Thank you for the encouraging advice. I know that I am being hacked. It is obvious. Please do not treat someone like an idiot just for asking help. I found and quarantined a mountain of false information on my computer. One, you should know that I am a home user. Two, I have taken a couple of classes. Three, an idiot can see from my end something is wrong. As I said before, the files that I attached, even when being attached started with C:\Fake. It doesn't take a brain surgeon to figure that something is wrong in that case. If you can help please, I would love to have some advice based on fact. I can post the real thing on here if you would like? I said I was hacked, and I don't mean just a little virus, I mean it has taken control of everything. I believe that I was able to derive some sort of control after all day and night working on this. I need help, and please don't be condescending. Since, I am unable to upload real data, I will just post it on here for you to see.
For instance, does a class C home user use an IP of a 224.0.0.0? I believe, to my limited knowledge that the break between class C and class D IP addresses is 192-223 for class C and 224-240 for a Class D. Here is my IP routing table.
------- ----------------- ------- ----------- -------- -----------
2 255.255.255.255/32 0.0.0.0 256 35 ActiveStore
1 255.255.255.255/32 0.0.0.0 256 75 ActiveStore
2 224.0.0.0/4 0.0.0.0 256 35 ActiveStore
1 224.0.0.0/4 0.0.0.0 256 75 ActiveStore
2 192.168.1.255/32 0.0.0.0 256 35 ActiveStore
2 192.168.1.65/32 0.0.0.0 256 35 ActiveStore
2 192.168.1.0/24 0.0.0.0 256 35 ActiveStore
1 127.255.255.255/32 0.0.0.0 256 75 ActiveStore
1 127.0.0.1/32 0.0.0.0 256 75 ActiveStore
1 127.0.0.0/8 0.0.0.0 256 75 ActiveStore
2 0.0.0.0/0 192.168.1.254 0 35 ActiveStore
2 ff00::/8 :: 256 35 ActiveStore
1 ff00::/8 :: 256 75 ActiveStore
2 fe80::885:769e:e6e7:1d99/128 :: 256 35 ActiveStore
2 fe80::/64 :: 256 35 ActiveStore
2 2600:1700:8f00:2420:89c5:5c64:af45:5829/128 :: 256 35 ActiveStore
2 2600:1700:8f00:2420:885:769e:e6e7:1d99/128 :: 256 35 ActiveStore
2 2600:1700:8f00:2420::68b/128 :: 256 35 ActiveStore
2 2600:1700:8f00:2420::/64 :: 256 35 ActiveStore
2 2600:1700:8f00:2420::/60 fe80::d6b2:7aff:fefb:b56d 16 35 ActiveStore
1 ::1/128 :: 256 75 ActiveStore
2 ::/0 fe80::d6b2:7aff:fefb:b56d 256 35 ActiveStore
This is not a business, government, or any other type of environment, but a home user/home network. The routing table above is not logical following these known guidelines.
Also, the subnet mask is completely different than a class C.
I know I am hacked. It is not a guess. I have been told by Microsoft that my computer is connected to some unknown domain. Also, this computer was completely wiped???, last Wednesday. I have quarantined some program called Pester? I am unfamiliar with it, maybe you are better equipped to know what that is, but it was quite the programming when I was reading it. I have sent multiple files to be reviewed, but there is a file called eav_nt64.msi and a from what I read on your site this is not the way that ESET installers are supposed to be, and there is something called a DeslockInstaller.msi file as well. I am being taken to sites that I know are not legitimate for ESET as after I quarantined certain mock programs, I was then able to see that the site I was on was not the real ESET site or at least was not secure. Do I have you convinced yet? Will you help?
I am sorry, but I should not be connected to a VPN, domain, or on a server. Maybe a DNS, but it should be on my network and available, but as we both know that is just to resolve url's for those of us who use words instead of numbers. I am sorry, I really do need help. Can ESET help me or was this just another waste of money. I am tired, I am not capable of doing this myself. I have lost files, had phishing pop ups like they were from Microsoft, and my computer will randomly change to look like a Windows Vista or something. This is crazy, and all I get is I shouldn't be looking at files. Do you know how I can get real help with a real issue if you are not willing?
Thank you,
DaLea
I would also like to add just part of a scan, do you know what all of these are? Again, there should be no remotely controlled systems in my environment.
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-UsbRedirector-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TerminalServices-WMIProvider-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Dictionaries-en-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Dictionaries-en-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TextPrediction-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-TFTP-Client-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-Virtualization-RemoteFX-User-Mode-Transport-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-net-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-net-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-net-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-net-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-net-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-net-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-net-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-net-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WCN-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WebcamExperience-WOW64-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WinOcr-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.cat - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WinOcr-Package~31bf3856ad364e35~amd64~en-US~10.0.16299.15.mum - is OK
1/14/2018 8:03:39 PM C:\Windows\servicing\Packages\Microsoft-Windows-WinOcr-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat - is OK
Here is another snip from a scan. Did I mention that I shouldn't be on a server and never should have been. An SQL is a server.
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msadds.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msaddsr.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msdaprsr.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msdaprst.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msdarem.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msdaremr.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\msadc\msdfmap.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\en-US\msdasqlr.dll.mui - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\en-US\oledb32r.dll.mui - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\en-US\sqloledb.rll.mui - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\en-US\sqlxmlx.rll.mui - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msdaosp.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msdaps.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msdasql.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msdasqlr.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msdatl3.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\msxactps.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\oledb32.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\oledb32r.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\oledbjvs.inc - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\oledbvbs.inc - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\sqloledb.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\sqloledb.rll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\sqlxmlx.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\ole db\sqlxmlx.rll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\wab32.dll - is OK
1/14/2018 5:35:36 PM C:\Program Files\Common Files\system\wab32res.dll - is OK
