Assistance Required Urgently - Local Area Connection Detected

YanAndrew · 24 Dec 2019

Hi Guys,

Machine: Dell Vostro 3550
OS: Windows 10 Pro (64-bit) Version 1909

Firstly, Merry Christmas from Malaysia!

Secondly, I have noticed a change in my home WiFi network lately and I am pretty certain that I am being spied on (that person is probably reading what I am typing right now) through my network. Today, my computer detected a connection called Local Area Connection and it has an ethernet symbol (whether the connection is really via an ethernet cable I am not so sure, it could be fake). Please refer to image 1 below:

Assistance Required Urgently - Local Area Connection Detected-lac-connection.jpg

When I clicked on it or tried to access it through Settings, it drops thus preventing me from accessing any information further:

Assistance Required Urgently - Local Area Connection Detected-lac.jpg

One might be forgiven for thinking that it is my paranoia, but I am willing to bet my life that my network has been tampered with to include some kind of mirroring of my online activities to another machine, gadget or smartphone.

I am, therefore, pleading for urgent help on how to go about identifying and locating whatever has been added to my network to feed this sick person's twisted desires. I have to gather concrete information as proof to support my claim because I want to go to the authorities with this. I want to expose this sick person. It has gotten to a point where I am starting to have a phobia about turning on my modem & router, and I don't even know if a VPN service would work at all because I do not know exactly where is his point of interference.

I am desperately in need of good advice and guidance.

Hope to hear from you soon.

Thank you,
Andrew

FreeBooter · 24 Dec 2019

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

YanAndrew · 24 Dec 2019

Hello FreeBooter,

The result of MiniToolBox is pasted below (I've also attached it herewith). I await your analysis.

Thank you.

