• Happy holidays, folks! Thanks to each and every one of you for being part of the Tom's Hardware community!

[SOLVED] PC is being hijacked/remotely controlled

Status
Not open for further replies.
Dec 6, 2021
6
0
10
my pc is being hijacked/remotely controlled and I dont know where or which program is doing it, heres a copy/paste of my task manager


Name PID Description Status Group
AarSvc Agent Activation Runtime Stopped AarSvcGroup
AarSvc_76e43 12460 Agent Activation Runtime_76e43 Running AarSvcGroup
AdobeARMservice 4824 Adobe Acrobat Update Service Running
AJRouter AllJoyn Router Service Stopped LocalServiceNetworkRestricted
ALG Application Layer Gateway Service Stopped
AppIDSvc Application Identity Stopped LocalServiceNetworkRestricted
Appinfo 5708 Application Information Running netsvcs
AppReadiness App Readiness Stopped AppReadiness
AppXSvc 18588 AppX Deployment Service (AppXSVC) Running wsappx
aswbIDSAgent 8332 aswbIDSAgent Running
AudioEndpointBuilder 2672 Windows Audio Endpoint Builder Running LocalSystemNetworkRestricted
Audiosrv 2852 Windows Audio Running LocalServiceNetworkRestricted
autotimesvc Cellular Time Stopped autoTimeSvc
avast! Antivirus 3188 Avast Antivirus Running
avast! Firewall Avast Firewall Service Stopped
avast! Tools 3436 Avast Tools Running
AvastWscReporter 1028 AvastWscReporter Running
AxInstSV ActiveX Installer (AxInstSV) Stopped AxInstSVGroup
BcastDVRUserService GameDVR and Broadcast User Service Stopped BcastDVRUserService
BcastDVRUserService_76e43 GameDVR and Broadcast User Service_76e43 Stopped BcastDVRUserService
BDESVC BitLocker Drive Encryption Service Stopped netsvcs
BFE 3760 Base Filtering Engine Running LocalServiceNoNetworkFirewall
BITS Background Intelligent Transfer Service Stopped netsvcs
BluetoothUserService Bluetooth User Support Service Stopped BthAppGroup
BluetoothUserService_76e43 Bluetooth User Support Service_76e43 Stopped BthAppGroup
BrokerInfrastructure 1092 Background Tasks Infrastructure Service Running DcomLaunch
Browser Computer Browser Stopped netsvcs
BTAGService Bluetooth Audio Gateway Service Stopped LocalServiceNetworkRestricted
BthAvctpSvc 12400 AVCTP service Running LocalService
bthserv Bluetooth Support Service Stopped LocalService
camsvc 11372 Capability Access Manager Service Running appmodel
CaptureService CaptureService Stopped LocalService
CaptureService_76e43 CaptureService_76e43 Stopped LocalService
cbdhsvc Clipboard User Service Stopped ClipboardSvcGroup
cbdhsvc_76e43 8040 Clipboard User Service_76e43 Running ClipboardSvcGroup
CDPSvc 7536 Connected Devices Platform Service Running LocalService
CDPUserSvc Connected Devices Platform User Service Stopped UnistackSvcGroup
CDPUserSvc_76e43 6344 Connected Devices Platform User Service_76e43 Running UnistackSvcGroup
CertPropSvc Certificate Propagation Stopped netsvcs
ClipSVC Client License Service (ClipSVC) Stopped wsappx
COMSysApp COM+ System Application Stopped
ConsentUxUserSvc ConsentUX Stopped DevicesFlow
ConsentUxUserSvc_76e43 ConsentUX_76e43 Stopped DevicesFlow
CoreMessagingRegistrar 1836 CoreMessaging Running LocalServiceNoNetwork
cphs 5060 Intel(R) Content Protection HECI Service Running
cplspcon 4588 Intel(R) Content Protection HDCP Service Running
