Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Hacker, Root-Bootkits, Google-Microsoft and computer hyjack.


  • This topic is locked This topic is locked
18 replies to this topic

#1 srotrock1977

srotrock1977

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 01 May 2018 - 09:32 AM

Hi,

 

My name is Shannon and me writing to you today is my final desperation plee.  Honestly, if I was anyone else that has never had these issues would hear someone tell me this story I would think they were crazy and should be wearing tin foil on their head.  But, truley its been a year of hell.

 

Last summer I decided I would upgrade from Windows 8.1 to 10... Pretty innocent I thought.  THE DAY I upgraded things seemed to start changiing. My files would change as well as my settings, at first I was running firewall and virus software just through windows (and was a complete Newbie and innocent to all Evil that egsists on the internet now.)

I would activate my firewall and leave then within 30 sec get a notice I need to turn it on.  I would go back and it would be off.  I then learned so much in the next year trying to figure out what is going on.  At first I thought I had a virus or malware.  I "bought AVG" nothing, so then went to frys and bought bitdefender, and again nothing.  By the time I go to install the security sofware my internet would slow down so much I couldn't do it, and if on a rare occasion it would let me right before it installed it would quit and say some error occured and to try again.   I not knowing much about computers though "oh well I must have a learning virus because everytime I would do something to try and get rid of it, the next time it was like it knew better than to let me do that again.  For example TDSKiller.... my first time using that software it caught it said about 755 issus many rootkits and asked to delete them.  All of a sudden my computer would freeze and/or all of a sudden restart on me out of no where when it never does that.  By the time I go to run it again it finds no errors. 

 

I have paid for a computer tech to "fix" it and their answer was to dban it and charge me 200 dollars... Of course that didn't work.  I have worked with Microsoft and even brought it into their store and they wouldn't listen and only did a fresh instal and said there is "no way any kind of virus or item could follow you after a fresh instal.. 

 

So I started doing research about rootkits, bootkits, malware, etc... and honestly in the past year have downloaded about 1.2 T in apps and info on how to fix. 

Alot of the information I got from you so thank you but nothing fixed it.

 

I started downloading applicaations at the library or would have to factory reset my phone and download and transfer quickly in order for them to get to me in tact and I would execute them on the computer.  If you name the program I have tried it... So far the best one's I have noticed is

 

I finally said **ew it and bought a new system... Still within and hour or so it was on that computer.  While troubleshooting and buying new USBs, new external HDS, 12 new laptops and 3 computers.  Aslo, replaced router several times and then noticed that the weird apps "the apps do not do as they are intended.  Like the calculator or calander app would take over and become device admin and I could not unistall.  Even the tech department for Verizon couldn't help and reflashed my phone and finally sent me a new one.  Literally a year later I have spent about 10K on new computer, cell phones, computer equiptment... I have lost my company in the mean time due to not being able to fix this (I only had a small company with 4 employees but technology is imporant and mine wasnt working...  I almost lost my marriage over this.

 

In the past year I have had a total of 8 credit cards opened in my name and all of my life history was on my computer when it was hacked.  I still dealing with a bill from Verizon everymonth for about 800 due to 'some freaking how still they can order items under my name beacuse they know everything about me to answer any question asked.

 

I know there has been some kind of thing going around that would like google to microsoft and also issues with remote hacking.  But everytime I think I am getting somewhere I have a new rootkit, or crazy thing happen.. What ever it is does not like me even executing exe files or will give me errors after I use them the first time and it found something and the next time I wouldn't be able to open the program.. Even a fresh install it would say some driver was missing or I didn't have administrative privlidges to even get on my C drive.  When I have my computer scanned it see's it like I am running NT with Server software on a domain??? I am the only one on my computer, never been part of a domain and should be the only user. 

 

Literally I could go on and on but I thought I would put this out there see if anyone had a clue of what I am dealing with.  Please help, I can't take it anymore.  Just to get to you today I had to computer kill and wipe my hard drive, use a live linux cd and write this.  Or else my internet connection would have never let me do this.  Within minutes of a fresh install it says my DNS server isn't responding, my phone wont see the wifi connection either... However every other computer or device does.  At one time I tried to get help from Malware Bytes and was able to send them info and they sent me a 42 page instructions on what was wrong with my computer and how to fix it.  By the time I downloaded all the pages all but about 10 pages went blank and the reply to info was blank and I could send those to you if you want.  Maybe you could tell from what you see what they were on to.

