Jump to content

GANI482

Honorary Members
  • Posts

    37
  • Joined

  • Last visited

Everything posted by GANI482

  1. I have included a log of the remaining cache files after I clear everything from all time through the browser. I am able to clear all MY profile 2 stuff, yet a profile 4 has weird entries like service worker and stuff seen in above screenshots. The profile 4 stuff is not me. log.txt
  2. I realize now I posted this to the wrong forum topic, as it does not have to do with malwarebytes product on windows, just windows. If a mod or admin could move to a more appropriate forum category please.
  3. I have noticed when I clear 'all time' cache and cookies for my Edge browser, that CCleaner shows a 'Profile 4', and yet the one I use is called Profile 2. I have tried to include screenshots to better explain what I am seeing. My browser shows I have 324mb of cache and 59 cookies right, yet ccleaner shows much larger cache and double the of cookies. Many of these files remain after I clear all from all time in Edge. I have seen this Edge cache in ccleaner go as high as 2gb. Also this same thing was happening back when I used regular Chrome browser, and was happening before a fresh install of windows. Please view attached screenshots - .
  4. Ok you can close this thread. I trust those logs are fine and most likely fixed now.
  5. Yes there have been many Windows updates and is now fully up to date with only 2 optional drivers available for download. And yes their repairman didnt know anything. He tried to say it was the neighbors, and I had to explain to him how I have already determined its not. I showed him when I unplug the modem/router my network and the hidden network both disappear. I told him someone I know online fixed their hidden network issue by access their modem/routers page and there was settings for it. He had no idea what I was talking about. He replaced my plume wifi pod, but claimed it could not be caused by the modem, so he didnt want to replace the cable modem. When changing the plume wifi pod didnt fix it, he shrugged and suggested I "google it". I think I will contact them again on Monday and request a new modem just so I can see if that makes a difference.
  6. Also an update on the Hidden Network. My ISP even sent out a repairman over it. They say they NEVER have seen this in any of their customers. They said it is NOT from their router and is not a setting they have. I even contacted the Plume wifi manufacturer and they said they have never heard of this and it is not normal. The ISP says it is an infection on my PC and there is nothing they can do about it because it is not caused by them.
  7. No absolutely not. I have not tampered with anything. This is a fresh install. I have attached my entire cbs log so you can see all the details. CBS.log
  8. 2021-09-17 06:56:33, Info CBS Session: 30911410_2912798412 initialized by client WindowsUpdateAgent, external staging directory: (null), external registry directory: (null) 2021-09-17 06:56:33, Info CBS InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~amd64~~6.4.1.0 [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to create open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2021-09-17 06:56:33, Info CBS Session: 30911410_2912813540 initialized by client WindowsUpdateAgent, external staging directory: (null), external registry directory: (null) 2021-09-17 06:56:33, Info CBS InternalOpenPackage failed for Package_for_KB3025096~31bf3856ad364e35~x86~~6.4.1.0 [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to create open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE] 2021-09-17 06:56:33, Info CBS Failed to OpenPackage using worker session [HRESULT = 0x800f0805] 2021-09-17 06:56:34, Info CBS WU creates the package, AppID:MoUpdateOrchestrator, UpdateID:{33D6CF13-224E-459B-AD4F-AF8C5E3CC469}, revision: 202 2021-09-17 06:56:34, Info CBS Read out cached applicability from TiLight for package: Mapping_Package_for_KB3089226_af-ZA_amd64~31bf3856ad364e35~amd64~~10.0.10240.0, ApplicableState: 0, CurrentState:0 2021-09-17 06:56:34, Info CBS WU creates the package, AppID:MoUpdateOrchestrator, UpdateID:{1103CC99-E96C-4F7C-885C-A67A975ECBEE}, revision: 200 2021-09-17 06:56:34, Info CBS Read out cached applicability from TiLight for package: Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4400.1, ApplicableState: 112, CurrentState:112 2021-09-17 06:58:35, Info CBS Trusted Installer is shutting down because: SHUTDOWN_REASON_AUTOSTOP 2021-09-17 06:58:35, Info CBS TiWorker signaled for shutdown, going to exit. 2021-09-17 06:58:35, Info CBS Deleting the contents of directory: \\?\C:\Windows\CbsTemp 2021-09-17 06:58:35, Info CBS Deletion of: \\?\C:\Windows\CbsTemp successful 2021-09-17 06:58:35, Info CBS CbsCoreFinalize: ExecutionEngineFinalize 021-09-17 06:46:41, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction 2021-09-17 06:46:41, Info CSI 000001ba Warning: Overlap: Directory \??