CredentialEnrollmentManagerUserSvc CredentialEnrollmentManagerUserSvc Stopped
CredentialEnrollmentManagerUserSvc_76e43 CredentialEnrollmentManagerUserSvc_76e43 Stopped
CryptSvc 4604 Cryptographic Services Running NetworkService
Dashlane Upgrade Service Dashlane Upgrade Service Stopped
DcomLaunch 1092 DCOM Server Process Launcher Running DcomLaunch
defragsvc Optimize drives Stopped defragsvc
DeviceAssociationBrokerSvc DeviceAssociationBroker Stopped DevicesFlow
DeviceAssociationBrokerSvc_76e43 DeviceAssociationBroker_76e43 Stopped DevicesFlow
DeviceAssociationService 2444 Device Association Service Running LocalSystemNetworkRestricted
DeviceInstall Device Install Service Stopped DcomLaunch
DevicePickerUserSvc DevicePicker Stopped DevicesFlow
DevicePickerUserSvc_76e43 DevicePicker_76e43 Stopped DevicesFlow
DevicesFlowUserSvc DevicesFlow Stopped DevicesFlow
DevicesFlowUserSvc_76e43 DevicesFlow_76e43 Stopped DevicesFlow
DevQueryBroker DevQuery Background Discovery Broker Stopped LocalSystemNetworkRestricted
Dhcp 2352 DHCP Client Running LocalServiceNetworkRestricted
diagnosticshub.standardcollector.service Microsoft (R) Diagnostics Hub Standard Collector Service Stopped
diagsvc Diagnostic Execution Service Stopped diagnostics
DiagTrack 4596 Connected User Experiences and Telemetry Running utcsvc
DispBrokerDesktopSvc 2136 Display Policy Service Running LocalService
DisplayEnhancementService Display Enhancement Service Stopped LocalSystemNetworkRestricted
DmEnrollmentSvc Device Management Enrollment Service Stopped netsvcs
dmwappushservice Device Management Wireless Application Protocol (WAP) Push message Routing Service Stopped netsvcs
Dnscache 2812 DNS Client Running NetworkService
DoSvc 21012 Delivery Optimization Running NetworkService
dot3svc Wired AutoConfig Stopped LocalSystemNetworkRestricted
DPS 4612 Diagnostic Policy Service Running LocalServiceNoNetwork
DsmSvc Device Setup Manager Stopped netsvcs
DsSvc 10396 Data Sharing Service Running LocalSystemNetworkRestricted
DusmSvc 3008 Data Usage Running LocalServiceNetworkRestricted
Eaphost Extensible Authentication Protocol Stopped netsvcs
edgeupdate Microsoft Edge Update Service (edgeupdate) Stopped
edgeupdatem Microsoft Edge Update Service (edgeupdatem) Stopped
EFS 8 Encrypting File System (EFS) Running
embeddedmode Embedded Mode Stopped LocalSystemNetworkRestricted
EntAppSvc Enterprise App Management Service Stopped appmodel
EventLog 1676 Windows Event Log Running LocalServiceNetworkRestricted
EventSystem 740 COM+ Event System Running LocalService
EvtEng 4656 Intel(R) PROSet/Wireless Event Log Running
Fax Fax Stopped
fdPHost Function Discovery Provider Host Stopped LocalService
FDResPub Function Discovery Resource Publication Stopped LocalServiceAndNoImpersonation
fhsvc File History Service Stopped LocalSystemNetworkRestricted
FontCache 2680 Windows Font Cache Service Running LocalService
FontCache3.0.0.0 5600 Windows Presentation Foundation Font Cache 3.0.0.0 Running
FrameServer Windows Camera Frame Server Stopped Camera
GoogleChromeElevationService Google Chrome Elevation Service (GoogleChromeElevationService) Stopped
gpsvc Group Policy Client Stopped netsvcs
GraphicsPerfSvc GraphicsPerfSvc Stopped GraphicsPerfSvcGroup
gupdate Google Update Service (gupdate) Stopped