I will get notifiacations of my passwords being changed and I will change them again and it knows immediatly what they are.  I found several keyloggers and tried to disable but still doesnt help.

 

I do however have TONS of proof and code from whatever this is.  I installed Verizon Cloud Backup on my to Backup my C drive on my desktop a couples ago.. You wouldn't beleve the jiberish that it caught and hundreds and hundreds of pages of commands and tourtorials on how to hack into my device remotely.

So far Spyhunter, spyshelter have been helping the most but I install in safemode right away and they will be disable within a couple hours.

 

GMER seems to be great however I can never finish a scan my computer will restart before it does. 

 

Thank you so much....

 

 

Below are just a couple examples of my issues... Let me know what you need because I have so much I have collected, even things I am not supposed to have due to cloud services. 

 

BTW my host file is always blocked, one time it said I have over 1100 hosts???

Also every folder has a hidden desktop.ini that is hidden unless I check to see hidden objects.  It seems I have a new rootkit or malware every other day, and I know for sure with my documentation I have remote log entry to my computer and phone.  Looking through the registry it looks like my phone comunicates with a blue tooth emulator???  Everytime I block something it finds another way in.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:39:58 PM, on 4/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16384)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
F:\fwsetup.exe
C:\Users\s\AppData\Local\Temp\is-245I9.tmp\fwsetup.tmp
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Users\s\Downloads\HijackThis.exe
C:\Users\s\Downloads\RansomwareFileDecryptor 1.0.1668 MUI\RansomwareFileDecryptor 1.0.1668 MUI.exe
C:\Users\s\AppData\Local\Temp\TMRDTSelfExtract\TMRDT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Lenovo App Shop] "C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [Yoga Picks] C:\Program Files (x86)\Lenovo\Yoga Picks\Yoga Picks.exe -s
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Acronis Active Protection ™ Service (AcronisActiveProtectionService) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files (x86)\AOMEI Backupper\ABService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @oem13.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem13.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem13.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\windows\system32\DptfPolicyCriticalService.exe (file missing)
O23 - Service: @oem13.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel® Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\windows\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Wireless Bluetooth® 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LsvUIService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Acronis Managed Machine Service Mini (mmsminisrv) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service: Acronis Mobile Backup Server (mobile_backup_server) - Acronis International GmbH - C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
O23 - Service: Acronis Mobile Backup Status Server (mobile_backup_status_server) - Unknown owner - C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyShelterSrv - Datpol - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ymc - Lenovo - C:\ProgramData\LenovoTransition\Server\x64\ymc.exe

--

This was on a fresh install and after I ran Hyjackme 2 times prior...

 

End of file - 13884 bytes

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform:  x64 Windows 10 (Home N), 10.0.16299.15 (ReleaseId: 1709), Service Pack: 0
Time:      01.05.2018 - 00:57 (UTC-07:00)
Language:  OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated:  Yes
Ran by:    shann    (group: Administrator) on DESKTOP-VDSD7H2, FirstRun: yes

Firefox: 59.0.3.6691
Edge:    11.0.16299.15
Internet Explorer: 11.0.16299.15
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Safe mode with network support

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\microsoft shared\Ink\TabTip32.exe
   1  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
   1  C:\Windows\HelpPane.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\browser_broker.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
   7  C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe
   1  D:\HiJackThis.exe

O4 - HKCU\..\Run: [SpyShelter] = C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Windows\HelpPane.exe -Home
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe
O4-32 - HKLM\..\Run: [KeyScrambler] = C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4-32 - HKLM\..\RunOnce: [AvRepair] = C:\Program Files\AVAST Software\Avast\setup\instup.exe /instop:repair /wait (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task (Job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service S2: SpyShelterSrv - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe


--
End of file - Time spent: 27 sec. - 5820 bytes, CRC32: FFFFFFFF. Sign: 恫

 

Not sure what this is but here you go..