Regards,
Andrew
=============================================================

MiniToolBox by Farbar Version: 17-06-2016Ran by YanAndrew (administrator) on 24-12-2019 at 22:34:05Running from "C:\Users\YanAndrew\Downloads"Microsoft Windows 10 Pro (X64)Model: Vostro 3550 Manufacturer: Dell Inc.Boot Mode: Normal***************************************************************************=================== ====== Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set."Reset IE Proxy Settings": IE Proxy Settings were reset.========================= Hosts content: ========================================================== IP Configuration: ================================802.11ac Wireless LAN Card = WiFi 2 (Connected)Broadcom 802.11n Network Adapter = WiFi (Media disconnected)Realtek PCIe GbE Family Controller = Ethernet (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledset interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 15" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="WiFi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 17" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 18" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 19" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 20" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 21" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 22" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Local Area Connection* 23" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledset interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabledpopd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : RILEY Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller Physical Address. . . . . . . . . : 18-03-73-A0-6D-A5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter WiFi: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter Physical Address. . . . . . . . . : 94-39-E5-E0-B9-D1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 17: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #7 Physical Address. . . . . . . . . : 06-E1-B0-45-32-82 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 18: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #8 Physical Address. . . . . . . . . : 0A-E1-B0-45-32-82 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 23: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter #7 Physical Address. . . . . . . . . : 94-39-E5-E0-B9-D1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter WiFi 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : 802.11ac Wireless LAN Card Physical Address. . . . . . . . . : 00-E1-B0-45-32-82 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::740c:e55d:94c7:b16e%30(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.154(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 24 December 2019 20:40:07 Lease Expires . . . . . . . . . . : 25 December 2019 00:33:16 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 453042608 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-CF-9F-39-18-03-73-A0-6D-A5 DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : EnabledServer: UnKnownAddress: 192.168.0.1Name: google.comAddresses: 2404:6800:4001:807::200e 172.217.31.78Pinging google.com [172.217.31.46] with 32 bytes of data:Reply from 172.217.31.46: bytes=32 time=9ms TTL=57Reply from 172.217.31.46: bytes=32 time=6ms TTL=57Ping statistics for 172.217.31.46: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 6ms, Maximum = 9ms, Average = 7msServer: UnKnownAddress: 192.168.0.1Name: yahoo.comAddresses: 2001:4998:58:1836::10 2001:4998:44:41d::3 2001:4998:c:1023::5 2001:4998:c:1023::4 2001:4998:44:41d::4 2001:4998:58:1836::11 98.137.246.7 98.138.219.231 72.30.35.10 72.30.35.9 98.137.246.8 98.138.219.232Pinging yahoo.com [98.138.219.232] with 32 bytes of data:Reply from 98.138.219.232: bytes=32 time=237ms TTL=55Reply from 98.138.219.232: bytes=32 time=239ms TTL=55Ping statistics for 98.138.219.232: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 237ms, Maximum = 239ms, Average = 238msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 27...18 03 73 a0 6d a5 ......Realtek PCIe GbE Family Controller 8...94 39 e5 e0 b9 d1 ......Broadcom 802.11n Network Adapter 23...06 e1 b0 45 32 82 ......Microsoft Wi-Fi Direct Virtual Adapter #7 32...0a e1 b0 45 32 82 ......Microsoft Wi-Fi Direct Virtual Adapter #8 18...94 39 e5 e0 b9 d1 ......Microsoft Hosted Network Virtual Adapter #7 30...00 e1 b0 45 32 82 ......802.11ac Wireless LAN Card 1...........................Software Loopback Interface 1===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.154 45 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.0.0 255.255.255.0 On-link 192.168.0.154 301 192.168.0.154 255.255.255.255 On-link 192.168.0.154 301 192.168.0.255 255.255.255.255 On-link 192.168.0.154 301 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.0.154 301 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.0.154 301===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 30 301 fe80::/64 On-link 30 301 fe80::740c:e55d:94c7:b16e/128 On-link 1 331 ff00::/8 On-link 30 301 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Event log errors: ===============================Application errors:==================Error: (12/24/2019 08:43:23 PM) (Source: Microsoft-Windows-Perflib) (User: NT AUTHORITY)Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 27400 and the required size was 37456.Error: (12/24/2019 08:28:35 PM) (Source: Application Error) (User: )Description: Faulting application name: SystemSettings.exe, version: 10.0.18362.449, time stamp: 0x066bf1a5Faulting module name: SystemSettingsViewModel.Desktop.dll, version: 