Jump to content

Cannot complete the installation, plus some of my original problems


Recommended Posts

When installing Malwarebytes after uninstalling it it now stops at 39% stating its stopping the old service. Here are my logs. I expect extreme messing with my laptop and PC(if i were to paste it) as I am in a battle with my neighbor who is some type of computer science person. I have even put my old+off iPhone in my new car and it was on the next day a few months ago, they are able to turn on accessory mode. Its a very long story but I'm glazing over these things but trying to give a picture of this lady. She also has my email which has thousands of dollars of games associated with it so I cannot change my email, and she get to see my changed passwords etc.I pay for 350 mbps and for 2-3 weeks every night, just my laptop would be limited to 1.5 mbps, she knows I watch Twitch. Now its 16 mbps but not 350ish. Just saying there is a lot of weird things I have been continually experiencing.

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

Hello @skn5000

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour

 

 

 

Your DNS Servers: 10.64.0.1 - 75.75.75.75

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

 

 

The Trend Micro program "Cleaner One Pro" really is not needed. Windows can already clean up on it's own for free.

 

 

 

Please temporarily disable the real-time protection from Trend Micro antivirus and run the following fix.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

 

Link to post
Share on other sites

Sorry for the late reply, I have a small gap of time from 9PM EST to 11PM to get to do everything including fixing my network/ malware issue (I truly think she has total access to my internet router, she knows my "routine" and to see what she does, I have majorly deviated from my routine to see if changes would occur. Such as going to sleep then sneaking back down and my internet will be off, my gaming PC only recognizes 2 ssds instead of the 4 installed so I have to call the maker and have them help me in the bios, and I have an AMD Ryzen 5950x 16 core. in Task Manager it will only show 16 cores, instead of the 32 many times. The laptop I'm typing with now I don't care as much about, it's more convenient. Again it sounds crazy especially in text, but I'm trying to flesh out the extent of control this person has over my network. Thank god I dont have smart appliances or I would be getting ice spewing out  

So I'll try to not drag this out and follow the instructions to the T. Also thanks for helping again. One more problem that I have is in the settings>security>exploit protection>advanced settings>advanced memory protection, 8 check boxes don't stay checked. 

 

Malicous return address detection> MS Office

Memory patch hijack protection> MS Office

CALL ROP gadget detection 32 bit> PDF readers + MS Office

RET ROP gadget detection 32 bit> MS Office

CALL ROP gadget detection 64 bit> PDF Readers + MS Office

RET ROP gadget detection 64 bit> MS Office

 

As of now I have done the DNS part but I will have to call Xfinity to get into my router since the defalut admin and password have been changed. Ill post my logs in a few minutes as it will restart my laptop

 

 

Link to post
Share on other sites

  • Root Admin

I don't need more of those logs. I need you to download the FIXLIST.TXT file and run it as requested.

Boot into Safe Mode with Networking, use another computer, however you need to do it to get the file to run.

 

 

Please go to Control Panel, Programs, Programs and Features and uninstall the following

Bonjour

 

 

 

Your DNS Servers: 10.64.0.1 - 75.75.75.75

Please consider changing your default DNS Server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

  • Google Public DNS: IPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • Cloudflare: IPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNS: IPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCH: IPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

 

 

The Trend Micro program "Cleaner One Pro" really is not needed. Windows can already clean up on it's own for free.

 

 

 

Please temporarily disable the real-time protection from Trend Micro antivirus and run the following fix.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @skn5000 that looks pretty good.

Please run the following for me and I'll check back on you again tomorrow

 

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

 

Link to post
Share on other sites

I understand, that is why I said I was going to make this twice as hard since I thought we would be working on basically the same problem on 2 computers with 2 separate tasks unique themselves. I will finish the laptop and you can help with the PC if you don't mind after these tasks for the laptop are done or pass it on to someone else. I'm running the Microsoft Safety Scanner right now and will edit this post when it finishes. Thanks in advanced.

msert.log

Edited by skn5000
Link to post
Share on other sites

  • Root Admin

Okay, that found nothing.

How is the PC running now?

 

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

I appreciate it, I think if you have not found anything and if I don't find any malware with the new scanner, the problem is this person has access to my router and is making rules and such/administrative problems due to having my gmail/outlook id's(I even have a Titan Fido physical authentication usb/usb-c key). Are there other things other than the youtube video and article that you know of, or a program that handy elevated command prompts/scans/defaults/restores/resets(any of these) administration defaults and/or network, without having to full reset my pc and laptop?

 

It feels like changes are made when the PC and Laptop are "turned off", even though they don't really turn off. For example I used my gaming pc for the first time 10 days ago and it was unplugged. But when I powered it on drives 2 of my 4 nvme ssd's were gone (still un detected, I forgot the bios directions from MainGear), which has happened before, sometimes prior to the latest windows update I would be stuck at 16 active cores and hyperthreading would be off so I wouldn't have my 32 core or my RAM would be running at 2400 instead of 3600 cas 14. I didn't have any internet until I heard running through the wall, yes running.

 

I believe the problem's more securing the internet than malware. Because if shes got my outlook and gmail passwords which means access to both google and microsoft authenticators, its impossible to change my password as she would see that, if she can turn a car into accessory mode to turn the vent on and try to suck dust in and blow it in the car, or drain the battery, I am convinced she has some dubbing device that mirrors my screens or any 1 screen anytime she wants to look at aka my phone most importantly. I think this is the case because I have a couple banks' info and 3 credit cards along with a crypto wallet, if it were some random person they would have done something I would have been wiped already. I have been dealing with this since the 2020, and since my last talk with you, I'm just used to the weirdness of everything. She now lets me watch Netflix/HBO/Disney/AppleTV at 4k instead of something that looked like 480p or worse. My laptop is still limited to 1-4 mbps. My PC when I finally got internet was Downloading Modern Warfare 2 campaign at 60 MB/s and my phone gets 350 mbps. I was on the verge of calling my FBI branch I'm so sick of dealing with this, but I doubt they could help. I've used my own money on Battle.net shop for Call of Duty and the transaction goes through but I dont get my bundle, then my game closes and  the same transaction works I check my bank of A app and it shows I get charged twice and only one addition of points. 


Its some high level hacking or surveillance. We have history and she did have a reason to be mad at me but not for 3 years, shes doing other things too none electronic to my condo next door. But I learned she was a digital voyeur and I found out what she was doing and how she had modified the condo wall between our houses. One room, mine, was like walking through a blizzard there was so much dust, I retaliated and this is what she does all day every day. I digress, i don't know if this is the place to get the correct help but some settings in the Advanced Memory settings that don't stay checked may help me.

 

If you know of any other sites that might be down my alley then I'd eagerly check them out but these guide are impossible for me to finish as either things are greyed out or it requires me to sign in to a router that's already compromised and the password keeps changing. 

I will continue to follow your instructions and finish this and see if I can at least get a fixlist for my PC. Sorry for making a short story very long but this is what the problem stems from. I appreciate your patience. I'll post a screenshot from my phone in comparison of my laptops speed.

Screenshot (42).png

SecurityCheck.txt

Edited by skn5000
Link to post
Share on other sites

  • Root Admin

If you OWN your own Router... @skn5000

 

Please ensure that you have the user manual for your router. Then perform a factory reset.

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

 

Depending on one's preferences and the Router's capabilities please consider the following.

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2  using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address, or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555
  • Document passwords created and store them in a safe but accessible location.

 

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.