PC connection issue
knpx
Posted messages
8
Status
Member
-
MisteryBean Posted messages 8948 Registration date Status Moderator Last intervention -
MisteryBean Posted messages 8948 Registration date Status Moderator Last intervention -
Hello, I have a problem with my computer. Pages are opening by themselves and words are appearing in the search bar that I didn't type. Can you tell me if this is normal?
When I run netstat, I get this result:
Proto Local Address Remote Address State
TCP 127.0.0.1:65234 choice:65235 ESTABLISHED
TCP 127.0.0.1:65235 choice:65234 ESTABLISHED
TCP 127.0.0.1:65236 choice:65237 ESTABLISHED
TCP 127.0.0.1:65237 choice:65236 ESTABLISHED
TCP 127.0.0.1:65241 choice:65242 ESTABLISHED
TCP 127.0.0.1:65242 choice:65241 ESTABLISHED
TCP 127.0.0.1:65253 choice:65254 ESTABLISHED
TCP 127.0.0.1:65254 choice:65253 ESTABLISHED
TCP 127.0.0.1:65260 choice:65261 ESTABLISHED
TCP 127.0.0.1:65261 choice:65260 ESTABLISHED
TCP 127.0.0.1:65262 choice:65263 ESTABLISHED
TCP 127.0.0.1:65263 choice:65262 ESTABLISHED
TCP 127.0.0.1:65264 choice:65265 ESTABLISHED
TCP 127.0.0.1:65265 choice:65264 ESTABLISHED
TCP 127.0.0.1:65271 choice:65272 ESTABLISHED
TCP 127.0.0.1:65272 choice:65271 ESTABLISHED
TCP 127.0.0.1:65279 choice:27300 SYN_SENT
TCP 192.168.0.163:50712 ec2-35-174-127-31:https TIME_WAIT
TCP 192.168.0.163:65110 102:https TIME_WAIT
TCP 192.168.0.163:65147 239:https TIME_WAIT
TCP 192.168.0.163:65202 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65208 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65216 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65220 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65222 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65223 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65225 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65226 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65227 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65228 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65243 239:https ESTABLISHED
TCP 192.168.0.163:65244 82:http ESTABLISHED
TCP 192.168.0.163:65246 server-143-204-224-41:https ESTABLISHED
TCP 192.168.0.163:65249 server-143-204-224-41:https ESTABLISHED
TCP 192.168.0.163:65257 ec2-54-171-175-127:https ESTABLISHED
TCP 192.168.0.163:65267 102:https ESTABLISHED
TCP 192.168.0.163:65268 102:https ESTABLISHED
TCP [my ip]:61920 [2606:4700:10::6816:1ee8]:https TIME_WAIT
TCP [my ip]:65111 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65113 par21s03-in-x0e:https TIME_WAIT
TCP [my ip]:65114 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65115 par21s20-in-x02:https TIME_WAIT
TCP [my ip]:65119 par21s20-in-x02:https TIME_WAIT
TCP [my ip]:65125 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65126 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65128 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65200 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65203 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65206 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65210 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65211 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65212 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65214 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65239 [2600:1901:0:38d7::]:http ESTABLISHED
TCP [my ip]:65245 [2600:1901:0:38d7::]:http ESTABLISHED
TCP [my ip]:65247 [2600:9000:218c:6a00:a:da5e:7900:93a1]:https ESTABLISHED
TCP [my ip]:65252 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65256 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65258 g2a02-26f0-1b00-0000-0000-0000-5c7b-ed82:http ESTABLISHED
TCP [my ip]:65269 par10s21-in-x03:http ESTABLISHED
TCP [ip]:65274 g2a02-26f0-00e3-0397-0000-0000-0000-1b01:http ESTABLISHED
TCP [my ip]:65276 g2a02-26f0-1b00-0000-0000-0000-5c7b-ed82:http ESTABLISHED
TCP [my ip]:65278 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65292 par21s23-in-x0a:https TIME_WAIT
TCP [my ip]:65295 par10s21-in-x08:https ESTABLISHED
TCP [my ip]:65296 par10s41-in-x0a:https TIME_WAIT
TCP [my ip]:65299 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65300 par21s23-in-x0a:https ESTABLISHED
TCP [my ip]:65303 par21s11-in-x03:https ESTABLISHED
When I run netstat, I get this result:
Proto Local Address Remote Address State
TCP 127.0.0.1:65234 choice:65235 ESTABLISHED
TCP 127.0.0.1:65235 choice:65234 ESTABLISHED
TCP 127.0.0.1:65236 choice:65237 ESTABLISHED
TCP 127.0.0.1:65237 choice:65236 ESTABLISHED
TCP 127.0.0.1:65241 choice:65242 ESTABLISHED
TCP 127.0.0.1:65242 choice:65241 ESTABLISHED
TCP 127.0.0.1:65253 choice:65254 ESTABLISHED
TCP 127.0.0.1:65254 choice:65253 ESTABLISHED
TCP 127.0.0.1:65260 choice:65261 ESTABLISHED
TCP 127.0.0.1:65261 choice:65260 ESTABLISHED
TCP 127.0.0.1:65262 choice:65263 ESTABLISHED