10.0.18362.449, time stamp: 0x5dac2400Exception code: 0xc0000409Fault offset: 0x0000000000081b94Faulting process ID: 0x2830Faulting application start time: 0xSystemSettings.exe0Faulting application path: SystemSettings.exe1Faulting module path: SystemSettings.exe2Report ID: SystemSettings.exe3Faulting package full name: SystemSettings.exe4Faulting package-relative application ID: SystemSettings.exe5Error: (12/24/2019 08:28:16 PM) (Source: Application Error) (User: )Description: Faulting application name: SystemSettings.exe, version: 10.0.18362.449, time stamp: 0x066bf1a5Faulting module name: SystemSettingsViewModel.Desktop.dll, version: 10.0.18362.449, time stamp: 0x5dac2400Exception code: 0xc0000409Fault offset: 0x0000000000081b94Faulting process ID: 0x2d34Faulting application start time: 0xSystemSettings.exe0Faulting application path: SystemSettings.exe1Faulting module path: SystemSettings.exe2Report ID: SystemSettings.exe3Faulting package full name: SystemSettings.exe4Faulting package-relative application ID: SystemSettings.exe5Error: (12/24/2019 08:27:58 PM) (Source: Application Error) (User: )Description: Faulting application name: SystemSettings.exe, version: 10.0.18362.449, time stamp: 0x066bf1a5Faulting module name: SystemSettingsViewModel.Desktop.dll, version: 10.0.18362.449, time stamp: 0x5dac2400Exception code: 0xc0000409Fault offset: 0x0000000000081b94Faulting process ID: 0x26e4Faulting application start time: 0xSystemSettings.exe0Faulting application path: SystemSettings.exe1Faulting module path: SystemSettings.exe2Report ID: SystemSettings.exe3Faulting package full name: SystemSettings.exe4Faulting package-relative application ID: SystemSettings.exe5Error: (12/24/2019 07:11:13 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid..Operation: Executing Asynchronous OperationContext: Current State: DoSnapshotSetError: (12/24/2019 07:06:36 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid..Operation: Executing Asynchronous OperationContext: Current State: DoSnapshotSetSystem errors:=============Error: (12/23/2019 04:26:09 PM) (Source: Microsoft-Windows-NDIS) (User: NT AUTHORITY)Description: Miniport Apple Mobile Device Ethernet, {36919b7e-e87a-4cd6-9fcf-1903dec5c840}, had event 76Error: (12/22/2019 10:17:20 PM) (Source: volsnap) (User: )Description: The shadow copies of volume H: were aborted during detection.Error: (12/22/2019 10:17:07 PM) (Source: volsnap) (User: )Description: The shadow copies of volume H: were aborted during detection because a critical control file could not be opened.Error: (12/22/2019 01:57:35 AM) (Source: BugCheck) (User: )Description: 0x0000009f (0x0000000000000003, 0xffffd68a59bc9ca0, 0xffffaa83cfe3ec00, 0xffffd68a527af9a0)C:\Windows\MEMORY.DMP83378163-6578-4dc1-bf1b-08f6d9fe73deError: (12/22/2019 01:51:23 AM) (Source: Service Control Manager) (User: )Description: The Realtek DHCP Service service terminated unexpectedly. It has done this 1 time(s).Error: (12/22/2019 01:51:02 AM) (Source: EventLog) (User: )Description: The previous system shutdown at 1:41:03 AM on ‎22/‎12/‎2019 was unexpected.Error: (12/20/2019 03:42:52 PM) (Source: Service Control Manager) (User: )Description: The Downloaded Maps Manager service did not respond on starting.Error: (12/20/2019 03:42:20 PM) (Source: disk) (User: )Description: The IO operation at logical block address 0x0 for Disk 2 (PDO name: \Device\00000076) failed due to a hardware error.Error: (12/20/2019 03:41:19 PM) (Source: disk) (User: )Description: The IO operation at logical block address 0x0 for Disk 2 (PDO name: \Device\00000076) failed due to a hardware error.Error: (12/20/2019 03:41:19 PM) (Source: disk) (User: )Description: The IO operation at logical block address 0x0 for Disk 2 (PDO name: \Device\00000076) failed due to a hardware error.Microsoft Office Sessions:=========================Error: (12/24/2019 08:43:23 PM) (Source: Microsoft-Windows-Perflib)(User: NT AUTHORITY)Description: C:\Windows\System32\perfts.dllLSM2740037456Error: (12/24/2019 08:28:35 PM) (Source: Application Error)(User: )Description: SystemSettings.exe10.0.18362.449066bf1a5SystemSettingsViewModel.Desktop.dll10.0.18362.4495dac2400c00 004090000000000081b94283001d5ba55a1e64f69C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windo ws\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll5c292aec-85a1-41f1-8a10-ada718f2a0a9windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows .immersivecontrolpanelError: (12/24/2019 08:28:16 PM) (Source: Application Error)(User: )Description: SystemSettings.exe10.0.18362.449066bf1a5SystemSettingsViewModel.Desktop.dll10.0.18362.4495dac2400c00 004090000000000081b942d3401d5ba559acccc6aC:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windo ws\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dllb89a36b7-4aba-4698-9014-282618a0f871windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows .immersivecontrolpanelError: (12/24/2019 08:27:58 PM) (Source: Application Error)(User: )Description: SystemSettings.exe10.0.18362.449066bf1a5SystemSettingsViewModel.Desktop.dll10.0.18362.4495dac2400c00 004090000000000081b9426e401d5ba4b8b988e89C:\Windows\ImmersiveControlPanel\SystemSettings.exeC:\Windo ws\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dllb2d47d9b-963f-43f8-9246-3868b03321b0windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewymicrosoft.windows .immersivecontrolpanelError: (12/24/2019 07:11:13 PM) (Source: VSS)(User: )Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.Operation: Executing Asynchronous OperationContext: Current State: DoSnapshotSetError: (12/24/2019 07:06:36 PM) (Source: VSS)(User: )Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.Operation: Executing Asynchronous OperationContext: Current State: DoSnapshotSetCodeIntegrity Errors:=================================== Date: 2019-12-24 22:34:16.052 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:16.