Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surface Pro 4 & Intel PC on a stick behaving oddly - I think I'm being hacked


  • Please log in to reply
1 reply to this topic

#1 Nickp71

Nickp71

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 17 July 2017 - 03:02 PM

Hi There,

Could someone please help me with my issue whereby, I have today reinstalled windows 10 home on my Intel PC on a stick model STK1AW32SC as I was having issues with the device crashing and s I had noticed some very strange behaviour going on with the OS with things like:

SYSTEMINFO displaying it was running in Hybrid mode
Hyper V not being available as the device believes it already is a VM
Directories appearing out of nowhere
Timestamp of altered files were done when the device was supposedly powered down
and amongst other strange behaviour like the mouse moving by itself, services that were disabled becoming enabled again etc the main cause for me to investigate this was my belief that I was being hacked on not just this device but a few of my home devices including SMART TV's and my Surface PRO4 - I've gone through 3 routers locked down to the hilt, I ran a UTM for a litttle while which was kernel hacked, I'm constantly seeing MAC addresses being spoofed whereby sometimes a device will have active traffic even though it's powered down! I can usually tell that it's something rogue as it won't have a host name and I will have trouble reconnecting the 'real' device until I reboot the router. I have replaced every single piece of hardware over the past 12 months except for the smart TVs (one has Android) on it however I still continue to have issues. I don't think this is just a random hack - I think it could be a targeted attack by professional hackers as I have not had any money go missing nor has there been any issues with my identity being at risk.

What brings me to Bleeping today is that I'm at the end of my tether after doing a completely fresh install (albeit from the recovery partition) and ran through the usual things, disable services not needed, installed ESET and ran a system restore job and then thought I would look at the hardware devices and once again right in front of my eyes devices were being added like Hyper V etc... I ran tweaking.com Hardware Identify immediately and there is a component that does not have a driver installed (it does not come up in the normal device manager) and the only thing I could do was search for the hardware ID 'HTREE\ROOT\0' Which didn't really return anything unusual. I've attached a screen shot- for a PC on a stick it has way too many devices installed than normal. My SurFACE pRO 4 is also showing similar behaviour....... would someone have hacked my devices? I'm desperate for answers as this has been going on now for more than 18 months.


Edited by hamluis, 17 July 2017 - 03:12 PM.
Moved from W10 Spt to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 Nickp71

Nickp71
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:38 AM

Posted 17 July 2017 - 03:28 PM

Hi There,

Could someone please help me with my issue whereby, I have today reinstalled windows 10 home on my Intel PC on a stick model STK1AW32SC as I was having issues with the device crashing and s I had noticed some very strange behaviour going on with the OS with things like:

SYSTEMINFO displaying it was running in Hybrid mode
Hyper V not being available as the device believes it already is a VM
Directories appearing out of nowhere
Timestamp of altered files were done when the device was supposedly powered down
and amongst other strange behaviour like the mouse moving by itself, services that were disabled becoming enabled again etc the main cause for me to investigate this was my belief that I was being hacked on not just this device but a few of my home devices including SMART TV's and my Surface PRO4 - I've gone through 3 routers locked down to the hilt, I ran a UTM for a litttle while which was kernel hacked, I'm constantly seeing MAC addresses being spoofed whereby sometimes a device will have active traffic even though it's powered down! I can usually tell that it's something rogue as it won't have a host name and I will have trouble reconnecting the 'real' device until I reboot the router. I have replaced every single piece of hardware over the past 12 months except for the smart TVs (one has Android) on it however I still continue to have issues. I don't think this is just a random hack - I think it could be a targeted attack by professional hackers as I have not had any money go missing nor has there been any issues with my identity being at risk.

