Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked I think.


  • Please log in to reply
36 replies to this topic

#1 jrtitus2017

jrtitus2017

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 06 November 2017 - 06:30 PM

When I go to MSN with IE11 and Windows 8.1, 64 bit, I get this page and this in header bar,  http://www.msn.com/?ocid=iehp&pc=EUPP,

 

Seems that it redirects or something, mouse moves on it's own, slow loading, can't get to any secure sites it seems, I can't find any info of if a Virus or Trojan or Malware, it won't let me make back up repair disk, can someone help. What do you need. Also seems to load rogue apps and Google Chrome isn't right either, seems virus scanners are rogue too, like a hacker in computer, but I have no clue. Also my Android cell phone seems hacked too.   



BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:02 PM

Posted 06 November 2017 - 10:14 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.1.2.1733-10139.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 06:03 AM

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
VirusScan
AVG Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Google Chrome (62.0.3202.75)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG Antivirus AVGUI.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#4 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 06:09 AM

Farbar Service Scanner Version: 27-01-2016
Ran by James (administrator) on 07-11-2017 at 06:07:17
Running from "C:\Users\James\Desktop"
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#5 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 06:15 AM

MiniToolBox by Farbar Version: 17-06-2016
Ran by James (administrator) on 07-11-2017 at 06:13:56
Running from "C:\Users\James\AppData\Local\Microsoft\Windows\INetCache\IE\PBS6GUBJ"
Microsoft Windows 8.1 (X64)
Model: XPS 8700 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Dell Wireless 1704 802.11b/g/n (2.4GHz) = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_5 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : XPS8700
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 9C-AD-97-D9-B2-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 9E-AD-97-D9-B2-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 98-90-96-98-B3-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b164:76cf:2f08:5dc%4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 6, 2017 8:13:17 AM
Lease Expires . . . . . . . . . . : Tuesday, November 14, 2017 5:48:07 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 160993430
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B3-D5-D7-98-90-96-98-B3-3F
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Dell Wireless 1704 802.11b/g/n (2.4GHz)
Physical Address. . . . . . . . . : 9C-AD-97-D9-B2-E5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server:
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Address: 216.58.217.174


Pinging google.com [172.217.8.14] with 32 bytes of data:
Reply from 172.217.8.14: bytes=32 time=370ms TTL=56
Reply from 172.217.8.14: bytes=32 time=36ms TTL=56

Ping statistics for 172.217.8.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 370ms, Average = 203ms
Server:
Address: 192.168.1.1

Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
98.138.253.109
206.190.36.45
98.139.180.149


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=164ms TTL=54
Reply from 206.190.36.45: bytes=32 time=103ms TTL=54

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 164ms, Average = 133ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...9c ad 97 d9 b2 e6 ......Bluetooth Device (Personal Area Network)
5...9e ad 97 d9 b2 e5 ......Microsoft Wi-Fi Direct Virtual Adapter
4...98 90 96 98 b3 3f ......Realtek PCIe GBE Family Controller
3...9c ad 97 d9 b2 e5 ......Dell Wireless 1704 802.11b/g/n (2.4GHz)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
4 276 fe80::/64 On-link
4 276 fe80::b164:76cf:2f08:5dc/128
On-link
1 306 ff00::/8 On-link
4 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/07/2017 06:03:50 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKU\S-1-5-18\Software\Microsoft\Installer\Products\B97CF7F995034624490593BE63E82352\SourceList'

Error: (11/07/2017 05:54:38 AM) (Source: Python Service) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)

Error: (11/07/2017 05:50:26 AM) (Source: iumsvc) (User: )
Description: Exception : [Errno 9] Bad file descriptor

Error: (11/07/2017 05:49:43 AM) (Source: iumsvc) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=7b41ec6f-3645-4647-80df-511c569953c0&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.error'>: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond)",),))

Error: (11/07/2017 05:49:17 AM) (Source: iumsvc) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=7b41ec6f-3645-4647-80df-511c569953c0&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.error'>: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond)",),))

Error: (11/07/2017 05:48:55 AM) (Source: iumsvc) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=7b41ec6f-3645-4647-80df-511c569953c0&DomainId=50964a88-ab5f-4c91-b70e-66a2eadb5423 (Caused by <class 'socket.error'>: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond)",),))

Error: (11/07/2017 05:48:34 AM) (Source: iumsvc) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=7b41ec6f-3645-4647-80df-511c569953c0&DomainId=4E00205A-2AB1-4423-8F77-CC25B82CDE1D (Caused by <class 'socket.error'>: [Errno 10061] No connection could be made because the target machine actively refused it)",),))