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 21165)

mQINBFljx9cBEAC8XDZInSGodEbzKSOz50WIrlgS8I00Nsf5AtrgFLzdh1kFsUbu
uveZtSQOoc4uPGJ2LWGPHIVvEFljfZ35WP4+LR9u7ZOIIaaiAhDOWmdy1qjjp0sZ
g+xVh9CCMu1bYGyEjx7xR6tm1kr/+9yzTGtFLcdKKyteuXDvu3+veLUv3YoXXemL
q/1g1LxweMm7bMPdb06YY7G+6v9BWW9gAht1szggD+xa8WiWtfjHQHFTwowsOoOk
3N/DHqJdNKN9Sra8x8crNY0SQ4pXwlN3lS+6wm9V5lS47cs3JPyLCjtx3bI/hihS
2n8yVtpyWDk9cQEsY9T8CWTmKgfIk/h5XDv25YcigevzLOv/StSIFZCcFm+VHe3/
+rQmdx5yzts89zUx2HbIUk0SBoOLfC9xps0497jbL6FbArbZq+1RiILV5Lsf2o7k
SRaLoDcZQtVv6sVPGwhdGn+KX7ujR4LtoIzvfu6LpzbYOiqPrxebtbmy+1yZigfF
H6J1zGaIqLs/8W8/H2XlDFNAAv8fEnmrMIBQku//t5y0Y4DiwAwX2pDs4Q1qT/iA
wGsD/tBrcFJ7YGqO2a70XC+QlVqsmZG8HOLmdtVx4EqrfAZLOPiXjDAPpLWtTS8r
xcYoe6QFzqQvxPtiMTUGeeCUO0YLu1d5o/R6sezzl/8yItoCk2GklvbuewARAQAB
tEBJbnRlbCBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50IFJlc3BvbnNlIFRlYW0g
PHNlY3VyZUBpbnRlbC5jb20+iQJ4BBABAgBiBQJZY8fXBQkB4TOAMBSAAAAAACAA
B3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQgHAwIB
CgIZAQUbAwAAAAUWAAMCAQUeAQAAAAYVCAkKAwIACgkQEfKg/4GQk9CfLhAAnjIe
yR5hIe6LVaslSJJgAiEDJUcKH75l/Ihe08RQQS7zOZhQ8R2LXzXhrUARoV6umpsQ
d6R6jnJ0TK9VRqsrMRU8a1RwUTmWrfMwr0BuGDuk5eiojd/5x+RLiSxp71AdfnB4
aGXIFpZIlFc4OsBoTE0tiUhrWrjoPDvGMqtS6yPyArqHrplqg8f1Qjao5vzQGRgL
7kuBknFaMSKnPSJ8SXM/0V1d1lwVt+ccXB+xhVxNOo82PUV+9UedO/Z9a2kqKPkq
2jfl3GyOL2sJIJdtFbrO2GVpA64TtJ2FE2nvQAUfG7RfN8eJjbXp2o2AYJG1R1HB
1o9VTUuqZKQSw3yFcOeSf2AiHchuR3hgExgZcv8+iZ15a6hHZ3jS/c5OwYGoi+U+
w8n5pv5dnUCE39FZeGm/rhcDrIm6vCEGjUTtmlOPGLdm1OUxCU3b4KCCiMnZK4sf
BachCYKkWTdgttsFfeRq+yfeS/BA5urVDyzRi2XDhXRB1sHWC96fBDg34nfkeaF9
4z/AX6N5g0sB1pe4dYK1kOCpR7gMqJdBvyKQEaHpmxygZQz7ZIhysQ4GTW3rSNV7
iKN79Whc6f8yyDi8CCrAcccVGXAFjGTyGH+hQ8/tYaOd4nInxP/Ufy9uQsPtGKX0
7XEcuNr3Vvz4AEoZZpo6KIdzoudCaE/iFiFzK2+5Ag0EWWPH2gEQALtYi5bSfSxI
uogDxZc+gVJJERqACb6MU1TTfEvRsUw/DiYTAvfLbU7CFwpT90DfShIp6CwXvwud
p/jz5TZx2kMPVFgbzYxZ0RrVglHQwMcWq7LmYCZsqyXc0GPEoz2SnG3b9v7u8eIH
NesTgaRMwvATvIxYJzthrBkB5zA0WvcP2RvI89EIH3ltmA8B0USsYgNbLNERdQXm
