Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected our hacked?


  • Please log in to reply
12 replies to this topic

#1 rkaska

rkaska

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 26 November 2017 - 12:21 PM

My computer auto types. It types the same thing everytime. I can type just fine but if i make a mistake and have to delete that is when it auto types. You cant stop it, just have to let it go. When it's done it stops and you can delete it and make your correction. It will do it anytime you type and delete. You don't need to be connected to the internet for it to happen. I did a clean install of Windows10 2 times. It well even do it during install in text bars you have to type in. I have several anti virus, malware, spyware programs. Nothing is found. Searching the net just tells me I'm hacked.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 26 November 2017 - 04:57 PM

Hi, lets see if its a virus or ?

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP conf[iguration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • And finally I'd like us to scan your machine with ESET OnlineScan:
  • Please download and run ESET Online Scanner
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
  • c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
  • Enable detection of potentially unsafe applications
    Enable detection of suspicious applications
    Scan archives
    Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
  • yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • 8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 02 December 2017 - 04:00 PM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ryan (administrator) on 02-12-2017 at 14:06:20
Running from "C:\Users\Ryan\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 media.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
There are 7 entries.
 
========================= IP Configuration: ================================
 
Intel® Ethernet Connection (2) I219-V = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global taskoffload=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/02/2017 01:56:54 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (12/02/2017 01:48:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xcccccccc
Faulting process id: 0xb90
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5
 
Error: (12/02/2017 01:48:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x000148c3
Faulting process id: 0xb90
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5
 
Error: (11/26/2017 06:12:55 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (11/26/2017 03:08:49 PM) (Source: MSDTC Client 2) (User: )
Description: 0x8007085A
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (12/02/2017 02:01:52 PM) (Source: DCOM) (User: DESKTOP-IGT7JT8)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-IGT7JT8RyanS-1-5-21-145023885-2654851693-3795067920-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/02/2017 01:54:51 PM) (Source: Service Control Manager) (User: )
Description: The Update Orchestrator Service service terminated with the following error: 
%%2147549471 = This operation returned because the timeout period expired.
 
 
Error: (12/02/2017 01:48:15 PM) (Source: DCOM) (User: DESKTOP-IGT7JT8)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-IGT7JT8RyanS-1-5-21-145023885-2654851693-3795067920-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/26/2017 06:13:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2017 01:56:54 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (12/02/2017 01:48:22 PM) (Source: Application Error)(User: )
Description: DipAwayMode.exe0.0.0.000000000unknown0.0.0.000000000c0000005ccccccccb9001d36ba65aa84b7aC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeunknownfaa65fd4-2253-4b5d-be46-a4e2ec2e6e43
 
Error: (12/02/2017 01:48:19 PM) (Source: Application Error)(User: )
Description: DipAwayMode.exe0.0.0.000000000DipAwayMode.exe0.0.0.000000000c0000409000148c3b9001d36ba65aa84b7aC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe6136ec09-9c88-4100-b07d-31bc82450956
 
Error: (11/26/2017 06:12:55 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (11/26/2017 03:08:49 PM) (Source: MSDTC Client 2)(User: )
Description: 0x8007085A
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: wsp_srselect * from WSP_ReplicationGroupModificationEventWSP_ReplicationGroupModificationEvent//./root/Microsoft/Windows/Storage/Providers_v2
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: wsp_srselect * from WSP_ReplicationGroupDepartureEventWSP_ReplicationGroupDepartureEvent//./root/Microsoft/Windows/Storage/Providers_v2
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: wsp_srselect * from WSP_ReplicationGroupArrivalEventWSP_ReplicationGroupArrivalEvent//./root/Microsoft/Windows/Storage/Providers_v2
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: select * from WSP_ReplicationGroupModificationEventWSP_ReplicationGroupModificationEvent//./root/Microsoft/Windows/Storage/Providers_v2
 
Error: (11/26/2017 03:08:47 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: select * from WSP_ReplicationGroupDepartureEventWSP_ReplicationGroupDepartureEvent//./root/Microsoft/Windows/Storage/Providers_v2
 
 
=========================== Installed Programs ============================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 16322.74 MB
Available physical RAM: 12681.86 MB
Total Virtual: 19266.74 MB
Available Virtual: 15035.86 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:237.92 GB) (Free:183.33 GB) NTFS
2 Drive d: (Games) (Fixed) (Total:214.62 GB) (Free:12.87 GB) NTFS
4 Drive f: (Fable III) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
 
User accounts for \\DESKTOP-IGT7JT8
 
Administrator            DefaultAccount           Guest                    
Ryan                     WDAGUtilityAccount       
 
 
**** End of log ****
 
 
# AdwCleaner 7.0.5.0 - Logfile created on Sat Dec 02 20:12:38 2017
# Updated on 2017/29/11 by Malwarebytes 
# Database: 11-29-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Optional.PCProtect, SecurityService
 
