Here u go Flash...HP Envy laptop w Win 10 and Samsung Galaxy S7 Edge hacked???


Recommended Posts

I have a fairly new HP Envy Laptop with Win10 that I have started to use more often in the last 2 months.  I have noticed that there are alot of applications that I never added, files I can't access because I don't have the permission, there seems to be ALOT of user accounts and I only set up myself with an Administrator account when it was purchased new from Best Buy at the end of January.  There is now a 2nd Administrator Account but I don't even see it listed on the user accounts page in settings.  I have seen event logs that show remote connections but I have NEVER set up anything like that.  I also have a ridiculous amount of storage being used considering I haven't saved that much info to my computer.  And recently it seems all kinds of new devices have been added to my laptop that I don't recognize and the only thing I have ever added other than my phones, are  printers and a wireless mouse I feel like someone is monitoring my computer and uploading files (video and picture especially) to storage outside my computer.  I don't know if it is being done by someone I know, or in my home with access to my computer or someone I don't know who somehow gained access through the network I use.  This problem extends to ALL of the other devices I have used, like phones and tablets - they have all been connected to this laptop and have all used the network at one time or another.  Another issue that may have contributed to this problem is that my Google accounts have been previously compromised by someone who actually deleted one of the accounts entirely. I don't know what to do, I have tried to add additional security software, cleaning tools, etc to my laptop; I have opened every file I have access to using a variety of file readers (I have only download programs I can get from either Microsoft or CNet), I have deleted and created new accounts, changed my passwords on external accounts like Microsoft, Samsung & Google.  I have only one new (email account that hasn't had any problems which is through Protonmail.  Someone please help me figure this out - It is so bad now that I don't trust ANYONE at all and I am worried there may be pictures or worse videos from my devices (and life) out on the internet somewhere being viewed by just whoever.  

At this point anything that was stolen, copied or whatever is done, I can't change that so I guess I could just use the 'Start Fresh' option and reinstall windows and hopefully not lose any of my existing personal files...but I am so pissed off that I really want to know exactly what happened and with any luck who it is (or at least who it isn't).  And of course eventually I would like to be able to just safely use my laptop.

A million thanks in advance to anyone that might have some time to help me...

***I JUST NOTICED TODAY THAT THE ENTIRE HISTORY OF EVENT LOGS ARE GONE!!! THE ONLY ONES SHOWING ARE VERY RECENT AND I HAVE SAVED ALL 4 TO FILES ATTACHED.***

Reason Event Logs.evtx

CxMonSvcSource Event Logs.evtx

MicrosoftOfficeAlters Event Logs.evtx

WindowsPowerShellEventLogs.evtx

Link to post
Share on other sites

Howdy CarolAnn and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

 

============================== 

 

Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link  >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial: 

 

How to tell if you are running a 32-bit or 64-bit version of Windows  >>> http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

 

Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop.

Your browser will now download FRST and save it on your Desktop.
Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program. 
Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading. 

* FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue.
* At this point, please do not change any options and just click on the Scan button to begin the scanning !
* The scanning process can take a while, so please be patient while FRST scans your computer and creates and report that can be used by our helpers. When FRST is done generating the * reports it will create them as FRST.txt and Addition.txt in the same location as you downloaded and ran FRST from. If you ran it from the Windows desktop, then the reports will be made there. The program will then display a prompt stating that it has finished
* Please click on the OK button and FRST will display the FRST.txt log in a Notepad window.
* FRST will then display another prompt that states the second log, Addition.txt, is about to be shown as well. Press the OK button and a Notepad window will open that displays the Addition.txt log !

Copy & paste those logs for me !!