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:15.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:15.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:06.440 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:06.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:05.764 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:34:05.759 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-12-24 22:32:00.095 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. Date: 2019-12-24 22:32:00.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.=========================== Installed Programs ============================µTorrent (HKCU\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.)7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)Apple Application Support (32-bit) (HKLM-x32\...\{BED24701-751B-41C5-8888-A8EABAB9FE8C}) (Version: 8.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{88F21C94-88AF-4665-AF4F-FECB1FA059B9}) (Version: 8.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6CECF0FB-EE71-4FE5-8AE0-FA007408934A}) (Version: 13.0.0.38 - Apple Inc.)Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.1.23 - The Brave Authors)Camtasia 2019 (HKLM\...\{281FB404-5E21-49C9-ABA7-278753936D13}) (Version: 19.0.1.4626 - TechSmith Corporation) HiddenCamtasia 2019 (HKLM-x32\...\{5ce3fc88-78d6-4dd6-b94b-e3522d83a3e5}) (Version: 19.0.1.4626 - TechSmith Corporation)CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)dr.fone (Version 9.9.10) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 9.9.10.43 - Wondershare Technology Co.,Ltd.)Dropbox (HKLM-x32\...\Dropbox) (Version: 87.4.138 - Dropbox, Inc.)Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) HiddenFile Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) HiddenHandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)iTunes (HKLM\...\{E7AE2AF7-F6E8-4A03-97C5-BD017C3DCB91}) (Version: 12.10.2.3 - Apple Inc.)K-Lite Codec Pack 15.2.8 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.8 - KLCP)Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)MiniTool Power Data Recovery Free Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Free Edition_is1) (Version: - MiniTool Solution Ltd.)Mixxx (HKLM\...\{5C786921-BD71-11E9-90FF-8DA856D7FBAC}) (Version: 2.2.2.6722 - The Mixxx Development Team) HiddenMixxx (HKLM-x32\...\{c543d90d-c71d-497e-a1f9-562f3c1f4a0d}) (Version: 2.2.2.6722 - The Mixxx Development Team)Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)Multi-Function Suite DocuPrint M225 dw (HKLM-x32\...\{10D98D84-A981-4433-BE8F-0B6F944E27A9}) (Version: 1.0.0.0 - Fuji Xerox)Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)Opera Stable 65.0.3467.48 (HKLM-x32\...\Opera 65.0.3467.48) (Version: 65.0.3467.48 - Opera Software)Opera Stable 65.0.3467.78 (HKLM-x32\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software)PanFone iOS Eraser Pro 1.0.1 (HKLM-x32\...\PanFone iOS Eraser Pro) (Version: 1.0.1 - PanFone)PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)PDF-XChange Editor (HKLM\...\{A3814501-4332-4436-BD13-07813EC91985}) (Version: 6.0.322.7 - Tracker Software Products (Canada) Ltd.) HiddenPDF-XChange Editor (HKLM-x32\...\{2096d5e2-2147-435b-9de4-54700b6e9558}) (Version: 6.0.322.7 - Tracker Software Products (Canada) Ltd.)REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0244 - REALTEK Semiconductor Corp.)Revo Uninstaller Pro 4.0.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.0 - VS Revo Group, Ltd.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{C814F7D9-CE9D-45AA-BA7C-88BDD0E1EB7C}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{77A8B979-11B0-4774-8003-574EE8A4BC22}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{05916788-991E-417B-A8F3-77F90A2B8271}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{D4D48631-AC28-4250-B882-C956555B0B1D}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F3FAAB68-7697-4B1F-A23A-72312565AEAB}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{944EFCFD-823D-4C0A-9B01-CD76EEAEA1F3}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{58B1AD3E-54D7-42DC-AF42-218AA7C1ED8B}) (Version: - Microsoft) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{C7BC6847-623D-4D8F-B87C-82215F0752BA}) (Version: - Microsoft) HiddenTI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.)TI USB3 Host Driver (HKLM-x32\...\{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}) (Version: 1.12.18.0 - Texas Instruments Inc.) HiddenVLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)WhatsApp (HKCU\...\WhatsApp) (Version: 0.3.9309 - WhatsApp)Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)Wondershare Video Converter Ultimate(Build 10.4.3.198) (HKLM-x32\...\Video Converter Ultimate_is1) (Version: 10.4.3.198 - Wondershare Software)========================= Memory info: ===================================Percentage of memory in use: 41%Total physical RAM: 10146.05 MBAvailable physical RAM: 5905.98 MBTotal Virtual: 11682.05 MBAvailable Virtual: 6507.43 MB========================= Partitions: =====================================1 Drive c: () (Fixed) (Total:204.51 GB) (Free:140.44 GB) NTFS2 Drive d: (Local Disk) (Fixed) (Total:260.58 GB) (Free:200.79 GB) NTFS========================= Users: ========================================User accounts for \\RILEYAdministrator DefaultAccount Guest WDAGUtilityAccount YanAndrew **** End of log ****

