Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help.. I am being targeted. I'm at the end of my rope.


  • Please log in to reply
5 replies to this topic

#1 HubCallsMeTinHat

HubCallsMeTinHat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 07 May 2017 - 03:45 AM

 have been having major issues with viruses, hijacking, hacking. I'm on my 3rd PC in 45 days. No matter how much I secure my gateway, hard resets, change passwords, all the remote in sessions with HP and MS, AV removals.. I can't get rid of what is plaguing me. HP spent almost 4hrs remoted to my PC I have had for 4 days, and only used on Microsoft and my ISP's website and was already removing viruses, securing my Gateway and my connection settings. Everything was fine last night, then today McAfee had a critical windows update to install. and since that I have had over 2000 blocked intruders to my network, My sharing keeps getting turned on, I have almost 200 services going on right now in task mgr. I ran adware cleaner and this is the report I got back.

I also ran a few of the Rkills, and they reported nothing. I thought it was funny that I have 2 Userinit running. My AV is cleaning up 1800 files everytime I exit edge or explorer browsers. I am getting spam mails out the wazoo on my Comcast email address, and I am getting spam calls with threats.  My iPhone seems to be compromised as well, I charged it on my 2nd New PC that was a Spectre360 that had all the same issue. HP told me to return it. Then now I have this 360 Envy. Apple doesn't want to admit that its been compromised.

 

What can I do. I checked my gateway with Comcast and I see that I am connected under one IP, but when I go to my Xfi page it shows that I am not connected to my network. On this PC is as different IP than what my gateway says I am, and it says I am Privately connected, but I shouldn't have all these intrusion attempts.

I had another router that was 2 numbers off my router model number set up on this PC that HP says they removed. There was a computer called Full_Ford in my network settings. I couldn't rightclick on the wrong router to remove it.

 

Help!!

 

# AdwCleaner v6.046 - Logfile created 07/05/2017 at 03:45:49

 

# Updated on 24/04/2017 by Malwarebytes

 

# Database : 2017-05-05.1 [Server]

 

# Operating System : Windows 10 Home  (X64)

 

# Username : Aubs - TINHAT-BUTNOTCR

 

# Running from : C:\Users\does1\Downloads\adwcleaner_6.046.exe

 

# Mode: Clean

 

 

 

 

 

***** [ Services ] *****

 

 

 

 

***** [ Folders ] *****

 

 

 

 

***** [ Files ] *****

 

 

 

 

***** [ DLL ] *****

 

 

 

 

***** [ WMI ] *****

 

 

 

 

***** [ Shortcuts ] *****

 

 

 

 

***** [ Scheduled Tasks ] *****

 

 

 

 

***** [ Registry ] *****

 

 

 

 

***** [ Web browsers ] *****

 

 

 

 

*************************

 

 

:: "Tracing" keys deleted

 

:: Winsock settings cleared

 

 

*************************

 

 

C:\AdwCleaner\AdwCleaner[C0].txt - [758 Bytes] - [07/05/2017 03:45:49]

 

C:\AdwCleaner\AdwCleaner[S0].txt - [1149 Bytes] - [07/05/2017 03:45:32]


Edited by HubCallsMeTinHat, 07 May 2017 - 03:48 AM.


BC AdBot (Login to Remove)

 


#2 pantera2049

pantera2049

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 07 May 2017 - 04:20 AM

Hi!

 Can you tell us more about your system?

 Try to run tsskiller from https://support.kaspersky.com/viruses/utility#

 Try to download and install autoruns from https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx

  after installing autoruns you can take some steps

  OPTIONS > check hide windows entries

  Options > uncheck hide virustotal

  Optins > scan options > check verify scode sig and check virustotal

  Click rescan and wait please.

  File > save. This will save a log - wait some time !

  Put result file here - please.

 



#3 HubCallsMeTinHat

HubCallsMeTinHat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 07 May 2017 - 04:25 AM

Thank you Ill try that now.. 