gupdatem Google Update Service (gupdatem) Stopped
HfcDisableService Intel(R) RST HFC Disable Service Stopped
hidserv 1652 Human Interface Device Service Running LocalSystemNetworkRestricted
HPPrintScanDoctorService HP Print Scan Doctor Service Stopped
HvHost HV Host Service Stopped LocalSystemNetworkRestricted
iaStorAfsService Intel(R) Optane(TM) Memory Service Stopped
IAStorDataMgrSvc 8396 Intel(R) Rapid Storage Technology Running
ibtsiva 4676 Intel Bluetooth Service Running
icssvc Windows Mobile Hotspot Service Stopped LocalServiceNetworkRestricted
igfxCUIService2.0.0.0 2316 Intel(R) HD Graphics Control Panel Service Running
IKEEXT 4472 IKE and AuthIP IPsec Keying Modules Running netsvcs
InstallService 6016 Microsoft Store Install Service Running netsvcs
Intel(R) Capability Licensing Service TCP IP Interface Intel(R) Capability Licensing Service TCP IP Interface Stopped
Intel(R) TPM Provisioning Service Intel(R) TPM Provisioning Service Stopped
iphlpsvc 5140 IP Helper Running NetSvcs
IpxlatCfgSvc IP Translation Configuration Service Stopped LocalSystemNetworkRestricted
jhi_service 5812 Intel(R) Dynamic Application Loader Host Interface Service Running
KeyIso 8 CNG Key Isolation Running
KtmRm KtmRm for Distributed Transaction Coordinator Stopped NetworkServiceAndNoImpersonation
LanmanServer 3940 Server Running netsvcs
LanmanWorkstation 3804 Workstation Running NetworkService
lfsvc 8592 Geolocation Service Running netsvcs
LicenseManager 4264 Windows License Manager Service Running LocalService
lltdsvc Link-Layer Topology Discovery Mapper Stopped LocalService
lmhosts TCP/IP NetBIOS Helper Stopped LocalServiceNetworkRestricted
LMS Intel(R) Management and Security Application Local Management Service Stopped
LmsaWindowsService 4788 Lenovo Smart Windows Service Running
LSM 1260 Local Session Manager Running DcomLaunch
LxpSvc Language Experience Service Stopped netsvcs
MapsBroker Downloaded Maps Manager Stopped NetworkService
MessagingService MessagingService Stopped UnistackSvcGroup
MessagingService_76e43 MessagingService_76e43 Stopped UnistackSvcGroup
MicrosoftEdgeElevationService Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) Stopped
MixedRealityOpenXRSvc Windows Mixed Reality OpenXR Service Stopped LocalSystemNetworkRestricted
MozillaMaintenance Mozilla Maintenance Service Stopped
mpssvc 3760 Windows Defender Firewall Running LocalServiceNoNetworkFirewall
MSDTC Distributed Transaction Coordinator Stopped
MSiSCSI Microsoft iSCSI Initiator Service Stopped netsvcs
msiserver Windows Installer Stopped
MyWiFiDHCPDNS Wireless PAN DHCP Server Stopped
NaturalAuthentication Natural Authentication Stopped netsvcs
NcaSvc Network Connectivity Assistant Stopped NetSvcs
NcbService 1496 Network Connection Broker Running LocalSystemNetworkRestricted
NcdAutoSetup Network Connected Devices Auto-Setup Stopped LocalServiceNoNetwork
Netlogon Netlogon Stopped
Netman 3496 Network Connections Running LocalSystemNetworkRestricted
netprofm 2524 Network List Service Running LocalService
NetSetupSvc 5592 Network Setup Service Running netsvcs
NetTcpPortSharing Net.Tcp Port Sharing Service Stopped
NgcCtnrSvc 4432 Microsoft Passport Container Running LocalServiceNetworkRestricted