Pluginz · 24 Dec 2019

Try these settings. They can always be put back if it doesnt help.

As a test I would disable TCP/IP NetBIOS Helper in the Windows services.
Then go into your Network and Sharing Center and then 'Change adapter setings'. Scroll down to ipv4, double click and goto the 'WINS' tab and disable NetBIOS over TCP.
Give her a reboot and see if the Network connection is still there.

Good luck

FreeBooter · 24 Dec 2019

You are connected to 192.168.0.1 wireless router.

I don't see any problem with your connection.

YanAndrew · 25 Dec 2019

Pluginz:
I tried your suggestion of disabling NetBIOS over TCP, rebooted my modem & router as well as my computer and that Local Area Connection disappeared! So, thank you.

FreeBooter:
The MTB results might not reveal any interference to my network, but that does not mean there wasn't any. Whoever is responsible for doing so obviously has the option of doing it or not at the switch of a button.

This is driving me insane and I must get to the bottom of this one way or another.

Does anyone else have any other suggestions / advice?

Regards,
Andrew

Pluginz · 25 Dec 2019

Well done for stopping part of the problem,

I had another deeper look at the your log file and find a few more things interesting !

Something has been installed on the system to allow all this in the first place. I really hate Google. A browser redirector plugin or an unsecure open wireless printer. Once it finds its way onto your comp, spreads everywhere. The wireless printer can run 'Bonjour' through Apple services and Google Print Cloud services which will happily TX and RX without your knowledge. So much for security eh.

We can try and slowly remove it all, its a long process and could take a few weeks to get rid. It would be easier to just re-install, but whats the fun in that? You wont have learnt anything by wiping.

What web browser are you using? Go into the settings of the browser and disable or remove any extensions or plugins. Also can you disable any Flash Player running in the browser too? Good idea now to flush any browser caches, cookies, everything. I would also go into Windows Services and disable any 'Google Updater' or 'Adobe updater'
Now go into 'MSCONFIG' and select 'Startup' tab. Apart from your WiFi startup software, disable everything else.
Now do a search of filename 'desktop.ini'. Find any desktop.ini files that are 'system files' and delete all. Reboot machine

All those programs that have appeared in your Log file list are guaranteed to be corrupt. So i would start to uninstall as many as you can. Copy each software name down first. After each one is uninstalled, we can then remove all the entries from the registry.
Goto 'Programs and Features' , then click 'Turn Windows Features on or off' , scroll down list and take ticks out of any file sharing support and remote connections.
When that is done. Find all your backups of software from this. Match file names to property detail file names. Any that arnt the same, delete straight away. Reboot machine

Check now your Printers and Devices and if you dont need them, remove the 'Fax' device and also 'XPS' printer. Can you as well, goto any printers you have and disable any Wifi, Bonjour and Google services.

I would now go back into your LAN property details and disable ipv6, just take the tick out. Now if you can, go into your router and do the same, disable ipv6 pin holes. Once that is done i would now disable a few Windows Services. They can always be turned back on laterz..

UPnP Device Host - Disable
Net Logon - Disable
IP Helper - Disable
IP Translator Service - Disable
Branch Cache - Disable
iSCSI Initiator Service - Disable
Offline Files - Disable
Media Player Networking - Disable
Secure Socket Tunneling Protocol Service - Disable

We're not finished yet ! See how you get on with that lot first

Give her a reboot. Wow im knackered after all that hehe