ynx79gSbf7/lbcMuGSkfEXXTGOvDycwzaGSga+OlNxf2BvVDX79OwRcuSqKM8Lrg
JVFMFQQGE4i8DBUZfHPSDIazA1rQwAOWuEX9UHQi/TAHV7C5V7r64ImGufKOLGeq
gG2X3TjBiN0fjrZPECyJbSH9B/G6pbhsGncTS0Kc1rd7ZrXJKaQg0diAO8EnodbB
Va+XORVMSyQZZ2tgWueYpAhSwOsHGWtXO1VtRIOsPPVarvjyoMwvoV3K8omv1VCI
HFprvJMOLUM6wTml0WRtDNhvId1SCNJsFHJQLs87IyVp2o9UHtKov9zUcr9uxl3Z
uIz0mkx+tIsF5AOa/w/aav0MO/Fan8TiOMNfjRxMVvVxtS4kcNq/4ebjihACSLXH
vNhV0rh7A6+w3OOz172sKfsjfSjSy/F2lf1fv++cNNHmuHmUCfhFbgE0C2vgyz2R
D7nUZSVmNI5HSJJZvsIN+77SLVseH3s3ABEBAAGJBEcEGAECAjEFAlljx9sFCQHh
M4AFGwwAAADBXSAEGQEIAAYFAlljx9oACgkQQPUUB+o6Khh61Q/+IZPgWVbLTiSn
rBQnT/PEKxPEZtKOq51WXhkxrnt/jwcf4yhhZFmYThuxVomcX3TmvXogagooWsHL
45bh3c+I4qdIc/IVXcxwDB97K/WOz3Fs/Dpn+o5avFGkfautxTnkiIMMlvFFuCOo
Hl3KfPAbRTeZgqQ4UCkgI+b2ef5/XN6UO075Y0oxMAHB1lPiddyFSyTUzK5196sc
eCZjb/yxTSvUAZWE/5TAeIpVTFbKvyzejINXWtW3Pdm/JQrhICaFPfJBgaY4SrwQ
tvBKnN188O5pSVUMu9V1MyVdMbaJEKmNGa3gQvaf7dD92NQu6fkrM41loWl/7VNy
XGnalqrAUEYpyoogs8lMPQtLCRyiyp2QIqBV+IyV4DAc2nukWicQa1IfZDj2mmRF
4WowcW9jC/c1VXw5ILloXJP8YH0OdDkR67pbxMyD5wvufkHTwrMYLtap0+6GzzTE
U7PTlakbqVj4zzYWmNnWh2PxYwS0c9ug6BToiDQuI8CfM2AO6Cd2UuHVXMzab/Is
5QbZgzeWwuecLSHcdiVN9UQhBxvLiUstT5gt/keflZgBRYGWQ6Q4rirBVqA6Zh/T
hIGInhEZgkm5W1rCccZY1MoQxzKUuBcklQNj6MR5yfCDCbclbFzlRCuIOgWlaNQ5
ljsOv4tuXvso5qwXbx/uCBxqDkfGg0gACgkQEfKg/4GQk9AIlQ/8CWaoCivFb4ik
3J5dD1Ej8ThCmtQauuLGndFc+WjLnwIgBHpi4Nedexlk+Q3n8HNXvxxft+oBUXQf
sXH5/ZgmF1Q6UPAd+KY/9DDGI8Dh8+h1Ltikxbq7VRlAoJhEQoNKdsSFs7Q6wHci
RMKNlYhLlmdBxYKNbqTNLOzOeR3obEMew7Jv0syIoSTDl3rcb9NoAPdTu7F3QWoT
AMyoto3qrcur7cv99AkAMP89+8uYvih2nlQtFI2HSupGJWSY1xHPAWPfqKayECQn
MxRO1sJhwILwrCQJsKiCNItSTHRIk/JpZNuddzPgPWz2Cnqc7cT6wegKwRSN1tmZ
sNnKQ7ajSbCkJwustI4eU1e0gg3KiKtb+/5es69bcuMrDypTrWKhY3aSlEpo2xvS
ibl/pxLQdgN+ffNchrbIEdxWE3zQD9ogLIo5e5XJnSYcrqzprkHnoX0dnMPC6Tbz
XxV1g2XVXK0vrm6fcE3GRanwV+A9sdSkcN7PJl+ypr/Jr1rBtDbeIDjpCZFswj1V
N1SBmhW02sDkKOLmoX4K6YeDWy3vyiV3SPs0vu6Ix9KmC2Kc93Iu2QeLwB+RzliB
L93JO9lG5UZGhdFL3L2yaLNUGpJXPOI2mSi5dlxeh5CuiHC/oGRjgYhgA34Ap/r7
VXYCuXHqkwiIGtepVY313uMJDWPtjEs=
=iPd2
-----END PGP PUBLIC KEY BLOCK-----