\C:\Program Files (x86)\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:41, Info CSI 000001bb Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:41, Info CSI 000001bc Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:41, Info CSI 000001bd Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch Host= amd64 Guest= x86, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:32, Info CSI 00000184 [SR] Beginning Verify and Repair transaction 2021-09-17 06:46:33, Info CSI 00000185 Warning: Overlap: Directory \??\C:\Windows\SysWOW64\drivers\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:33, Info CSI 00000186 Warning: Overlap: Directory \??\C:\Windows\SysWOW64\wbem\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:33, Info CSI 00000187 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch Host= amd64 Guest= x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:08, Info CSI 00000100 [SR] Beginning Verify and Repair transaction 2021-09-17 06:46:08, Info CSI 00000101 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:08, Info CSI 00000102 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:46:08, Info CSI 00000103 Warning: Overlap: Directory \??\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ is owned twice or has its security set twice Original owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-shell32, version 10.0.19041.1202, arch amd64, nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:45:42, Info CSI 00000080 [SR] Beginning Verify and Repair transaction 2021-09-17 06:45:43, Info CSI 00000081 Warning: Overlap: Directory \??\C:\Windows\System32\drivers\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:45:43, Info CSI 00000082 Warning: Overlap: Directory \??\C:\Windows\System32\wbem\en-US\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:45:43, Info CSI 00000083 Warning: Overlap: Directory \??\C:\Windows\help\mui\0409\ is owned twice or has its security set twice Original owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} New owner: Microsoft-Windows-Foundation-Default-Security.Resources, version 10.0.19041.1, arch amd64, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} 2021-09-17 06:45:17, Info CBS Seconds between initial corruption detections: -1 2021-09-17 06:45:17, Info CBS Seconds between corruption and repair: -1 2021-09-17 06:45:17, Info CBS Reboot mark cleared 2021-09-17 06:45:17, Info CBS Winlogon: Simplifying Winlogon CreateSession notifications 2021-09-17 06:45:17, Info CBS Winlogon: Deregistering for CreateSession notifications 2021-09-17 06:45:17, Info CBS Exec: Processing complete, session(Corruption Repairing): 30911408_3668031720 [HRESULT = 0x00000000 - S_OK] 2021-09-17 06:45:17, Info CBS Session: 30911408_3668031720 finalized. Reboot required: no [HRESULT = 0x00000000 - S_OK] 2021-09-17 06:45:17, Info CBS Deleting directory: \\?\C:\Windows\CbsTemp\30911408_3668031720\ 2021-09-17 06:45:17, Info CBS Moving directory from \\?\C:\Windows\CbsTemp\30911408_3668031720\ to \\?\C:\Windows\CbsTemp\30911408_3668031720\{85EFA854-E023-4346-9E10-6D70451F4518} 2021-09-17 06:45:17, Info CBS Failed to move \\?\C:\Windows\CbsTemp\30911408_3668031720\ to temp directory \\?\C:\Windows\CbsTemp\30911408_3668031720\{85EFA854-E023-4346-9E10-6D70451F4518} [HRESULT = 0x80070020 - ERROR_SHARING_VIOLATION] 2021-09-17 06:45:17, Info CBS Failed moving directory: \\?\C:\Windows\CbsTemp\30911408_3668031720\ to temp, will delete in-place instead [HRESULT = 0x80070020 - ERROR_SHARING_VIOLATION] 2021-09-17 06:45:17, Info CBS Deletion of: \\?\C:\Windows\CbsTemp\30911408_3668031720\ successful 2021-09-17 06:45:17, Info CBS Session: 30911409_443880694 initialized by client DISM Package Manager Provider, external staging directory: (null), external registry directory: (null) 2021-09-17 06:45:17, Info CBS TiWorker: Client requests SFP repair object. 2021-09-17 06:45:17, Info CSI 0000000e@2021/9/17:10:45:17.341 WcpInitialize: wcp.dll version 10.0.19041.1220 (WinBuild.160101.0800)
  9. I decided I should run dism sfcscan fistlist from earlier on my new fresh windows install before I let this thread close, and sadly it found errors on my new install. Much like that other persons first hand account I posted earlier where guy said "In my case, the standard DISM / SFC Repairs were not working, even after multiple fresh installs of windows , the "malware" survived , as i had persistent problems." Sadly I am worried again as how can this be? Fixlog.txt
  10. Thank you. I am more convinced now than ever that it is not malicious or being used by strangers to spy on me or something. Also the fact that my routers setting are read only, leads me to believe that even if someone wanted to, they could not have accessed my router anyways to make any changes at all. This was beyond helpful. Had I not come here I just would have likely worried about it forever. You guys provide a great service here. Having someone listen to all your concerns not only helps computers but it helps the people too. I feel better, and you got a router upgrade, id say we are both winners today. I think I will take the weekend off from worrying about this pc for once, and contact my ISP monday. Cheers to everyone involved and to this great service.
