GANI482
Honorary Members-
Posts
92 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by GANI482
-
I use Firefox every day. The data usage on my Firefox has to be much higher than the 49mb it shows in my screenshot. I watch a lot of Youtube videos on Firefox too, so it must be a few gb every day. It was worrisome because nobody else on Reddit could for sure explain it either. I would assume somebody else out there is using NordVPN or another vpn, and can check what their data usage looks like so we can confirm for 100% what is going on. It is also concerning in that I am unable to differentiate what programs are using how much data. 800gb seems like a lot of data for my Youtube videos because I only watch videos in 480p specifically to try and save on data.
-
I worry about things I am not sure even sure I should worry about. Yesterday my power went out. Upon restarting my computer, I noticed the lights scheme for the fans was different, and that the monitor had no signal during the bios startup screen. Now try to follow me on this. The light scheme was very specific custom, and the one I used on old Windows 10 install during the time my pc was hacked. These fan light colors reverted to normal current settings once bios hand over to current Windows install. Now also I suspect the reason the monitor had no signal was because it was trying to use HDMI, which I used to use during that time as well. I now use displayport. Something remembers that old light set up and that I used HDMI. I feel like during cold boot restore situations it could be loading something from an old bad restore time, which I suspect may also be connected to old files showing up on new installs of Windows every time. There is some sort of 'guest network' shows up on all of my Windows installs, but ISP says it not normal behavior and that it is caused by some settings in my Windows. It was not there before I was hacked back in June of last year. I suspect somehow they access that network and it allows them access to my things.
-
Ok. Is it possible for it to be used maliciously by changing whatever is there to load 'bad' things or settings? Why do I need it on the storage HDDs as well?
-
What does Malwarebytes suggest for a file shredder
GANI482 replied to sweettasha's topic in General Windows PC Help
https://www.bleachbit.org/ -
-
A final thought I just had was. When my passwords were all hacked 14 months ago, they fully took my Microsoft account and Google account. I no longer am able to, or know how to, access the Microsoft account that was once linked to this computer and Windows key. As I am using Home edition Win11 that doesn't have remote desktop capabilities. there should be no way for them to do anything to me anymore because I am not logged in to any form on online syncing? Right?
-
I must say I was completely wrong about the Firefox. I solved what had happened. I just have a few more questions. Tcpip\..\Interfaces\{9272e2bf-6bd5-1513-a95c-605fd4c46776}: [NameServer] 103.86.99.99,103.86.96.96 why 2 Tcpip\..\Interfaces\{d8bda015-f855-442d-a79c-2e9286256421}: [DhcpNameServer] 192.168.40.1 What is this? Why is it broadcast 2 things? My system broadcast something called guest network that I never set up. Sometimes when I visit sites with live counters it counts me as 2 people myself and a guest. I want to remove these accounts. Administrator (S-1-5-21-1797612658-979842438-1703979276-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1797612658-979842438-1703979276-503 - Limited - Disabled) Guest (S-1-5-21-1797612658-979842438-1703979276-501 - Limited - Disabled) https://github.com/undergroundwires/privacy.sexy/issues/30 https://www.windowschimp.com/defaultuser0-account/ https://superuser.com/questions/1152792/what-is-defaultuser0-and-is-it-safe-to-delete What is this? Many have no user listed trying to do something. Error: (09/08/2022 09:29:27 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-IAR96BN) Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout. Error: (09/08/2022 08:24:02 AM) (Source: Server) (EventID: 2505) (User: ) < NO user listed Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9272E2BF-6BD5-1513-A95C-605FD4C46776} because another computer on the network has the same name. The server could not start. I have no server. I should just have basic ethernet internet and nothing more. What is all this about? Error: (09/08/2022 09:26:05 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (09/08/2022 09:26:05 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/08/2022 07:58:08 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/08/2022 07:54:45 AM) (Source: DSAService) (EventID: 1003) (User: ) Description: DSAService.exe:OnStart Exception: System.ArgumentException: invalid directory handle||Parameter name: value|| at DSAServiceCore.Controllers.Computer.SettingsController.SetDsaDirectory(String value)|| at Intel.DSA.Service.Service.OnStartTask() <Report> <Metadata Version="1" PCID="{3BB65C40-CD66-506C-28D7-BA86289F176B}" LastModification="2022.09.09 20:58:41.820" /> <EventBlocks> <Block0 Type="Scan" Processed="292161" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133072439778702983" Object="" Info="Started" /> <Event1 Action="Scan" Time="133072451217986077" Object="" Info="Finished" /> </Block0> </EventBlocks> </Report> I have included the scan logs. I am not so much concerned about viruses. I am concerned about changes that could have been made to backdoor into my system, or stealing my screen and streaming it. Things that may have legitimate purposes so they do not show up on malware scanners. Is everything else in my frst and addition logs completely normal? My event viewer shows over 30,000 security events like unknown people logging in and impersonation people accessing my credentials manager are all ones I have seen listed. Thank you.