TCP 127.0.0.1:65263 choice:65262 ESTABLISHED
TCP 127.0.0.1:65264 choice:65265 ESTABLISHED
TCP 127.0.0.1:65265 choice:65264 ESTABLISHED
TCP 127.0.0.1:65271 choice:65272 ESTABLISHED
TCP 127.0.0.1:65272 choice:65271 ESTABLISHED
TCP 127.0.0.1:65279 choice:27300 SYN_SENT
TCP 192.168.0.163:50712 ec2-35-174-127-31:https TIME_WAIT
TCP 192.168.0.163:65110 102:https TIME_WAIT
TCP 192.168.0.163:65147 239:https TIME_WAIT
TCP 192.168.0.163:65202 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65208 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65216 93.184.220.29:http ESTABLISHED
TCP 192.168.0.163:65220 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65222 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65223 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65225 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65226 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65227 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65228 SEC84251910D55D:8018 TIME_WAIT
TCP 192.168.0.163:65243 239:https ESTABLISHED
TCP 192.168.0.163:65244 82:http ESTABLISHED
TCP 192.168.0.163:65246 server-143-204-224-41:https ESTABLISHED
TCP 192.168.0.163:65249 server-143-204-224-41:https ESTABLISHED
TCP 192.168.0.163:65257 ec2-54-171-175-127:https ESTABLISHED
TCP 192.168.0.163:65267 102:https ESTABLISHED
TCP 192.168.0.163:65268 102:https ESTABLISHED
TCP [my ip]:61920 [2606:4700:10::6816:1ee8]:https TIME_WAIT
TCP [my ip]:65111 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65113 par21s03-in-x0e:https TIME_WAIT
TCP [my ip]:65114 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65115 par21s20-in-x02:https TIME_WAIT
TCP [my ip]:65119 par21s20-in-x02:https TIME_WAIT
TCP [my ip]:65125 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65126 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65128 par10s21-in-x03:http TIME_WAIT
TCP [my ip]:65200 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65203 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65206 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65210 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65211 g2a02-26f0-1b00-02b4-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65212 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65214 g2a02-26f0-1b00-0291-0000-0000-0000-201a:http TIME_WAIT
TCP [my ip]:65239 [2600:1901:0:38d7::]:http ESTABLISHED
TCP [my ip]:65245 [2600:1901:0:38d7::]:http ESTABLISHED
TCP [my ip]:65247 [2600:9000:218c:6a00:a:da5e:7900:93a1]:https ESTABLISHED
TCP [my ip]:65252 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65256 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65258 g2a02-26f0-1b00-0000-0000-0000-5c7b-ed82:http ESTABLISHED
TCP [my ip]:65269 par10s21-in-x03:http ESTABLISHED
TCP [ip]:65274 g2a02-26f0-00e3-0397-0000-0000-0000-1b01:http ESTABLISHED
TCP [my ip]:65276 g2a02-26f0-1b00-0000-0000-0000-5c7b-ed82:http ESTABLISHED
TCP [my ip]:65278 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65292 par21s23-in-x0a:https TIME_WAIT
TCP [my ip]:65295 par10s21-in-x08:https ESTABLISHED
TCP [my ip]:65296 par10s41-in-x0a:https TIME_WAIT
TCP [my ip]:65299 par10s21-in-x03:http ESTABLISHED
TCP [my ip]:65300 par21s23-in-x0a:https ESTABLISHED
TCP [my ip]:65303 par21s11-in-x03:https ESTABLISHED
7 answers
Hello,
We will start with a PC diagnosis:
Read the entire procedure before posting the reports
The expected reports are FRST.txt and Addition.txt
All reports must be hosted on https://security-x.fr/up/ and you need to provide the obtained links in your response
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More Info then Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to know which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to prompt the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> Under Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait until it says The tool is ready to run
--> On the main menu, click on Scan and wait for the scan to finish
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
We will start with a PC diagnosis:
Read the entire procedure before posting the reports
Do not post them directly in the messages as they are unreadable and incomplete
The expected reports are FRST.txt and Addition.txt All reports must be hosted on https://security-x.fr/up/ and you need to provide the obtained links in your response
---------------------------------------------------------------------------------------------
--> The SmartScreen filter may trigger an alert. Click on Actions or More Info then Run anyway
---------------------------------------------------------------------------------------------
--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop
--> For a 32-bit system
--> For a 64-bit system
How to know which version 32-bit or 64-bit is running on my system?