 

HP Envy360 m6 Convertible 16G 1TB

Windows 10 Version 1703

Build 15063.25

Intel Core i7 7500U 

64bit operating system x64 -based operating system

Touchscreen 

 

Wifi Internet with Comcast



#4 HubCallsMeTinHat

HubCallsMeTinHat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 07 May 2017 - 05:46 AM

I clicked file save on the autoruns but its not a text file, I tried to save as text but looks hard to read..

 

 

the tsskiller 

 

Service: HP Comm Recover

Suspicious object Medium Risk

Service Start Auto (0x2)

File : C:\ ProgramFiles\HPCommRecovery\HPCommRecovery.exe

MD5: 649D9C188F3A2A029F48AE73EE9BC02B

SHA256 : 8622C53F17F89CE9F1290C13BF0E9D27D5EECED60C1570923507998A196045C

 

 

 

cliff notes from the autoruns

 

Microsoft Windows Media Player   File not found: C:\WINDOWS\inf\unregmp2.exe /ShowWMP.exe  

_Wow64   File not found: C:\WINDOWS\SysWOW64\Wow64.dll  

_Wow64cpu   File not found: C:\WINDOWS\SysWOW64\Wow64cpu.dll  

_Wow64win   File not found: C:\WINDOWS\SysWOW64\Wow64win.dll  

_wowarmhw   File not found: C:\WINDOWS\System32\wowarmhw.dll  

_wowarmhw   File not found: C:\WINDOWS\SysWOW64\wowarmhw.dll  

 

 

HP JumpStart Launch.lnk   c:\windows\installer\{b90cb0de-2e60-41c4-9857-466eb98192bf}\hplogo_blue.ico 3/3/2017 4:52 AM    0/56

 

HP Comm Recover Check and recover devices (Not verified) HP Inc. c:\program files\hpcommrecovery\hpcommrecovery.exe 8/3/2016 9:42 PM 0/61

 

\HPGenoobeReminder integOOBE (Not verified) HP Inc. c:\program files (x86)\hp\hp registration service\hp genoobe\hpgenoobe.exe 7/11/2016 11:49 PM     0/57

 

\HPJumpStartProvider  (Verified) HP Inc. c:\program files (x86)\hp\hp jumpstart bridge\hpjumpstartprovider.exe 8/5/2016 5:33 PM     1/61

 

 

Also I have these 6 Temp files that McAfee Can't remove

 

$$_microsoft.net_framework_v2.0.50727_temporary_asp.net_files_9293298c41821e1f.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework_v4.0.30319_temporary_asp.net_files_6acbd1bf3b088f2c.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework64_v2.0.50727_temporary_asp.net_files_60f33deddb5b75c9.cdf-ms C:\Windows\WinSxS\FileMaps

$$_microsoft.net_framework64_v4.0.30319_temporary_asp.net_files_41c58db6293512a6.cdf-ms C:\Windows\WinSxS\FileMaps

Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}C:\Windows\WinSxS\amd64_microsoft-windows-s..s-classicsearchdata_31bf3856ad364e35_10.0.15063.0_none_2bf46985bc0de379

Classic_{2D06D17B-2A5F-4835-AF30-6D2D58A4A66C}C:\Windows\ImmersiveControlPanel\Settings

 

 

 

When I ran a DISM Online Cleanup Image Restore Health Friday Night I had a

error code 0x800f081f couldn't find the source

.Net Framework 3.5 fails to install with error code 0x800F081F 

 



#5 pantera2049

pantera2049

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 PM

Posted 07 May 2017 - 06:17 AM

hi!

 Try to attach autorns result file. The file is not a txt .



#6 GoofProg

GoofProg

  • Banned
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 21 May 2017 - 07:49 PM

limited connection means it is usually parked for uhhh I forgot... it was some type of service thing.  Keep a copy of your network drivers on hand.  (maybe download a copy of macchanger OR try to hide behind a router) delete your drivers and reboot... let windows refresh them or it may prompt for new drivers.  (yeah I do not think it is always a one man problem)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users