What brings me to Bleeping today is that I'm at the end of my tether after doing a completely fresh install (albeit from the recovery partition) and ran through the usual things, disable services not needed, installed ESET and ran a system restore job and then thought I would look at the hardware devices and once again right in front of my eyes devices were being added like Hyper V etc... I ran tweaking.com Hardware Identify immediately and there is a component that does not have a driver installed (it does not come up in the normal device manager) and the only thing I could do was search for the hardware ID 'HTREE\ROOT\0' Which didn't really return anything unusual. I've attached a screen shot- for a PC on a stick it has way too many devices installed than normal. My SurFACE pRO 4 is also showing similar behaviour....... would someone have hacked my devices? I'm desperate for answers as this has been going on now for more than 18 months.

 

Device Information Listing for SmartTV@PCONASTICK01 - 17/07/2017 11:08:19 PM

PCI standard host CPU bridge
 Chip: Intel 
 Detail
  PnpID
   VEN_8086&DEV_2280&SUBSYS_20668086&REV_36
  Vendor
   (Standard system devices)
  Device
   PCI standard host CPU bridge
  Chip Vendor
   Intel
  Chip
   
Intel® Trusted Execution Engine Interface
 Chip: Intel  Trusted Execution Engine Interface
 Detail
  PnpID
   VEN_8086&DEV_2298&SUBSYS_20668086&REV_36
  Vendor
   Intel
  Device
   Intel® Trusted Execution Engine Interface
  Chip Vendor
   Intel
  Chip
   Trusted Execution Engine Interface
PCI standard ISA bridge
 Chip: Intel 
 Detail
  PnpID
   VEN_8086&DEV_229C&SUBSYS_20668086&REV_36
  Vendor
   (Standard system devices)
  Device
   PCI standard ISA bridge
  Chip Vendor
   Intel
  Chip
   