--> Wait for your browser to prompt the download to save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> Under Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait until it says The tool is ready to run
--> On the main menu, click on Scan and wait for the scan to finish
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs
--
Security contributor.
I followed the procedure as stated, and once the analysis was finished, it prompted me again. I let it reanalyze, and I got this result:
first analysis
https://up.security-x.fr/file.php?h=R8c9b964c40794d05605f752cc6f496ea
https://up.security-x.fr/file.php?h=R850a3585e984651a02854d083767e4ef
2nd analysis
https://up.security-x.fr/file.php?h=R7638ef7dbe33e0048b3dcd171d85e457
https://up.security-x.fr/file.php?h=Rfdb9dca5e8d18f58976529d707a83ea9
first analysis
https://up.security-x.fr/file.php?h=R8c9b964c40794d05605f752cc6f496ea
https://up.security-x.fr/file.php?h=R850a3585e984651a02854d083767e4ef
2nd analysis
https://up.security-x.fr/file.php?h=R7638ef7dbe33e0048b3dcd171d85e457
https://up.security-x.fr/file.php?h=Rfdb9dca5e8d18f58976529d707a83ea9
RE_
Uninstall:
=> Web companion
Uninstall or update:
=> VLC media player
-----------------
----------------------------------------------------
-----------------------------------------------------------------------------------
Your Windows is not up to date at all (2016 version), is that normal?
Moreover, how come you have an LTSB version?
-----------------
----------------------------------------------------
-----------------------------------------------------------------------------------
--> Copy what is here: https://textup.fr/616741zE from start:: to end:: (without pasting it anywhere)
--> Open FRST (or FRST64) as administrator and click on Fix
If FRST seems to freeze or is unresponsive, let it run
--> The PC will restart
--> A fixlog file is created in the same location as FRST, post it like the other reports
--> The fix will clean the firewall, the programs you will run afterward will request access on the first launch
Uninstall:
=> Web companion
Uninstall or update:
=> VLC media player
-----------------
----------------------------------------------------
-----------------------------------------------------------------------------------
Your Windows is not up to date at all (2016 version), is that normal?
Moreover, how come you have an LTSB version?
-----------------
----------------------------------------------------
-----------------------------------------------------------------------------------
--> Copy what is here: https://textup.fr/616741zE from start:: to end:: (without pasting it anywhere)
--> Open FRST (or FRST64) as administrator and click on Fix
If FRST seems to freeze or is unresponsive, let it run
--> The PC will restart
--> A fixlog file is created in the same location as FRST, post it like the other reports
--> The fix will clean the firewall, the programs you will run afterward will request access on the first launch
Sure, thank you. I will do it when I get home. For Windows, I installed Windows 10 Arium and bought an activation key online, but what I can't understand is how I can have words typed automatically in the search bar and the cursor moving by itself.
You have an unofficial modified version, so in terms of security, it's not great.
You have a 2016 version, less up-to-date, therefore, security vulnerabilities not patched.
You have quite a few open ports, which is why I reset the firewall.
As for the browser and the mouse, we will see after the patch is applied.
--
Security contributor.
You have a 2016 version, less up-to-date, therefore, security vulnerabilities not patched.
You have quite a few open ports, which is why I reset the firewall.
As for the browser and the mouse, we will see after the patch is applied.
--
Security contributor.
<translation>D'accord, would you recommend that I reinstall a new Windows for more security? Could I reinstall Windows and configure the firewall with the file you sent me or run a new scan to fix the open ports?</translation>
RE_
For the ports, it's not a setting, it's a firewall reset to restore it to default.
The programs you run afterwards will request access on the first launch.
As for Windows, it all depends on why you wanted to install that version?
Unless you can upgrade to a newer version, (The latest version is Windows 10.61 Arium, which is based on Windows 10 1809 LTSC), you may need to consider a traditional family or pro version depending on your key.
The fix will help clean up obsolete files from your PC and reset the firewall.
--
Security Contributor.
For the ports, it's not a setting, it's a firewall reset to restore it to default.
The programs you run afterwards will request access on the first launch.
As for Windows, it all depends on why you wanted to install that version?
Unless you can upgrade to a newer version, (The latest version is Windows 10.61 Arium, which is based on Windows 10 1809 LTSC), you may need to consider a traditional family or pro version depending on your key.
The fix will help clean up obsolete files from your PC and reset the firewall.
--
Security Contributor.