  11. Unfortunately this routers page doesnt have any changeable options. Its manual says "Note: The configuration settings on the CM8200 Configuration screen are read-only and cannot be modified. You will have to contact your service provider to obtain special authorization to change the cable modem frequencies and other configuration settings." I will try to contact the ISP and hope they understand what I am talking about. Thank you.
  12. Oddly enough I just installed that new nvidia driver today after the fresh install, the old one was from windows update. Not sure why the new one would not be showing up, maybe I installed it right after running that hwid, but either way I will reinstall the latest driver to be sure. I ran that patch my pc and it says everything is up to date. I have all the installers off the official asrock site I keep on my external for when I do fresh reinstalls. I will finish installing them all now. They do not effect the hidden network though because I had them all before this fresh install. I am worried this ISP provided arris router is so crap the hidden network might not be removeable, but I will wait and see how Kevin did his.
  13. make and model of your computer and if desktop or laptop = I custom built this pc myself so no make or model. it is a desktop pc. I have included the HWiNFO log requested. I did the test by typing in "rosa420", and it did take me to the network security thing and I canceled it out. I also tested it by typing in "sandwich" which also took me to the network security screen as well so it seems like can type anything. I feel 99% sure though that it is from my router so we should still attempt that repair you said about that worked for you, just so I feel better with the hidden network gone. Thanks so much from the two of you. I feel like we are very very close to having this solved now. HWiNFO.zip
  14. another thing ill throw out there while im at it is my windows update shows some weird 1/1/1970 dated system driver, which makes me think maybe i have some weird system driver on my system thats not legitimate.
  15. Arris Touchstone Model:CM8200A . I found some strange things in my windows credentials manager. There were several virtualapp/didlogical , sso pop user, sso pop device type things with credentials set up. I deleted them but got a screenshot of one of the things. There was more but I deleted them before taking the screenshot. I suspect maybe they come over when I sync'd my edge with my windows account but I am not sure. Could this be malicious? That is not one of my user names or anything.
  16. I can see me neighbors now on the wifi list, and they are all 1 of zero bars, and they did not show up during the windows install. I always have airplane mode on on my pc, and just use ethernet connection straight to the router. My tv and stuff use the wifi though I guess. When I click the hidden network to connect, its the only one that asks for "Enter the name (SSID) for the network", while all the other ones ask for passwords or security keys. If i can further try to explain my paranoia on this topic is that, 9 months ago I installed a pirate software, it installed some sort of system driver. sure enough i then read the torrent comments of people saying, 'this set up a hidden network on my system and has been using a tb a month in data, survived reinstalls, and that it was very hard to remove and how they solved it was by wiping their drives with some sort of external driver wiper software loaded onto a usb drive. So I check my wifi list then and sure enough originally discovered the hidden network. A different person on another site said they had the same problem and thats actually what led me to using that Windows Repair All-in-One. That person said - "The above tool is not some crappy gimmick tool as it appears, its the real deal. In my case, the standard DISM / SFC Repairs were not working, even after multiple fresh installs of windows , the "malware" survived , as i had persistent problems. This tool actually reverts everything forcefully back to the original/default - such as: file/owner permissions, registry permissions and default registry values, verifies digital signatures of all windows components, Reparse points etc. Some 'malware' even extends to windows services. For example, if you type 'sevices.msc' in the search bar, you can launch the services panel. Here, you can see all the windows services. There is a column named 'log on as'. Some services are local services, and some are network services. Malicious actors can hijack system services and change the log on user - this tool can help with that too, and optionally, you can revert any affected services manually by changing the 'log on as' to NT AUTHORITY / Local service (password blank). (NOTE: not all services are supposed to be local services, im just giving you an example). OFF TOPIC: in reference to the above, please note: i didn't have a 'virus' > kaspersky could not detect anything, malwarebytes