Intel® HD Graphics
 Chip: Intel  HD Graphics
 Detail
  PnpID
   VEN_8086&DEV_22B0&SUBSYS_20668086&REV_36
  Vendor
   Intel Corporation
  Device
   Intel® HD Graphics
  Chip Vendor
   Intel
  Chip
   HD Graphics
USB xHCI Compliant Host Controller
 Chip: Intel  USB 3.0 xHCI Controller
 Detail
  PnpID
   VEN_8086&DEV_22B5&SUBSYS_20668086&REV_36
  Vendor
   Generic USB xHCI Host Controller
  Device
   USB xHCI Compliant Host Controller
  Chip Vendor
   Intel
  Chip
   USB 3.0 xHCI Controller
Genesys Logic Genesys Logic USB V2.0 4-Port Hub
 Vendor: Genesys Logic
 PnpID: VID_05E3&PID_0608
 Device: Genesys Logic USB V2.0 4-Port Hub
Genesys Logic 4-port hub
 Vendor: Genesys Logic
 PnpID: VID_05E3&PID_0610
 Device: 4-port hub
Genesys Logic microSD Reader/Writer
 Vendor: Genesys Logic
 PnpID: VID_05E3&PID_0727
 Device: microSD Reader/Writer
Imation USB Device
 Vendor: Imation
 PnpID: VID_0718&PID_4002
 Device: USB Device
Toshiba Memory Stick 2GB
 Vendor: Toshiba
 PnpID: VID_0930&PID_1400
 Device: Memory Stick 2GB
ASIX Electronics ASIX AX88772B USB2.0 to Fast Ethernet Adapter
 Vendor: ASIX Electronics
 PnpID: VID_0B95&PID_772B
 Device: ASIX AX88772B USB2.0 to Fast Ethernet Adapter
USB Mass Storage Device
 Vendor: Microsoft
 PnpID: USB\Class_08&SubClass_06&Prot_50
USB Root Hub (USB 3.0)
 Vendor: Microsoft
 PnpID: USB\ROOT_HUB30
Generic USB Hub
 Vendor: Microsoft
 PnpID: USB\USB20_HUB
USB Composite Device
 Vendor: Microsoft
 PnpID: USB\COMPOSITE
Virtual USB Root Hub
 Vendor: Intel
 PnpID: VUSB\VROOT_HUB
CD-ROM Drive
 Vendor: Microsoft
 PnpID: GenCdRom
ACPI x86-based PC
 Vendor: Microsoft
 PnpID: acpiapic
Intel® Serial IO DMA Controller
 Vendor: Microsoft
 PnpID: ACPI\INTL9C60
Disk drive
 Vendor: Microsoft
 PnpID: GenDisk
HID Keyboard Device
 Vendor: Microsoft
 PnpID: HID_DEVICE_SYSTEM_KEYBOARD
Intel SST Audio Device (WDM)
 Vendor: Intel
 PnpID: acpi\808622a8
Microsoft Streaming Clock Proxy
 Vendor: Microsoft
 PnpID: sw\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}
Microsoft Streaming Quality Manager Proxy
 Vendor: Microsoft
 PnpID: sw\{ddf4358e-bb2c-11d0-a42f-00a0c9223196}
Microsoft Streaming Service Proxy
 Vendor: Microsoft
 PnpID: sw\{96e080c7-143c-11d1-b40f-00a0c9223196}
Microsoft Streaming Tee/Sink-to-Sink Converter
 Vendor: Microsoft
 PnpID: sw\{cfd669f1-9bc2-11d0-8299-0000f822fe8a}
Microsoft Trusted Audio Drivers
 Vendor: Microsoft
 PnpID: sw\{eec12db6-ad9c-4168-8658-b03daef417fe}
Generic PnP Monitor
 Vendor: Microsoft
 PnpID: *PNP09FF
HID-compliant mouse
 Vendor: Microsoft
 PnpID: HID_DEVICE_SYSTEM_MOUSE
Microsoft Kernel Debug Network Adapter
 Vendor: Microsoft
 PnpID: root\kdnic
ASIX AX88772B USB2.0 to Fast Ethernet Adapter
 Vendor: ASIX
 PnpID: USB\VID_0B95&PID_772B&REV_0001
WAN Miniport (SSTP)
 Vendor: Microsoft
 PnpID: ms_sstpminiport
WAN Miniport (IKEv2)
 Vendor: Microsoft
 PnpID: ms_agilevpnminiport
WAN Miniport (L2TP)
 Vendor: Microsoft
 PnpID: ms_l2tpminiport
WAN Miniport (PPTP)
 Vendor: Microsoft
 PnpID: ms_pptpminiport
WAN Miniport (PPPOE)
 Vendor: Microsoft
 PnpID: ms_pppoeminiport
WAN Miniport (IP)
 Vendor: Microsoft
 PnpID: ms_ndiswanip
WAN Miniport (IPv6)
 Vendor: Microsoft
 PnpID: ms_ndiswanipv6
WAN Miniport (Network Monitor)
 Vendor: Microsoft
 PnpID: ms_ndiswanbh
Microsoft Teredo Tunneling Adapter
 Vendor: Microsoft
 PnpID: *TEREDO
SD Storage Class Controller
 Vendor: Microsoft
 PnpID: SD\CLASS_MMC
Microsoft Storage Spaces Controller