NgcSvc 4372 Microsoft Passport Running LocalSystemNetworkRestricted
NlaSvc 2436 Network Location Awareness Running NetworkService
NortonSecurity 4772 Norton Security Running
nsi 2288 Network Store Interface Service Running LocalService
nsWscSvc 4856 Norton WSC Service Running
OneSyncSvc Sync Host Stopped UnistackSvcGroup
OneSyncSvc_76e43 2612 Sync Host_76e43 Running UnistackSvcGroup
p2pimsvc Peer Networking Identity Manager Stopped LocalServicePeerNet
p2psvc Peer Networking Grouping Stopped LocalServicePeerNet
PcaSvc 11208 Program Compatibility Assistant Service Running LocalSystemNetworkRestricted
perceptionsimulation Windows Perception Simulation Service Stopped
PerfHost Performance Counter DLL Host Stopped
PhoneSvc Phone Service Stopped LocalService
PimIndexMaintenanceSvc Contact Data Stopped UnistackSvcGroup
PimIndexMaintenanceSvc_76e43 2612 Contact Data_76e43 Running UnistackSvcGroup
pla Performance Logs & Alerts Stopped LocalServiceNoNetwork
PlugPlay 1092 Plug and Play Running DcomLaunch
PNRPAutoReg PNRP Machine Name Publication Service Stopped LocalServicePeerNet
PNRPsvc Peer Name Resolution Protocol Stopped LocalServicePeerNet
PolicyAgent 4480 IPsec Policy Agent Running NetworkServiceNetworkRestricted
Power 1092 Power Running DcomLaunch
PrintNotify Printer Extensions and Notifications Stopped print
PrintWorkflowUserSvc PrintWorkflow Stopped PrintWorkflow
PrintWorkflowUserSvc_76e43 PrintWorkflow_76e43 Stopped PrintWorkflow
ProfSvc 1488 User Profile Service Running netsvcs
PushToInstall Windows PushToInstall Service Stopped netsvcs
QASvc 9712 Quick Access Service Running
QWAVE Quality Windows Audio Video Experience Stopped LocalServiceAndNoImpersonation
RasAuto Remote Access Auto Connection Manager Stopped netsvcs
RasMan Remote Access Connection Manager Stopped netsvcs
RegSrvc 4844 Intel(R) PROSet/Wireless Registry Service Running
RemoteAccess Routing and Remote Access Stopped netsvcs
RemoteRegistry Remote Registry Stopped localService
RestoroActiveProtection Restoro Active Protection Stopped
RetailDemo Retail Demo Service Stopped rdxgroup
RmSvc 4168 Radio Management Service Running LocalServiceNetworkRestricted
RpcEptMapper 1208 RPC Endpoint Mapper Running RPCSS
RpcLocator Remote Procedure Call (RPC) Locator Stopped
RpcSs 1208 Remote Procedure Call (RPC) Running rpcss
RstMwService 4892 RstMwService Running
RtkAudioUniversalService 4884 Realtek Audio Universal Service Running
SamSs 8 Security Accounts Manager Running
SCardSvr Smart Card Stopped LocalServiceAndNoImpersonation
ScDeviceEnum Smart Card Device Enumeration Service Stopped LocalSystemNetworkRestricted
Schedule 1472 Task Scheduler Running netsvcs
SCPolicySvc Smart Card Removal Policy Stopped netsvcs
SDRSVC Windows Backup Stopped SDRSVC
seclogon Secondary Logon Stopped netsvcs
SecurityHealthService 11184 Windows Security Service Running
SEMgrSvc 1948 Payments and NFC/SE Manager Running LocalService
SENS 2248 System Event Notification Service Running netsvcs
SensorDataService Sensor Data Service Stopped
SensorService Sensor Service Stopped LocalSystemNetworkRestricted
SensrSvc Sensor Monitoring Service Stopped LocalServiceAndNoImpersonation
SessionEnv Remote Desktop Configuration Stopped netsvcs
SgrmBroker 7252 System Guard Runtime Monitor Broker Running