Error: (11/07/2017 05:48:25 AM) (Source: iumsvc) (User: )
Description: Exception : ('Device Profile Push Failure', ConnectionError(MaxRetryError("HTTPSConnectionPool(host='servicegateway.intel.com', port=443): Max retries exceeded with url: /DeviceProfile/Service.svc/Rest/DeviceProfileManager?deviceId=7b41ec6f-3645-4647-80df-511c569953c0&DomainId=E57B59E7-5862-4250-9CE0-76FB411DC0D2 (Caused by <class 'socket.error'>: [Errno 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond)",),))

Error: (11/07/2017 05:48:04 AM) (Source: iumsvc) (User: )
Description: Exception : WTSQueryUserToken() argument 1 must be integer<k>, not None

Error: (11/06/2017 08:12:51 PM) (Source: Python Service) (User: )
Description: Exception : HTTPConnectionPool(host='127.0.0.1', port=35600): Read timed out. (read timeout=60)


System errors:
=============
Error: (11/07/2017 05:56:28 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (11/07/2017 05:50:01 AM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/06/2017 08:09:15 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (11/06/2017 08:07:58 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error:
%%3758213661

Error: (11/06/2017 07:57:39 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (11/06/2017 07:52:00 PM) (Source: Virtual Disk Service) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

Error: (11/06/2017 07:52:00 PM) (Source: Virtual Disk Service) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

Error: (11/06/2017 07:52:00 PM) (Source: Virtual Disk Service) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

Error: (11/06/2017 07:52:00 PM) (Source: Virtual Disk Service) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014

Error: (11/06/2017 07:45:45 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with the following service-specific error:
%%3758213661


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2017-11-01 14:01:07.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:07.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.929
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.867
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.617
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-11-01 14:01:06.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
Canon MF Toolbox 4.9.1.1.mf07 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.0.0 - Canon)
Canon MF4360-4390 (HKLM\...\{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell)
Dell SupportAssistAgent (HKLM\...\{18EF001B-B005-46CB-917B-112BA69ED85E}) (Version: 2.0.3.10 - Dell)
Dell System Detect (HKCU\...\d24084d039586cae) (Version: 8.8.0.1 - Dell)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.227 - Dell Inc.)
FMW 1 (HKLM\...\{3F8A655C-2D4D-4BAC-8384-0E937CC137C8}) (Version: 1.225.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.75 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
IHA_MessageCenter (HKLM-x32\...\{470A9DC8-69A9-4CE3-905E-6C62D0BC3DD0}) (Version: 2.0.87 - Verizon)
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Macromedia Shockwave Player (HKLM-x32\...\Macromedia Shockwave Player) (Version: - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.280 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Digital Image Standard 2006 Update (HKLM-x32\...\PictureItPrem_v12) (Version: 11.0.2018 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Money 2006 (HKLM-x32\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM-x32\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM-x32\...\Works2006Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Verizon Internet Security Suite Multi-Device (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
VzDownloadManager (HKCU\...\VzDownloadManager) (Version: 4.6.0.0 - Verizon)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9800 - Broadcom Corporation)
Works Upgrade (HKLM-x32\...\{DE1AF137-C455-494A-A817-EFE44BCCFDEE}) (Version: 8.0.0.0000 - Microsoft Corporation) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 12239.2 MB
Available physical RAM: 9150.98 MB
Total Virtual: 14884.79 MB
Available Virtual: 10930.49 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:919.18 GB) (Free:861.19 GB) NTFS

========================= Users: ========================================

User accounts for \\XPS8700

Administrator ASPNET Guest
James

========================= Restore Points ==================================

22-10-2017 12:50:52 Windows Update
01-11-2017 20:32:13 Scheduled Checkpoint

**** End of log ****

#6 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 06:39 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/7/17
Scan Time: 6:25 AM
Log File: 581ae241-c3ae-11e7-89df-9cad97d9b2e6.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3196
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: XPS8700\James

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334378
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

#7 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 07:02 AM

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/07/2017 06:59:51 AM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/07/2017 07:01:43 AM
Execution time: 0 hours(s), 1 minute(s), and 51 seconds(s)

#8 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 07 November 2017 - 07:12 AM

It won't let me run this, even tried run as Admin. ???????????
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.


Think hacked and hacker blocking my permissions.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:02 PM

Posted 07 November 2017 - 08:30 PM

That's OK.

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 08 November 2017 - 07:52 AM

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: James
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 17410676 bytes
->Google Chrome cache emptied: 36966689 bytes
->Flash cache emptied: 2198 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16246301 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 7161080 bytes
Process complete!

