Windows 10 possible hijacked machine??

  • Thread starter Thread starter Peter_bisnot_Linklater
  • Start date Start date
P

Peter_bisnot_Linklater

Guest
HI there


I´ve noticed a change in the way my machine behaves. It´s slower. My internet is slower. My ipconfig shows that my dns points to a hardware address. My boot has changed and I no longer have options for safe mode ect. The setup address for all my drivers points to %systemroot% or an example like this: c:\windows\system32\drivers\athrx.sys (9.0.0.125, 2.10 MB (2,203,136 bytes), 2014-07-14 7:07 PM).


My system bios is also affected. When I run BCDEdit here is what I get.

identifier {83d03ae3-4ac8-11e6-b07f-fb02274cd0b3}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {83d03ae5-4ac8-11e6-b07f-fb02274cd0b3}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {a705a466-4301-11e5-95b9-e9910a0b9218}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {11b181ea-4302-11e5-95b9-e9910a0b9218}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {b8a32394-7657-11e5-9b5f-b7932b9f24e9}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {47d9bf75-7658-11e5-9b5f-b7932b9f24e9}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {bdce8719-4882-11e6-ac71-820ac24dd0af}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {bdce871b-4882-11e6-ac71-820ac24dd0af}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {d7ad7291-4e2e-11e6-9e71-8db2a3dbc5c8}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {ee43de83-4e2e-11e6-9e71-8db2a3dbc5c8}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {fc96a87b-1d6f-11e6-b5fa-fabec5f17320}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {fc96a87d-1d6f-11e6-b5fa-fabec5f17320}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {080dfd06-4aa2-11e6-8f9f-ca02299ff977}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {11b181eb-4302-11e5-95b9-e9910a0b9218}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {47d9bf76-7658-11e5-9b5f-b7932b9f24e9}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {51c63dc4-76ae-11e5-82c5-00262da5348c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {52d6685a-1db9-11e6-b4a7-819027453818}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {5a2a7c1e-48c3-11e6-b3d2-f48990d6add1}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {7f8b042d-5f8d-11e4-923c-c302788467e3}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {7f8b042e-5f8d-11e4-923c-c302788467e3}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {83d03ae6-4ac8-11e6-b07f-fb02274cd0b3}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {a9b8aeef-7601-11e5-82c0-00262da5348c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {b94de4a1-5b41-11e5-9d6a-97d07443349a}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {b95e5a2e-4a92-11e6-9bcd-00262da5348c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {bb144c48-626e-11e4-8e30-8fd8aa94c43f}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {bcca0852-42ab-11e5-8274-00262da5348c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {bdce871c-4882-11e6-ac71-820ac24dd0af}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {c7cf4cd3-48b8-11e6-9bc8-c7408dfc177c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {df8cb584-4e24-11e6-9bcf-0017c4f8bfcb}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {ee43de84-4e2e-11e6-9e71-8db2a3dbc5c8}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {f355445a-7705-11e5-9e72-dc1b162ba371}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {fc96a87e-1d6f-11e6-b5fa-fabec5f17320}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {fc96a87f-1d6f-11e6-b5fa-fabec5f17320}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {ff5ca51e-5ae8-11e5-82a0-00262da5348c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi


When I run IPConfig here is what I get:

Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Nobody
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : telus

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-2D-A5-34-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : telus
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-17-C4-F8-BF-CB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4d67:a591:87b1:425f%5(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : July 19, 2016 11:06:58 PM
Lease Expires . . . . . . . . . . : July 20, 2016 11:06:57 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 67114948
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-20-AA-D4-00-26-2D-A5-34-8C

DNS Servers . . . . . . . . . . . : 192.168.1.254
75.153.171.122
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.telus:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : telus
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:2454:a30:71c4:afeb(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::2454:a30:71c4:afeb%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 234881024
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-20-AA-D4-00-26-2D-A5-34-8C

NetBIOS over Tcpip. . . . . . . . : Disabled

My boot points to device partition=\Device\HarddiskVolume1

I´m worried that my machine has been hijacked. I´ve never run Windows RT and my AMD graphics card seems to be virtualized.

I´m no computer expert and could use any help you have to offer. If you need other system files just let me know.


Thanks for your help

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
window 10 cannot find 'Virtual Machine Platform' and 'Windows Hypervisor Platform' in 'turn windows features on or off'.
Replies
0
Views
10
alberto041
A
T
winre.wim file keeps disappearing even after copying it to Recovery partition or to System32/Recovery
Replies
0
Views
24
The Explorer Guy
T
B
Strange Drive Partitions Are Not Allowing The Installation of Software
Replies
0
Views
37
BradWigger
B
A
window 10 cannot find 'Virtual Machine Platform' and 'Windows Hypervisor Platform' in 'turn windows features on or off'.
Replies
0
Views
12
alberto041
A
P
Cannot boot from fresh install SSD
Replies
0
Views
3
puttimeth suppawawisit
P
Back
Top