my ISP's website and was already removing viruses, securing my Gateway and my connection settings. Everything was fine last night, then today McAfee had a critical windows update to install. and since that I have had over 2000 blocked intruders to my network, My sharing keeps getting turned on, I have almost 200 services going on right now in task mgr. I ran adware cleaner and this is the report I got back.

I also ran a few of the Rkills, and they reported nothing. I thought it was funny that I have 2 Userinit running. My AV is cleaning up 1800 files everytime I exit edge or explorer browsers. I am getting spam mails out the wazoo on my Comcast email address, and I am getting spam calls with threats.  My iPhone seems to be compromised as well, I charged it on my 2nd New PC that was a Spectre360 that had all the same issue. HP told me to return it. Then now I have this 360 Envy. Apple doesn't want to admit that its been compromised.


What can I do. I checked my gateway with Comcast and I see that I am connected under one IP, but when I go to my Xfi page it shows that I am not connected to my network. On this PC is as different IP than what my gateway says I am, and it says I am Privately connected, but I shouldn't have all these intrusion attempts.

I had another router that was 2 numbers off my router model number set up on this PC that HP says they removed. There was a computer called Full_Ford in my network settings. I couldn't rightclick on the wrong router to remove it.




# AdwCleaner v6.046 - Logfile created 07/05/2017 at 03:45:49


# Updated on 24/04/2017 by Malwarebytes


# Database : 2017-05-05.1 [Server]


# Operating System : Windows 10 Home  (X64)


# Username : Aubs - TINHAT-BUTNOTCR


# Running from : C:\Users\does1\Downloads\adwcleaner_6.046.exe


# Mode: Clean






***** [ Services ] *****





***** [ Folders ] *****





***** [ Files ] *****





***** [ DLL ] *****





***** [ WMI ] *****





***** [ Shortcuts ] *****





***** [ Scheduled Tasks ] *****





***** [ Registry ] *****





***** [ Web browsers ] *****








:: "Tracing" keys deleted


:: Winsock settings cleared






C:\AdwCleaner\AdwCleaner[C0].txt - [758 Bytes] - [07/05/2017 03:45:49]


C:\AdwCleaner\AdwCleaner[S0].txt - [1149 Bytes] - [07/05/2017 03:45:32]

Edited by HubCallsMeTinHat, 07 May 2017 - 03:48 AM.

BC AdBot (Login to Remove)


#2 pantera2049


  • Members
  • 45 posts
  • Gender:Male
  • Local time:06:42 AM

Posted 07 May 2017 - 04:20 AM


 Can you tell us more about your system?

 Try to run tsskiller from https://support.kaspersky.com/viruses/utility#

 Try to download and install autoruns from https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

  after installing autoruns you can take some steps

  OPTIONS > check hide windows entries

  Options > uncheck hide virustotal

  Optins > scan options > check verify scode sig and check virustotal

  Click rescan and wait please.

  File > save. This will save a log - wait some time !

  Put result file here - please.


#3 HubCallsMeTinHat

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:42 AM

Posted 07 May 2017 - 04:25 AM

Thank you Ill try that now.. 


HP Envy360 m6 Convertible 16G 1TB

Windows 10 Version 1703

Build 15063.25

Intel Core i7 7500U 

64bit operating system x64 -based operating system



Wifi Internet with Comcast

#4 HubCallsMeTinHat

  • Topic Starter

  • Members
  • 3 posts
  • Local time:12:42 AM

Posted 07 May 2017 - 05:46 AM

I clicked file save on the autoruns but its not a text file, I tried to save as text but looks hard to read..



the tsskiller 


Service: HP Comm Recover

Suspicious object Medium Risk

Service Start Auto (0x2)

File : C:\ ProgramFiles\HPCommRecovery\HPCommRecovery.exe

MD5: 649D9C188F3A2A029F48AE73EE9BC02B

SHA256 : 8622C53F17F89CE9F1290C13BF0E9D27D5EECED60C1570923507998A196045C




cliff notes from the autoruns


Microsoft Windows Media Player   File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe  

_Wow64   File not found: C:\WINDOWS\SysWOW64\Wow64.dll  

_Wow64cpu   File not found: C:\WINDOWS\SysWOW64\Wow64cpu.dll  

_Wow64win   File not found: C:\WINDOWS\SysWOW64\Wow64win.dll  

_wowarmhw   File not found: C:\WINDOWS\System32\wowarmhw.dll  

_wowarmhw   File not found: C:\WINDOWS\SysWOW64\wowarmhw.dll  



HP JumpStart Launch.lnk   c:\windows\installer\{b90cb0de-2e60-41c4-9857-466eb98192bf}\hplogo_blue.ico 3/3/2017 4:52 AM    0/56


HP Comm Recover Check and recover devices (Not verified) HP Inc. c:\program files\hpcommrecovery\hpcommrecovery.exe 8/3/2016 9:42 PM 0/61


\HPGenoobeReminder integOOBE (Not verified) HP Inc. c:\program files (x86)\hp\hp registration service\hp genoobe\hpgenoobe.exe 7/11/2016 11:49 PM     0/57


\HPJumpStartProvider  (Verified) HP Inc. c:\program files (x86)\hp\hp jumpstart bridge\hpjumpstartprovider.exe 8/5/2016 5:33 PM     1/61



Also I have these 6 Temp files that McAfee Can't remove


$$_microsoft.net_framework_v2.0.50727_temporary_asp.net_files_9293298c41821e1f.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework_v4.0.30319_temporary_asp.net_files_6acbd1bf3b088f2c.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework64_v2.0.50727_temporary_asp.net_files_60f33deddb5b75c9.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework64_v4.0.30319_temporary_asp.net_files_41c58db6293512a6.cdf-ms C:\Windows\WinSxS\FileMaps






When I ran a DISM Online Cleanup Image Restore Health Friday Night I had a

error code 0x800f081f couldn't find the source

.Net Framework 3.5 fails to install with error code 0x800F081F 


#5 pantera2049


  • Members
  • 45 posts
  • Gender:Male
  • Local time:06:42 AM

Posted 07 May 2017 - 06:17 AM


 Try to attach autorns result file. The file is not a txt .

#6 GoofProg


  • Banned
  • 224 posts
  • Gender:Male
  • Local time:09:42 PM

Posted 21 May 2017 - 07:49 PM

limited connection means it is usually parked for uhhh I forgot... it was some type of service thing.  Keep a copy of your network drivers on hand.  (maybe download a copy of macchanger OR try to hide behind a router) delete your drivers and reboot... let windows refresh them or it may prompt for new drivers.  (yeah I do not think it is always a one man problem)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users