Jump to content

GANI482

Honorary Members
  • Posts

    92
  • Joined

  • Last visited

Everything posted by GANI482

  1. This was all turned off. Is this traffic something I should be concerned about? I have no idea what is supposed to legitimate normal traffic under svchost to know what any of it all means.
  2. What we need is someone who is using a VPN to show us their data usage page so we can see if it says system. My Firefox must be hundreds of gbs too, and the only way that makes sense is that data is going under System.
  3. I am hoping someone here, an expert, can confirm this for sure or not. That Reddit post has been seen hundreds of times, and only 1 person says it is vpn caused.
  4. I use Firefox every day. The data usage on my Firefox has to be much higher than the 49mb it shows in my screenshot. I watch a lot of Youtube videos on Firefox too, so it must be a few gb every day. It was worrisome because nobody else on Reddit could for sure explain it either. I would assume somebody else out there is using NordVPN or another vpn, and can check what their data usage looks like so we can confirm for 100% what is going on. It is also concerning in that I am unable to differentiate what programs are using how much data. 800gb seems like a lot of data for my Youtube videos because I only watch videos in 480p specifically to try and save on data.
  5. I am on Win 11. I believe these are the correct screens you want but I do not think they will be of much use.
  6. I had noticed System using most data but never thought anything of it. Today I saw a post on Reddit of someone having the same issue, but none of the comments seem to understand why it is happening. Can anyone here explain this? Is is caused by using vpn? Thanks!
  7. I worry about things I am not sure even sure I should worry about. Yesterday my power went out. Upon restarting my computer, I noticed the lights scheme for the fans was different, and that the monitor had no signal during the bios startup screen. Now try to follow me on this. The light scheme was very specific custom, and the one I used on old Windows 10 install during the time my pc was hacked. These fan light colors reverted to normal current settings once bios hand over to current Windows install. Now also I suspect the reason the monitor had no signal was because it was trying to use HDMI, which I used to use during that time as well. I now use displayport. Something remembers that old light set up and that I used HDMI. I feel like during cold boot restore situations it could be loading something from an old bad restore time, which I suspect may also be connected to old files showing up on new installs of Windows every time. There is some sort of 'guest network' shows up on all of my Windows installs, but ISP says it not normal behavior and that it is caused by some settings in my Windows. It was not there before I was hacked back in June of last year. I suspect somehow they access that network and it allows them access to my things.
  8. Ok. Is it possible for it to be used maliciously by changing whatever is there to load 'bad' things or settings? Why do I need it on the storage HDDs as well?
  9. Is it normal that all 3 of my drives have a 16mb partition? What is the 16mbs?
  10. A final thought I just had was. When my passwords were all hacked 14 months ago, they fully took my Microsoft account and Google account. I no longer am able to, or know how to, access the Microsoft account that was once linked to this computer and Windows key. As I am using Home edition Win11 that doesn't have remote desktop capabilities. there should be no way for them to do anything to me anymore because I am not logged in to any form on online syncing? Right?
  11. Oh I misunderstood. Are you saying everything is good in the logs and clean? The pc is working good I was just confused originally by the FF thing and then the logs.
  12. I will not mess with the Windows profile things. "Your Firewall has multiple profiles. " How do I remedy this? This is a week old Win11 install. I have not set up any profiles, let alone multiple profiles. Is this something the hackers could have set up during their time on my system?
  13. I must say I was completely wrong about the Firefox. I solved what had happened. I just have a few more questions. Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.99.99,103.86.96.96 why 2 Tcpip\..\Interfaces\{d8bda015-f855-442d-a79c-2e9286256421}: [DhcpNameServer] 192.168.40.1 What is this? Why is it broadcast 2 things? My system broadcast something called guest network that I never set up. Sometimes when I visit sites with live counters it counts me as 2 people myself and a guest. I want to remove these accounts. Administrator (S-1-5-21-1797612658-979842438-1703979276-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1797612658-979842438-1703979276-503 - Limited - Disabled) Guest (S-1-5-21-1797612658-979842438-1703979276-501 - Limited - Disabled) https://github.com/undergroundwires/privacy.sexy/issues/30 https://www.windowschimp.com/defaultuser0-account/ https://superuser.com/questions/1152792/what-is-defaultuser0-and-is-it-safe-to-delete What is this? Many have no user listed trying to do something. Error: (09/08/2022 09:29:27 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IAR96BN) Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout. Error: (09/08/2022 08:24:02 AM) (Source: Server) (EventID: 2505) (User: ) < NO user listed Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9272E2BF-6BD5-1513-A95C-605FD4C46776} because another computer on the network has the same name. The server could not start. I have no server. I should just have basic ethernet internet and nothing more. What is all this about? Error: (09/08/2022 09:26:05 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/08/2022 09:26:05 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/08/2022 07:58:08 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/08/2022 07:54:45 AM) (Source: DSAService) (EventID: 1003) (User: ) Description: DSAService.exe:OnStart Exception: System.ArgumentException: invalid directory handle||Parameter name: value|| at DSAServiceCore.Controllers.Computer.SettingsController.SetDsaDirectory(String value)|| at Intel.DSA.Service.Service.OnStartTask() <Report> <Metadata Version="1" PCID="{3BB65C40-CD66-506C-28D7-BA86289F176B}" LastModification="2022.09.09 20:58:41.820" /> <EventBlocks> <Block0 Type="Scan" Processed="292161" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133072439778702983" Object="" Info="Started" /> <Event1 Action="Scan" Time="133072451217986077" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> I have included the scan logs. I am not so much concerned about viruses. I am concerned about changes that could have been made to backdoor into my system, or stealing my screen and streaming it. Things that may have legitimate purposes so they do not show up on malware scanners. Is everything else in my frst and addition logs completely normal? My event viewer shows over 30,000 security events like unknown people logging in and impersonation people accessing my credentials manager are all ones I have seen listed. Thank you.
