msbhvn-1

Hello Kevin! The laptop is still not right but much better than before. I was cleaning up a couple of things off of here and decided to use the program you asked me to use earlier in this endeavor. Something caught my eye and it's first thing in the morning and I've yet to have my coffee so I could be totally off base here. There are several programs that seem rather large to be on here. The top three are Samsung and include Samsung Dex at a size of 17.1GB. Then next is Samsung again with it's USB Driver for Mobile Phones coming in at 16.9GB and Samsung Portable SSD Software 1.0 at 16.9GB as well. I use the programs alot so I don't want to just delete them without checking with you first. Here are the copies of what Geek Uninstaller found.

If you are referring to the keylogger, no I did not. The Movavi Video Suite was a direct download from the company's website if I recall correctly, it's the one I use to edit videos. Nmap I believe was installed by FING which is now not working on my device at all. I'm not sure exactly what the keylogger and the SpyAgent thing are or where they came from.

There is still something majorly wrong with the computer. It is now taking 5 minutes to boot, I can't get anything to open using the file manager. eset.txt

well now this is crazy ... I was having some trouble getting the file to zip yesterday ... there show to be 2 of them on my computer using file manager. Whenever I try to do anything with file manager it takes it forever and most of the time it just crashes out. When I went to boot up today, it literally took 10 minutes. If I click on the choose files at the bottom of this it will allow me to go in and choose and hopefully this one uploaded fine ... MANNY (2).zip

Fresh eyes did the trick... here is what you requested... thanks again MANNY.zip

Sorry for the delay, weekends tend to be busier for me than the regular weekday ... I attempted to run the program you specified but I'm having trouble with it. It opens a window and then poof it is gone and I can't seem to get it. I'm going to try again now with a fresh set of eyes on it and see what we get.

Good morning m8! Well at least it's morning my time over here. I did as you said with the Zemana and it found quite a few things, here is that log is attached. I know that you were saying something about a cloudfront issue, so I decided to throw in a couple more screenshots that might help ya out with what I'm getting from GlassWire. Some days there are over 1000 hosts, can't be right can it? That is dated today Sept 1. Thanks for reopening the thread, I look forward to hearing from ya again zemanaresults.txt

Sorry it's been a couple of days, got busy as a one legged man at an ass kicking contest. Things have slowed down to a good pace .... I hope so anyway seeing as how it's a little after 4am my time. =) Couple of other things that I have noticed or what have you. The whole computer seems to be just slow as crap still ... not as bad as it once was though. I deleted a ton of my browsing history and stuff like that but I'm seriously thinking about doing a totally clean install of windows and going that route. I can't afford to lose any of my personal papers on this machine though. That being said, do you have a personal recommendation for safely and cheaply backing up my stuff ... I have tons of online storage between all the different clouds but do I want to do that or should I just move most of my personal stuff onto my samsung T5 and T7? Also, the amount of people that seem to be connecting to this machine is just absurd if you ask me. I know I included the screenshot from GlassWire before, is that a program that you are familiar with or that you use yourself? I originally downloaded Glasswire just for the pure visual aspect of it, just would leave the screen running showing the traffic and watching it until I realized that there is a ton of useful stuff on there. In the enclosed screen shot I marked a few of the numbers to see what you think. Also, I noticed that my hosts file changed on its own today too ... I've always had the feeling that the stuff on here has been rerouted to somewhere. If you notice on that image, the sheer number of hosts in such a short period of time, can all those be legit and why on earth would there be so many?? And there is the warning that I received from Glasswire about my hosts file. Any insight you have is greatly appreciated. I'll be on the computer for a couple hours now and will check in and let you know how it's all going. Thank you so much for the help so far!

That seemed to go off fairly well, I know that my Chrome is seeming to run a bit better. Here's the file that you asked for Fixlog.txt

It's a personal system, Lenovo Thinkpad T480 32g of RAM pretty basic and plain jane running 4 monitors... it's just a workhorse of a laptop that morphed into my heavy hitter now days. I did have spybot installed at one point in time and it got sooooo damned annoying I had to get rid of it. I wouldn't be upset in the least if everything pertaining to it were to be pushed off a cliff somewhere. I think I have decided to go with a seperate firewall appliance or an old HP G3 to do my networking here at the house. I'm looking at pFsense and openWRT right now if you have any suggestions or insight into any of this it would be greatly appreciated. I should mention I have a Peplink Balance Core One that runs the show right now but it's not fast enough for me running Gig Fiber. It's throughput maxes out at about 600.

Here they are. I don't know if you noticed in the beginning, which operating system I'm working on? Also, I'm not sure if you are familiar with GlassWire or not... I use it mainly for the visual aspect of what my machines are doing, and it has a feature that tells you everything that was going on while you where away from your computer if it is left running. I'm not sure but 800+ hosts from all kinds of different places seems like a HUGE number to me but I can't see how it could be happening. Thanks again :) FRST.txt Addition.txt

Here is what was saved fFixlog.txtrom last night... not sure that it has much info in it though ...