SharedAccess Internet Connection Sharing (ICS) Stopped netsvcs
SharedRealitySvc Spatial Data Service Stopped LocalService
ShellHWDetection 3208 Shell Hardware Detection Running netsvcs
shpamsvc Shared PC Account Manager Stopped netsvcs
smphost Microsoft Storage Spaces SMP Stopped smphost
SmsRouter Microsoft Windows SMS Router Service. Stopped LocalServiceNetworkRestricted
SNMPTRAP SNMP Trap Stopped
spectrum Windows Perception Service Stopped
Spooler 3720 Print Spooler Running
sppsvc Software Protection Stopped
SSDPSRV 4120 SSDP Discovery Running LocalServiceAndNoImpersonation
ssh-agent OpenSSH Authentication Agent Stopped
SstpSvc 4808 Secure Socket Tunneling Protocol Service Running LocalService
StateRepository 2936 State Repository Service Running appmodel
stisvc 4944 Windows Image Acquisition (WIA) Running imgsvc
StorSvc 14216 Storage Service Running LocalSystemNetworkRestricted
svsvc Spot Verifier Stopped LocalSystemNetworkRestricted
swprv Microsoft Software Shadow Copy Provider Stopped swprv
SysMain 472 SysMain Running LocalSystemNetworkRestricted
SystemEventsBroker 1092 System Events Broker Running DcomLaunch
TabletInputService 4872 Touch Keyboard and Handwriting Panel Service Running LocalSystemNetworkRestricted
TapiSrv Telephony Stopped NetworkService
TermService Remote Desktop Services Stopped NetworkService
Themes 1200 Themes Running netsvcs
TieringEngineService Storage Tiers Management Stopped
TimeBrokerSvc 1660 Time Broker Running LocalServiceNetworkRestricted
TokenBroker 7232 Web Account Manager Running netsvcs
TrkWks 4956 Distributed Link Tracking Client Running LocalSystemNetworkRestricted
TroubleshootingSvc Recommended Troubleshooting Service Stopped netsvcs
TrustedInstaller Windows Modules Installer Stopped
tzautoupdate Auto Time Zone Updater Stopped LocalService
UdkUserSvc Udk User Service Stopped UdkSvcGroup
UdkUserSvc_76e43 20964 Udk User Service_76e43 Running UdkSvcGroup
UEIPSvc User Experience Improvement Program Stopped
uhssvc Microsoft Update Health Service Stopped
UmRdpService Remote Desktop Services UserMode Port Redirector Stopped LocalSystemNetworkRestricted
UnistoreSvc User Data Storage Stopped UnistackSvcGroup
UnistoreSvc_76e43 2612 User Data Storage_76e43 Running UnistackSvcGroup
upnphost UPnP Device Host Stopped LocalServiceAndNoImpersonation
UserDataSvc User Data Access Stopped UnistackSvcGroup
UserDataSvc_76e43 2612 User Data Access_76e43 Running UnistackSvcGroup
UserManager 1860 User Manager Running netsvcs
UsoSvc 5624 Update Orchestrator Service Running netsvcs
VacSvc Volumetric Audio Compositor Service Stopped LocalServiceNetworkRestricted
VaultSvc 8 Credential Manager Running
vds Virtual Disk Stopped
vmicguestinterface Hyper-V Guest Service Interface Stopped LocalSystemNetworkRestricted
vmicheartbeat Hyper-V Heartbeat Service Stopped ICService
vmickvpexchange Hyper-V Data Exchange Service Stopped LocalSystemNetworkRestricted
vmicrdv Hyper-V Remote Desktop Virtualization Service Stopped ICService
vmicshutdown Hyper-V Guest Shutdown Service Stopped LocalSystemNetworkRestricted
vmictimesync Hyper-V Time Synchronization Service Stopped LocalServiceNetworkRestricted
vmicvmsession Hyper-V PowerShell Direct Service Stopped LocalSystemNetworkRestricted