Total Files Cleaned = 74.00 mb

#11 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 08 November 2017 - 08:00 AM

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 08 12:57:12 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.aol.com


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1015 B] - [2017/11/8 12:56:46]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#12 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 08 November 2017 - 08:06 AM

I still think who ever has control of computer is blocking the scans and downloads. Making them not do what they are suppose to do, giving us false results. Running the other scan now. Trying to anyways, the Sophos one

Edited by jrtitus2017, 08 November 2017 - 09:57 AM.


#13 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 08 November 2017 - 10:37 AM

Sophos showed no virus but won't let me open details, don't think ran right or corrupt. So need to try something else. Guess, If hacker has control of my computer, can they control the downloads and results. Anyway to check router and only allow me to run it.


Edited by jrtitus2017, 08 November 2017 - 12:17 PM.


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:02 PM

Posted 08 November 2017 - 09:07 PM

When Sophos finds nothing it won't display anything.

 

Unless you show me what the issues really are...

 

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 jrtitus2017

jrtitus2017
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 09 November 2017 - 08:45 AM

Ok the problem is and still is, have Atwola on here, if you open the link that I posted at beginning, right click the page, click view source or inspect element or properties, all looks wrong,also all pages have wrong certificates, none of the pages I use show secure, it is like all pages are spoofed, or redirects, had same problem before, on old computer. Think router hacked, also my emails look wrong, Facebook looks wrong. If you right click on the MSN or Facebook or Gmail or AOL or Google pages that I open, then click view source or inspect element or properties it comes up with computer code stuff, none of it looks right and starts out all same, so think hacker is redirecting me to fake pages and fake links, so it is doing no good to check it, think all fake results. Think they have control of my computer and are even reading these post, maybe even spoofing this forum. Think they are altering the post and links you sent to me. But not sure, I'm not a computer guy. Not sure if we can fix it.


# DelFix v1.010 - Logfile created 09/11/2017 at 08:07:30
# Updated 26/04/2015 by Xplode
# Username : James - XPS8700
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #12 [Scheduled Checkpoint | 11/01/2017 20:32:13]
Deleted : RP #13 [Installed Sophos Virus Removal Tool. | 11/08/2017 13:24:07]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

-----------------------------------------------------------------------------------------------------------------
https://browsercheck.qualys.com/ Results.


Output folder: C:\Windows\system32
Skipped: msvcp100.dll
Skipped: msvcr100.dll
Output folder: C:\Windows\system32\Adobe
Output folder: C:\Windows\system32\Adobe\Director
Extract: M5drvr32.exe
Extract: M5if32.dll
Extract: SWDNLD.EXE
Extract: SwDir_1229199.dll
Extract: np32dsw_1229199.dll
Output folder: C:\Windows\system32\Adobe
Output folder: C:\Windows\system32\Adobe\Shockwave 12
Extract: Control.dll
Extract: DynaPlayer.dll
Extract: LaunchGoogleChrome.exe
Extract: Plugin.dll
Extract: Proj.dll
Extract: SwHelper_1229199.exe
Extract: SwInit.exe
Extract: SwLogo.bmp
Extract: SwMenu.dll
Extract: SymCCIS.dll
Extract: adobeshockwavebundle.exe
Extract: dirapi.dll
Extract: gcapi_dll.dll
Extract: gi.dll
Extract: gtapi.dll
Extract: iml32.dll
Extract: shockwave_Projector_Loader.dcr
Extract: swMSM.msi
Output folder: C:\Windows\system32\Adobe\Shockwave 12\Xtras
Extract: CBrowser.x32
Extract: INetURL.x32
Extract: Multiusr.x32
Extract: Netfile.x32
Extract: Netlingo.x32
Extract: Speech.x32
Extract: autodownload.txt
Output folder: C:\Windows\system32\Adobe
Created uninstaller: C:\Windows\system32\Adobe\Shockwave 12\uninstaller.exe
Execute: msiexec /i "C:\Windows\SysWOW64\Adobe\Shockwave 12\swMSM.msi" /qn
Rename: C:\Windows\system32\Adobe\Shockwave 12\swMSM.msi->C:\Users\James\AppData\Local\Temp\swMSM.msi
Delete file: C:\Users\James\AppData\Local\Temp\swMSM.msi
Registering: C:\Windows\system32\Adobe\Director\SwDir_1229199.dll
Execute: C:\Windows\system32\Adobe\Shockwave 12\SwHelper_1229199.exe /regserver
Execute: C:\Windows\system32\Adobe\Director\SwDnld.exe /regserver
Successfully Completed

---------------------------------------------------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/9/17
Scan Time: 8:30 AM
Log File: 2afd5770-c552-11e7-b7a1-9cad97d9b2e6.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3213
License: Free

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: XPS8700\James

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333500
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

--------------------------------------------------------------------------------------------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users