  14. I set up this Windows 11 with a local account using the rufus method in the article you linked there. It was installed via a USB stick. I have never logged in to any Microsoft Account since being hacked, and have used exclusively local accounts since. I must have done at least 5 fresh Windows installs with local accounts since being hacked in 2021. 4 times of Windows 10, and 1 time of Windows 11 now. Every time it is the same. I even slow formatted the HDD drives to attempt to wipe anything hiding on them as well. Seeing as I am already using an install based on a Local Account. What else should I do or try?
  15. No. I was able to install Windows onto another drive, updated the SSD firmware using that program, then I secure wiped the SSD with that program, and then I reinstalled Windows back to the SSD. I didn't really understand why I was being told to replace the entire drive. I was not positively sure the SSD is the source of any problem, but I knew I wanted to try to secure wipe it. SMART is active on all drives. This Win11 install is a week old but shows files going back to the date I was hacked in 2021.
  16. FRST.txtAddition.txtmwb.txt Edit. I have often wondered what is (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.625.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.27\msedgewebview2.exe <6> HKU\S-1-5-21-1797612658-979842438-1703979276-1000\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Is it something someone could use to interact with my browsers? Can/should it be removed. I did not set it and I do not use Edge. 2022-08-17 18:10 - 2022-08-17 18:10 - 000043960 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sshid.sys This file is also older than my installation is. 2021-06-05 08:08 - 2021-06-05 08:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts The date on this hosts is the date my system was hacked 14 months ago. I think someone has added my pc to a workgroup or something and is accessing my pc and logging on. There are 30,000 security events in a week. Thanks again. I will go back to waiting without further edits.
  17. I recently upgraded from Win10 to Win 11. My pc/network were hacked into about 14 months ago. Since then every new install has had issues. I immediately ran DISM on the fresh install and it failed and needed to repair. Today I noticed something has been changing my Firefox profile. So I created a new folder titled Firefox on my E drive to put the new Firefox profile in. Shortly later I noticed, that entire folder titled Firefox is gone from my E drive, and the Profile has changed names and moved to my C drive with 2 titles root and local. Its startling because something deleted my folder from my drive, and somehow moved the Firefox profile files entirely to somewhere else and changed the name. I want to stress this is not a Firefox bug. I have never seen entire folders deleted. I really feel something is hijacking my browser or my files. I have also experienced times on this new Win11 install where notification connection sounds happen only during times I have the screen turned off, but when I check it shows no notifications. In the screenshow below for Firefox profiles, It began as E drive, and titled something else. Shortly later I check E drive, the entire folder is gone, so I check where is my profile and its been moved and changed. I have never seen FF say root and local before. I want my system and files and everything to be all local and not shared or sync or copied anywhere else to another pc. That was originally how I was hacked 14 months ago they were able to duplicate my system on theirs by hijacking the Windows account I believe. I think they left something tied to my Windows serial #. Thanks in advance. This is upsetting.
  18. I have found intel makes a program. It shows my drive and has a secure erase option, but I cannot do it because It has the Windows I am using on it. Is there a way to boot this from a usb, or another free option? Is it possible to momentarily move the Windows partition to another drive, so I can wipe the drive?
  19. I am quite certain I have some sort of hidden infection or hijacked Windows services that has been carrying over Windows reinstalls. It does not show up in FRST or Malwarebytes scans. I recently reset all service/file/registry permissions and it has neutralized the effects of the infection for the moment, but I know it is still there and will be again when I reinstall. Without going into all the details, I have determined I must wipe the SSD completely using a method different than the Windows quick format during reinstalls. So I am hoping someone knows how to wipe m.2 nvme SSD from USB, and have it ready to attempt another Windows install.
  20. I want to overwrite C drive to securely erase any hidden partitions, and then reinstall Windows 10. The problems is I do not understand how to overwrite the C drive from a usb stick or the bios. Can anyone assist with overwriting the drives, and having them ready to reinstall windows.
  21. can we remove that application. i dont even need it but i dont think it uninstalled properly.
  22. Thanks. I have noticed if i unplug the hdmi, when i replug it in it works for about 10 seconds until it starts flashing again. FRST.txt Addition.txt
  23. it was stable in the bios screen after a fresh power up. although as soon as it goes to windows it flashes to black every 3 seconds, and carries over in restarts, so if I restart itll now flash at bios. something is triggering it. i had one restart where it waited a minute till istarted doing it.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.