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:17:29 AM, on 5/1/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)


Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\shann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpyShelter] C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter4 Service (SpyHunter 4 Service) - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe
O23 - Service: SpyShelterSrv - Datpol - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 7182 bytes
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:17:29 AM, on 5/1/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)


Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\shann\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe" /start
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [SpyShelter] C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - QIHU 360 SOFTWARE CO. LIMITED - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter4 Service (SpyHunter 4 Service) - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe
O23 - Service: SpyShelterSrv - Datpol - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 7182 bytes
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform:  x64 Windows 10 (Home N), 10.0.16299.15 (ReleaseId: 1709), Service Pack: 0
Time:      01.05.2018 - 00:51 (UTC-07:00)
Language:  OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated:  Yes
Ran by:    shann    (group: Administrator) on DESKTOP-VDSD7H2, FirstRun: yes

Edge:    11.0.16299.15
Internet Explorer: 11.0.16299.15
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Safe mode with network support

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\microsoft shared\Ink\TabTip32.exe
   1  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
   1  C:\Program Files\Windows Defender\MsMpEng.exe
   1  C:\Users\shann\AppData\Local\Temp\7zSBEB2.tmp\setup-stub.exe
   1  C:\Users\shann\AppData\Local\Temp\_av_iup.tm~a04280\Instup.exe
   1  C:\Users\shann\AppData\Local\Temp\_av_iup.tm~a04280\New_1203091d\instup.exe
   1  C:\Users\shann\AppData\Local\Temp\_av_iup.tm~a04280\New_1203091d\sbr.exe
   1  C:\Windows\HelpPane.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\Temp\asw.27fadbfb2f0e97b1\avast_free_antivirus_setup_online.exe
   1  C:\Windows\explorer.exe
   1  D:\EmsisoftEmergencyKit.exe
   1  D:\Firefox Installer.exe
   1  D:\HiJackThis.exe
   1  D:\aswmbr.exe
   1  D:\avast_free_antivirus_setup_online_cnet_2 (1).exe

O4 - HKCU\..\Run: [SpyShelter] = C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Windows\HelpPane.exe -Home
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\.DEFAULT\..\RunOnce: [Application Restart #0] = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
O4-32 - HKLM\..\Run: [KeyScrambler] = C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
O4-32 - HKLM\..\RunOnce: [AvRepair] = C:\Program Files\AVAST Software\Avast\setup\instup.exe /instop:repair /wait (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive1 - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive2 - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive3 - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive4 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive5 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive6 - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive1 - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive2 - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive3 - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive4 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive5 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers:  OneDrive6 - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O22 - Task (Job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O22 - Task: RTKCPL - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O22 - Task: \Microsoft\Windows\RetailDemo\CleanupOfflineContent - {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} - C:\Windows\System32\RDXTaskFactory.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
O23 - Service R2: Windows Defender Antivirus Service - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service S2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service S2: Realtek11nSU - C:\Program Files (x86)\IOGEAR\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service S2: SpyShelterSrv - C:\Program Files (x86)\SpyShelter Firewall\SpyShelterSrv.exe
O23 - Service S3: QFX Software Update Service - (QFXUpdateService) - C:\Program Files (x86)\KeyScrambler\x64\QFXUpdateService.exe
O23 - Service S3: Windows Defender Antivirus Network Inspection Service - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe


--
End of file - Time spent: 38 sec. - 13790 bytes, CRC32: FFFFFFFF. Sign: 뛦

 

Thanks!


Edited by hamluis, 01 May 2018 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 04 May 2018 - 03:01 PM

I also forgot to mention that I have tried DBan my hard drive Many many times as well as hard resetting routers, new usbs and every trick under the moon.
I really need help on this I'm about ready to tear my hair out it has been driving me crazy for long.
It feels like everything I try to it combat it with it just get stronger and along with it. I know it sounds crazy....