-
I set up this Windows 11 with a local account using the rufus method in the article you linked there. It was installed via a USB stick. I have never logged in to any Microsoft Account since being hacked, and have used exclusively local accounts since. I must have done at least 5 fresh Windows installs with local accounts since being hacked in 2021. 4 times of Windows 10, and 1 time of Windows 11 now. Every time it is the same. I even slow formatted the HDD drives to attempt to wipe anything hiding on them as well. Seeing as I am already using an install based on a Local Account. What else should I do or try?
-
No. I was able to install Windows onto another drive, updated the SSD firmware using that program, then I secure wiped the SSD with that program, and then I reinstalled Windows back to the SSD. I didn't really understand why I was being told to replace the entire drive. I was not positively sure the SSD is the source of any problem, but I knew I wanted to try to secure wipe it. SMART is active on all drives. This Win11 install is a week old but shows files going back to the date I was hacked in 2021.
-
FRST.txtAddition.txtmwb.txt Edit. I have often wondered what is (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.625.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.27\msedgewebview2.exe <6> HKU\S-1-5-21-1797612658-979842438-1703979276-1000\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION Is it something someone could use to interact with my browsers? Can/should it be removed. I did not set it and I do not use Edge. 2022-08-17 18:10 - 2022-08-17 18:10 - 000043960 _____ (SteelSeries ApS) C:\Windows\system32\Drivers\sshid.sys This file is also older than my installation is. 2021-06-05 08:08 - 2021-06-05 08:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts The date on this hosts is the date my system was hacked 14 months ago. I think someone has added my pc to a workgroup or something and is accessing my pc and logging on. There are 30,000 security events in a week. Thanks again. I will go back to waiting without further edits.
-
I recently upgraded from Win10 to Win 11. My pc/network were hacked into about 14 months ago. Since then every new install has had issues. I immediately ran DISM on the fresh install and it failed and needed to repair. Today I noticed something has been changing my Firefox profile. So I created a new folder titled Firefox on my E drive to put the new Firefox profile in. Shortly later I noticed, that entire folder titled Firefox is gone from my E drive, and the Profile has changed names and moved to my C drive with 2 titles root and local. Its startling because something deleted my folder from my drive, and somehow moved the Firefox profile files entirely to somewhere else and changed the name. I want to stress this is not a Firefox bug. I have never seen entire folders deleted. I really feel something is hijacking my browser or my files. I have also experienced times on this new Win11 install where notification connection sounds happen only during times I have the screen turned off, but when I check it shows no notifications. In the screenshow below for Firefox profiles, It began as E drive, and titled something else. Shortly later I check E drive, the entire folder is gone, so I check where is my profile and its been moved and changed. I have never seen FF say root and local before. I want my system and files and everything to be all local and not shared or sync or copied anywhere else to another pc. That was originally how I was hacked 14 months ago they were able to duplicate my system on theirs by hijacking the Windows account I believe. I think they left something tied to my Windows serial #. Thanks in advance. This is upsetting.
-
I have found intel makes a program. It shows my drive and has a secure erase option, but I cannot do it because It has the Windows I am using on it. Is there a way to boot this from a usb, or another free option? Is it possible to momentarily move the Windows partition to another drive, so I can wipe the drive?
-
I am quite certain I have some sort of hidden infection or hijacked Windows services that has been carrying over Windows reinstalls. It does not show up in FRST or Malwarebytes scans. I recently reset all service/file/registry permissions and it has neutralized the effects of the infection for the moment, but I know it is still there and will be again when I reinstall. Without going into all the details, I have determined I must wipe the SSD completely using a method different than the Windows quick format during reinstalls. So I am hoping someone knows how to wipe m.2 nvme SSD from USB, and have it ready to attempt another Windows install.
-
I want to overwrite C drive to securely erase any hidden partitions, and then reinstall Windows 10. The problems is I do not understand how to overwrite the C drive from a usb stick or the bios. Can anyone assist with overwriting the drives, and having them ready to reinstall windows.
-
I suspect someone is remotely accessing my computer.
GANI482 replied to GANI482's topic in Resolved Malware Removal Logs
can we remove that application. i dont even need it but i dont think it uninstalled properly. -
I suspect someone is remotely accessing my computer.
GANI482 replied to GANI482's topic in Resolved Malware Removal Logs
Thanks. I have noticed if i unplug the hdmi, when i replug it in it works for about 10 seconds until it starts flashing again. FRST.txt Addition.txt -
I suspect someone is remotely accessing my computer.
GANI482 replied to GANI482's topic in Resolved Malware Removal Logs
it was stable in the bios screen after a fresh power up. although as soon as it goes to windows it flashes to black every 3 seconds, and carries over in restarts, so if I restart itll now flash at bios. something is triggering it. i had one restart where it waited a minute till istarted doing it. -
I suspect someone is remotely accessing my computer.
GANI482 replied to GANI482's topic in Resolved Malware Removal Logs
help my screen has been constantly flashing now.