Kevin, Did the removal of the Npcap as instructed. Then went to run the fixlist. It started out just fine and I walked away from the computer for a minute only to return with the GSOD (Green Screen of Death?). I'm attaching a copy of the screenshot, please forgive it's poor quality. I rebooted the computer but at this point I haven't attempted to fun the fixlist again or anything like that, waiting to see what you think on this one....

Hiya Kevin Thanks so much for picking this up for me. Npcap is indeed still installed and in the Program Files folder. The new copies of FRST are attached ... thanks again! FRST.txt Addition.txt

I'm running Windows 11 Pro Version 21H2 (OS Build 22000.160) which is straight from Microsoft, no 3rd party involved. I was recently on a trip and hooked up to a hotel WiFi without my VPN and I'm not sure if that is where it started acting funny or exactly when it occurred. It's taking forever to bootup, all my system restore points have disappeared, file manager takes FOREVER to load anything. and I can't help but feel that someone is in my network here at home. On the 15th of this month I did have an issue with Alexa and the home network that this laptop is connected to. It seems someone was able to access my Amazon account via Alexa and then erase the history from whenever they were in my account back 7 days. Amazon is supposed to be looking into this for me and trying to figure out if they can narrow it down to who it was. With the history erased, they are giving me a lot of problems about going in and looking on the cloud to see but I'm being persistent. Anyway, that's where things stand right now, I'm going to be reseting the entire network today, including factory resets on routers access points and moving several things to VLANS. Thanks for taking the time to help me out. Addition.txt FRST.txt MalThreatScan.txt

Hello there .... I am helping my friend with his laptop as he knows even less than I do! He is getting out of a living situation where a household member has a very disturbed mind and is now causing trouble for him in his everyday job and with his church. He believes that the now ex roommate has key loggers, possible location tracking and a whole slew of other things installed on his machine. I'm not sure how you want to do this but I will not let his machine online here at my place for fear that the crazy bastard will come after us here at our new location. I'm sending this off my desktop but the attached files are from his computer. We are also needing to have proof of any keyloggers or other types of malware so that this may be turned in to law enforcement for slander and defamation. You guys have rocked for me before, hope we can do it again. I just ran FRBR and they are attached below. Thanks again! FRST.txt Addition.txt

Took me a bit to get back ... seems the roommate has been on my computer while I was away hence the new Zoom stuff ... I have no use for it or OneDrive either. Thanks again for taking a look! ThreatScan9.24.txt AdwCleaner9.24.txt FRST.txt Addition.txt

I ran the fixlist twice because I had to leave in the middle of the first run and didn't know if everything was completed. I only have the fixlog from running it the second time because I guess it overwrote the first one. Tell me how bad I messed it up and what to do to fix it this time lol Thanks again for all your help! Fixlog.txt

Sorry it took me forever, went out of town briefly and didn't have access to this machine ... here ya go. I think someone has had remote access to it and not by conventional means, see what you think. And Dropbox, it needs to be punted into outer space, I have dropped them after 5 years of continuing service after I found a link inside Dropbox to a website in Mexico that was totally bogus, they couldn't explain how or why it got there nor could the reassure me that it wouldn't happen again. Thanks again! FRST.txt Addition.txt reinstalledscan.txt AdwCleaner[C01].txt

Nothing found there at all Thank you for your help on this computer. Now I have another one that I can't figure it out at all, I've been thinking about just trashing it cause it's old and everything but if I could use it just to run Blue Iris or something like that it might be worth it. Would you mind taking a gander at the reports on it? It's constantly coming back with PUPs and seems to crash an awful lot ... if not let me know if I should start a new thread. Thanks again Ron!

Sorry boss!! Here it is Adw9-12.txt

Forgot one! mbst-clean-results.txt

Good morning Ron, Thanks for getting back with me! I have attached the 3 logs as instructed. I look forward to your reply MB3-Scan.txt FRST.txt Addition.txt

Total newbie here and honestly overwhelmed with this new computer and home network... Brand new Lenovo T480 came with 10 home, wanted to upgrade to 10 pro which I had already purchased on a different machine that is no more Get in touch with Microsoft and they finally agree to do it for me without charging me the upgrade fee again. After a second the guy comes back and says that they are not able to upgrade the current 10 home on the laptop that they will have to do another install to get 10 pro ... I said fine because this was going on 5 hours with them online ...after they were done and I rebooted everything was gone, all the Lenovo stuff, apps everything (I should rejoice I know) but I wanted exactly the way I purchased it. So I overlooked it... but here comes all the problems. I can't simple things done on here and I'm afraid to put it in my network because it looks to me as if there is some kind of clone or spyware or something just doesn't feel right.... I am new to posting on here but please don't treat me like a 5 year old nor some idiot paranoid like my neighbor Twitch... Thanks for your help! FRST.txt Addition.txt