 Vendor: Microsoft
 PnpID: Root\Spaceport
Composite Bus Enumerator
 Vendor: Microsoft
 PnpID: ROOT\CompositeBus
UMBus Root Bus Enumerator
 Vendor: Microsoft
 PnpID: root\umbus
NDIS Virtual Network Adapter Enumerator
 Vendor: Microsoft
 PnpID: ROOT\NdisVirtualBus
Plug and Play Software Device Enumerator
 Vendor: Microsoft
 PnpID: ROOT\SWENUM
Remote Desktop Device Redirector Bus
 Vendor: Microsoft
 PnpID: ROOT\RDPBUS
Microsoft ACPI-Compliant System
 Vendor: Microsoft
 PnpID: *PNP0C08
Microsoft UEFI-Compliant System
 Vendor: Microsoft
 PnpID: ACPI_HAL\UEFI
PCI Express Root Complex
 Vendor: Microsoft
 PnpID: *PNP0A08
System CMOS/real time clock
 Vendor: Microsoft
 PnpID: *PNP0B00
High precision event timer
 Vendor: Microsoft
 PnpID: *PNP0103
ACPI Power Button
 Vendor: Microsoft
 PnpID: *PNP0C0C
Intel Serial IO GPIO Controller
 Vendor: Intel Corporation
 PnpID: ACPI\INT33FF
Intel® Sideband Fabric Device
 Vendor: Intel Corporation
 PnpID: ACPI\VEN_INT&DEV_33BD&REV_0002
ACPI Processor Aggregator
 Vendor: Microsoft
 PnpID: *ACPI000C
Microsoft Virtual Drive Enumerator
 Vendor: Microsoft
 PnpID: ROOT\vdrvroot
Intel® Power Engine Plug-in
 Vendor: Microsoft
 PnpID: ACPI\INT33A4
Intel® Serial IO SPI Controller
 Vendor: Intel Corporation
 PnpID: ACPI\VEN_8086&DEV_228E
Motherboard resources
 Vendor: Microsoft
 PnpID: *PNP0C02
Legacy device
 Vendor: Microsoft
 PnpID: *INT0800
Programmable interrupt controller
 Vendor: Microsoft
 PnpID: *PNP0000
System timer
 Vendor: Microsoft
 PnpID: *PNP0100
Intel® Serial IO I2C ES Controller
 Vendor: Intel Corporation
 PnpID: ACPI\808622C1
Volume Manager
 Vendor: Microsoft
 PnpID: ROOT\VOLMGR
Microsoft Basic Display Driver
 Vendor: Microsoft
 PnpID: ROOT\BasicDisplay
ACPI Thermal Zone
 Vendor: Microsoft
 PnpID: ACPI\ThermalZone
Intel® Power Management IC Device
 Vendor: Intel Corporation
 PnpID: ACPI\VEN_INT&DEV_33F4&REV_0003
Microsoft Basic Render Driver
 Vendor: Microsoft
 PnpID: ROOT\BasicRender
Microsoft System Management BIOS Driver
 Vendor: Microsoft
 PnpID: ROOT\mssmbios
Intel Processor
 Vendor: Microsoft
 PnpID: ACPI\GenuineIntel_-_x86
Generic volume shadow copy
 Vendor: Microsoft
 PnpID: STORAGE\VolumeSnapshot
Generic software device
 Vendor: Microsoft
 PnpID: SWD\GenericRaw
Volume
 Vendor: Microsoft
 PnpID: STORAGE\Volume
HID Button over Interrupt Driver
 Vendor: Microsoft
 PnpID: ACPI\ACPI0011
USB Input Device
 Vendor: Microsoft
 PnpID: USB\Class_03&SubClass_01
HID-compliant consumer control device
 Vendor: Microsoft
 PnpID: HID_DEVICE_UP:000C_U:0001
HID-compliant system controller
 Vendor: Microsoft
 PnpID: HID_DEVICE_UP:0001_U:0080
HID-compliant vendor-defined device
 Vendor: Microsoft
 PnpID: HID_DEVICE_UPR:FF00-FFFF
HID-compliant device
 Vendor: Microsoft
 PnpID: HID_DEVICE
Portable Device Control device
 Vendor: Microsoft
 PnpID: HID_DEVICE_UP:0001_U:000D
Converted Portable Device Control device
 Vendor: Microsoft
 PnpID: ButtonConverter\ConvertedDevice
Intel SD Host Controller
 Vendor: Microsoft
 PnpID: ACPI\VEN_8086&DEV_0F14&REV_0001
Audio Endpoint
 Vendor: Microsoft
 PnpID: MMDEVAPI\AudioEndpoints
WPD FileSystem Volume Driver
 Vendor: Microsoft
 PnpID: wpdbusenum\fs
E:\
 Vendor: Microsoft
 PnpID: wpdbusenum\fs
Device Firmware
 Vendor: Microsoft
 PnpID: UEFI\CC_00010002
System Firmware
 Vendor: Microsoft
 PnpID: UEFI\CC_00010001

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users