I have attached the pdf from malwarebytes that is missing most of its data. Maybe you can make heads or tails of what they came up with. Honestly by the time I was able to get back to them in sign into a computer it was too late so I'm really hoping you know what to do with this period I think what they saw as just one of the many root kits I've had installed due to this.
Thx

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 PM

Posted 06 May 2018 - 09:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/676715 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 20 May 2018 - 11:47 AM

Hi srotrock1977 and
Welcome to the Bleeping Computer! :)

My name is Slurppa and I will be handling your log(s) to help you get cleaned up.


Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.
 

We are not really using HiJackThis(HJT) anymore as it is horribly outdated.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
Please copy and paste the logs back here.

Member of the Bleeping Computer A.I.I. early response team!


#5 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 24 May 2018 - 11:24 AM

Hi

 

Are you still with me?


Member of the Bleeping Computer A.I.I. early response team!


#6 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 28 May 2018 - 12:59 AM

Yes I'm sorry, I've been locked out again.. I will get this going for you.

The :)

#7 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 29 May 2018 - 02:50 AM

Hi

 

When may I expect your reply?


Member of the Bleeping Computer A.I.I. early response team!


#8 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 30 May 2018 - 08:38 AM

I'm going to try by the end of today. Every time I get back into my system something happens to it and I have to reset it constantly. I lose access to even the simplest devices like my firewall or my Windows Defender. I what I have to do is actually download the software that you want put it on USB running on my computer and then provide you the information. Within seconds of install I am not able to see any of my wireless devices or Wi-Fi access points. But everyone else's shows up? I'm working on it to figure out little tricks to fix this.
Remember a year ago I didn't even know how to look into computer management or run anything as an administrator, I'm going through this I felt alone all year I've been tearing apart machines and laptops and have gone through about 30 of them.

As of yesterday I've gotten rid of every one of them but one single one. I should have the info to you by the end of the day thank you for your help.

#9 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 30 May 2018 - 08:58 AM

By the way do you know what sandboxing is? Remember my computers have an only been affected it also affects my Android phones. I've considered trying and actually converting to Apple but something in me keeps telling me not to do go to the dark side. This is my last shot in the dark but I literally just bought a brand new phone 2 days ago and it's a Galaxy 9 plus and it seems as if the OS has already changed. A lot of the Hidden files are the same in my computer as they are in my phone and now they're saying sandboxing? Anyways just thought I'd throw that out there. I'm going to look into also if there's a place I can go and download a factory image for my phone so I can just install a fresh image instead of having to factory reset it over and over and it never actually resetting. It's so frustrating!

PS please don't forget I have folders & folders worth of malicious script from this remote hacker over the last year if you're ever interested. Obviously I haven't kept all of it but you'd be surprised at how much they're actually is. On one of my factory reset fresh install operating systems from Windows I can go into the hidden files and pull a document that's 3000 pages long! On exactly how to remotely infiltrating my machine.

#10 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 30 May 2018 - 12:54 PM

I'm following all the way till the end were impulse to post a new topic? I'm going attach these to you and let me know what else I can give to you.

#11 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 30 May 2018 - 12:57 PM

Sorry I don't follow.

 

I don't see any attachments.


Member of the Bleeping Computer A.I.I. early response team!


#12 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 30 May 2018 - 01:49 PM

Is there a place that I can attach these to that's better then another?

#13 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 30 May 2018 - 02:24 PM

Hi

 

You can just copy paste the contents of the log files to this topic :)


Member of the Bleeping Computer A.I.I. early response team!


#14 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 AM

Posted 02 June 2018 - 11:54 AM

Hi

 

Its been three days. Are you still with me?


Member of the Bleeping Computer A.I.I. early response team!


#15 srotrock1977

srotrock1977
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Portland, Oregon
  • Local time:06:34 PM

Posted 11 June 2018 - 03:54 AM

I'm really sorry there's no excuses just been complete h*** with whatever's going on. Since I've talked to you last I've gone through 2 new cellphones and 2 laptops and I'm just had it. By the time I do a complete restore and dban on the laptop its back and I have no idea how. I will follow your directions to T if you give me the chance. I will at least log on with my phone.

I will have u results this morning.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users