 

NEXT

 

AdwCleaner
       
Please download  https://toolslib.net/downloads/viewdownload/1-adwcleaner/  by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


NEXT


    Please download http://thisisudax.org/downloads/JRT.exe]JUNKWARE Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

  So to sum things up, i need you to copy/paste these logs:

1. FRST log(s)

2. AdwCleaner.exe (log)

3. Junkware log

 

Thanks

Chuck                                                              

Link to post
Share on other sites

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 07 04:16:43 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-01-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.ByteFence, ByteFenceService
PUP.Optional.Linkury.ACMB1, rtop
PUP.Optional.AdvancedPCCare, AppApcVerifier


***** [ Folders ] *****

PUP.Optional.ByteFence, C:\ProgramData\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Application Data\ByteFence
PUP.Optional.ByteFence, C:\Program Files\ByteFence
PUP.Optional.ByteFence, C:\Users\All Users\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.Solvusoft, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
PUP.Optional.WebBar, C:\Windows\System32\config\systemprofile\AppData\Local\WebDiscoverBrowser
PUP.Optional.WebBar, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier
PUP.Optional.AdvancedPCCare, C:\ProgramData\Application Data\AppApcVerifier
PUP.Optional.AdvancedPCCare, C:\Users\All Users\AppApcVerifier
PUP.Adware.Heuristic, C:\Program Files (x86)\6e2949619769aa5a979245bbf48fd68b


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\carol\Downloads\ReimageRepair.exe
PUP.Optional.Reimage, C:\Windows\Temp\reimage.log
PUP.Optional.Reimage, C:\Users\carol\AppData\Local\Temp\reimage.log
PUP.Optional.Reimage, C:\Users\carol\AppData\Local\Temp\ReimagePackage.exe
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
PUP.Optional.BestYouTubeDownloader, C:\Users\All Users\Desktop\Free YouTube Downloader.lnk
PUP.Optional.BestYouTubeDownloader, C:\Users\carol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
PUP.Optional.BestYouTubeDownloader, C:\Users\Public\Desktop\Free YouTube Downloader.lnk


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, ByteFence Scan
PUP.Optional.ByteFence, ByteFence


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\pcv-var
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\61F70108E2BCBA24BAD9C61145D0A5B8
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\61F70108E2BCBA24BAD9C61145D0A5B8
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\61F70108E2BCBA24BAD9C61145D0A5B8
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | WebDiscoverBrowser
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | CommonToolkitTray_Solvusoft
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKLM\SOFTWARE\Reimage
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\Reimage
PUP.Optional.Reimage, [Key] - HKCU\Software\Reimage
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKCU\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKCU\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinThruster.exe
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
PUP.Optional.AdvancedPCCare, [Key] - HKLM\SOFTWARE\AppApcVerifier
PUP.Optional.AdvancedPCCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.AdvancedPCCare, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-2237075321-751328073-2885487634-1001\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.SearchInMe, Plugin found: Search In Tabs - 

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 


*************************

Addition.txt

FRST.txt

JRT.txt

Link to post
Share on other sites

Hey Carol, the AdwCleaner program did not get ran correctly ! So i need you to re-run the scan again then after the scan make sure you click the "Clean" Button ! Then you will get a new log copy/paste it for me !

Thanks

Chuck

 

 

Link to post
Share on other sites

Carol, after reading through these logs there is a lot we need to clean out & remove from your computer ! 

So after you run the AdwCleaner program again & have it clean everything, post the log !

NEXT


    Download the free version Malwarebytes' Anti-Malware (save it to your desktop).  >>> https://www.malwarebytes.org/antimalware/
     
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      
* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
   
  
NEXT

 

Download OldTimer to your desk top ! 
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). 

* Double click OTL.exe to launch the program.
* Check the following. 

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs. 

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. 

* Please post me both logs. This may have to be broken into more than one post !   

 

Post Next:

1. New AdwCleaner log

2. MBAM (malwarebytes) log

3. OTL log

 

Thanks

Chuck

 

 

Link to post
Share on other sites

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 07 19:26:24 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\6e2949619769aa5a979245bbf48fd68b


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\ByteFence


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [6030 B] - [2017/9/7 4:17:37]
C:/AdwCleaner/AdwCleaner[S0].txt - [7114 B] - [2017/9/7 4:16:43]
C:/AdwCleaner/AdwCleaner[S1].txt - [1541 B] - [2017/9/7 19:25:4]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Link to post
Share on other sites

Carol, great job ! We got rid of these 2 WebDiscover, ByteFence ! Most Registry cleaners are not worth using & they can remove things your system needs they some  track your every move & sell your info !! 

Post the Malwarebytes' and the OTL logs when you get to them !

After we get you all clean then we will fix the problems you are having with "Accounts" !!

Thanks

Chuck

Link to post
Share on other sites
Guest
This topic is now closed to further replies.