nothing, hitmanpro, tdskiller (kaspersky rootkit tool). I had an issue with a malicious actor which gained access to my network, and this tool really helped - i suspect on every new install the old 'settings' were restored somehow. Along with this tool, i used GPARTED to remove any HPA hidden partition in all hard drives using the terminal and some special commands. Changing my HDD's UUID's, resizing/moving partitions/sectors left/right to re-allign them and overwrite what was hidden/stored. Testdisk also helped by alerting me to detected hidden partition (HPA) , and sector mismatches on all my drives. And ofcourse, in a scenario like this, nuking and replacing the router with a PFSENSE." Maybe that guy is an idiot also, but the things he was describing seemed exactly what I was worried about. I never tried using those programs he is talking about to detect 'hidden partitions' though. While formatting my 2 storage hds right now, I see that my C drive has partitions that skip from partition 1 to partition 4 for C, which are normal windows partitions, but why would it not show partitions 2 and 3? You will never understand how helpful it is that you are listening to my paranoia, because I actually stressed over this for several months alone before trying these sort of websites to get help with it. Paranoia brain says 'missing partition numbers and a hidden network on my list, oh my, this all adds up to what i been saying' sort of thinking. I also worry that I was never able to fully rewrite over format the C drive like I am right now with my other 2 drives. Like sure I did delete all partitions from C, and click format on the windows install, but i dont think that overwrites everything like id feel safer about. I do very much appreciate it.
  17. I have completed the fresh windows install. Sadly though while doing it, it showed my networks, and sure enough the one was the Hidden Network that I was concerned about this whole time. I did not set it up, nor do I have the password for it. It was not there months ago. I have included a picture so you can see for yourself what I am talking about. I am back to being fully concerned about this issue again. It clearly shows my ethernet connection on top, my rosie named network that is mine, and the hidden network I have been concerned about this whole time. My data usage has not been adding up as well, seemingly hundreds of gbs of data every month that was not me, for the past few months. I have also been watching tv already and seen a message that someone has connected to my tv, via source - internet. which was not me either. I have tried resetting the router in the back reset button for example, it still remains. I have major concerns that this could be a spy network who has access to my lan. I would feel 1000x safer if you can help me remove the hidden network. Let me know what you guys think. Thanks again.
  18. Thanks. I am working on backing things up to external hd and will do the fresh install tomorrow. I will provide updates in 24 hours.
  19. I had considered doing this. Last time I did a fresh install I clicked format for all my drives, and it 'wiped' them empty. Is this good enough way to do it? Is it a full overwrite format or does it leave all the data behind that could then carry over if there is something malicious? I will begin the process of backing things up in the meantime.
  20. i am using Windows Repair All in One from tweaking.com. I am trying to reset registry permissions but keep getting these errors.
  21. hey real quick, sorry for keeping this one going now. are these errors i get when trying to reset permissions malicious, and do you have any idea how to fix them? I just tried to reset again and get same errors. Figured I may as well check on last time here before going away. "ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid. ERROR: Writing SD to <machine\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid. ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage> failed with: The handle is invalid. ERROR: Writing SD to <machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009> failed with: The handle is invalid."
  22. I reran that last fix just to make sure there was nothing on sfcscan again, and it was fine. i am thinking the problems are fixed for the most part for now. thanks for being patient dealing with me. i do feel safer about my pc now.
  23. That worked good with no problems. Its hard to explain, but the pc does seem to be behaving correctly now, other than that first sfc scan i did after the repair which did a repair, this time it did not. my edge cache clears properly now through the browser. whether i was really infected or not, i think i have accepted now that things are most likely better. people on that other forum said those detections were false positives. i still feel like perhaps those files were doing something to my browser, which is not working better too. Fixlog.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.