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\TotalAV
PUP.Optional.Legacy, C:\Users\Ryan\AppData\Roaming\TotalAV
PUP.Optional.Legacy, C:\Users\Ryan\Documents\TotalAV
 
 
***** [ Files ] *****
 
PUP.Optional.Legacy, C:\Users\Ryan\Downloads\ReimageRepair.exe
PUP.Optional.Legacy, C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
PUP.Optional.Legacy, C:\Users\Ryan\Desktop\TotalAV.lnk
PUP.Optional.Reimage, C:\Windows\Reimage.ini
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-145023885-2654851693-3795067920-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKLM\SOFTWARE\Reimage
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-145023885-2654851693-3795067920-1001\Software\Reimage
PUP.Optional.Reimage, [Key] - HKCU\Software\Reimage
PUP.Optional.MyWebShield, [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
PUP.Optional.DriverAgent, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apps.driversupport.com
PUP.Optional.DriverAgent, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driversupport.com
PUP.Optional.DriverAgent, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | DriverSupport.exe
PUP.Optional.DriverAgent, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING | DriverSupport.exe
PUP.Optional.DriverAgent, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe
PUP.Optional.PCProtect, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.PCProtect, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.MyWebShield, Plugin found: Total AV Web Shield - 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
 
C:\Program Files\Reason\Security\rsEngine.dll a variant of MSIL/ByteFence.A potentially unwanted application
C:\Program Files\Reason\Security\rsUI.exe a variant of MSIL/ByteFence.A potentially unwanted application
C:\Program Files (x86)\ASUS\ROG Game First III\drivers\Driver\amd64\NFC_Driver.sys a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files (x86)\ASUS\ROG Game First III\drivers\Driver\i386\NFC_Driver.sys a variant of Win32/NetFilter.A potentially unsafe application
C:\Users\Ryan\Downloads\reason-core-security-setup_iot.exe a variant of MSIL/ByteFence.A potentially unwanted application
C:\Windows\Installer\3ea1c.msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Windows\System32\drivers\NFC_Driver.sys a variant of Win64/NetFilter.A potentially unsafe application
Autostart locations a variant of MSIL/ByteFence.A potentially unwanted application
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 04 December 2017 - 12:21 PM

Remove what ADW found and see how it is.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 10 December 2017 - 09:40 AM

# AdwCleaner 7.0.5.0 - Logfile created on Sun Dec 10 14:35:35 2017
# Updated on 2017/29/11 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: SecurityService
 
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\TotalAV
Deleted: C:\Users\Ryan\AppData\Roaming\TotalAV
Deleted: C:\Users\Ryan\Documents\TotalAV
 
 
***** [ Files ] *****
 
Deleted: C:\Users\Ryan\Downloads\ReimageRepair.exe
Deleted: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
Deleted: C:\Users\Ryan\Desktop\TotalAV.lnk
Deleted: C:\Windows\Reimage.ini
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalAV
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted: [Key] - HKU\S-1-5-21-145023885-2654851693-3795067920-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\S-1-5-21-145023885-2654851693-3795067920-1001\Software\Reimage
Deleted: [Key] - HKCU\Software\Reimage
Deleted: [Key] - HKCU\Software\Classes\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apps.driversupport.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driversupport.com
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|DriverSupport.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING|DriverSupport.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted: Total AV Web Shield - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3753 B] - [2017/12/2 20:12:38]
C:/AdwCleaner/AdwCleaner[S1].txt - [3821 B] - [2017/12/10 14:22:47]
C:/AdwCleaner/AdwCleaner[S2].txt - [3890 B] - [2017/12/10 14:35:18]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#6 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 10 December 2017 - 10:33 AM

Still no change.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 10 December 2017 - 08:01 PM

Try Tapping the Insert (INS) key once
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 17 December 2017 - 10:48 PM

No change. Just to let you know its not random things it types, its my email address and password. I have changed my password. it types the exact same thing every time.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 19 December 2017 - 12:00 PM

Check to see if autofill is enabled in chrome.

How to Disable and Clear AutoFill Info in your Browser
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 24 December 2017 - 02:00 PM

its not that kind of auto typing. Not autofill. it types one letter or number one at a time as if it were being done at a keyboard. it has an error in the address. it will delete one letter at a time back to the error, fix the error then continue to finish the address then password. its not a consistent speed when  it types. its almost like it stops to think or to grab a shift key. its like it copied me exactly and repeats it when ever i hit the backspace button while typing.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 24 December 2017 - 05:15 PM

Try running this to fix a possible corrupt file. If no joy then perhaps a you'll need a Winn 10 topic n needed.

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 rkaska

rkaska
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 31 December 2017 - 09:34 PM

No errors found



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:06 AM

Posted 01 January 2018 - 08:58 PM

If no joy then perhaps a you'll need a Winn 10 topic
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users