vmicvss Hyper-V Volume Shadow Copy Requestor Stopped LocalSystemNetworkRestricted
VSS Volume Shadow Copy Stopped
W32Time Windows Time Stopped LocalService
WaaSMedicSvc Windows Update Medic Service Stopped wusvcs
WalletService WalletService Stopped appmodel
WarpJITSvc WarpJITSvc Stopped LocalServiceNetworkRestricted
wbengine Block Level Backup Engine Service Stopped
WbioSrvc 1668 Windows Biometric Service Running WbioSvcGroup
Wcmsvc 3016 Windows Connection Manager Running LocalServiceNetworkRestricted
wcncsvc 14892 Windows Connect Now - Config Registrar Running LocalServiceAndNoImpersonation
WdiServiceHost 5468 Diagnostic Service Host Running LocalService
WdiSystemHost 7132 Diagnostic System Host Running LocalSystemNetworkRestricted
WdNisSvc Microsoft Defender Antivirus Network Inspection Service Stopped
WebClient WebClient Stopped LocalService
Wecsvc Windows Event Collector Stopped NetworkService
WEPHOSTSVC Windows Encryption Provider Host Service Stopped WepHostSvcGroup
wercplsupport Problem Reports Control Panel Support Stopped netsvcs
WerSvc Windows Error Reporting Service Stopped WerSvcGroup
WFDSConMgrSvc Wi-Fi Direct Services Connection Manager Service Stopped LocalServiceNetworkRestricted
WiaRpc Still Image Acquisition Events Stopped LocalSystemNetworkRestricted
WinDefend Microsoft Defender Antivirus Service Stopped
WinHttpAutoProxySvc 2728 WinHTTP Web Proxy Auto-Discovery Service Running LocalServiceNetworkRestricted
Winmgmt 4724 Windows Management Instrumentation Running netsvcs
WinRM Windows Remote Management (WS-Management) Stopped NetworkService
wisvc Windows Insider Service Stopped netsvcs
WlanSvc 3096 WLAN AutoConfig Running LocalSystemNetworkRestricted
wlidsvc 18268 Microsoft Account Sign-in Assistant Running netsvcs
wlpasvc Local Profile Assistant Service Stopped LocalServiceNetworkRestricted
WManSvc Windows Management Service Stopped netsvcs
wmiApSrv WMI Performance Adapter Stopped
WMPNetworkSvc Windows Media Player Network Sharing Service Stopped
workfolderssvc Work Folders Stopped LocalService
WpcMonSvc Parental Controls Stopped LocalService
WPDBusEnum Portable Device Enumerator Service Stopped LocalSystemNetworkRestricted
WpnService 4968 Windows Push Notifications System Service Running netsvcs
WpnUserService Windows Push Notifications User Service Stopped UnistackSvcGroup
WpnUserService_76e43 6712 Windows Push Notifications User Service_76e43 Running UnistackSvcGroup
wscsvc 5300 Security Center Running LocalServiceNetworkRestricted
WSearch 9144 Windows Search Running
wuauserv 5804 Windows Update Running netsvcs
WwanSvc WWAN AutoConfig Stopped LocalSystemNetworkRestricted
XblAuthManager Xbox Live Auth Manager Stopped netsvcs
XblGameSave Xbox Live Game Save Stopped netsvcs
XboxGipSvc Xbox Accessory Management Service Stopped netsvcs
XboxNetApiSvc Xbox Live Networking Service Stopped netsvcs
ZeroConfigService 5052 Intel(R) PROSet/Wireless Zero Configuration Service Running
 
Solution
That won't work on C drive, can't use windows to wipe itself, system won't allow it.

Unplug from internet.
Boot the pc but while windows loads, turn it off. Do this 3x. That'll put you into the repair screen. Choose repair, command prompt.
Type diskpart
Type list disk
Look for the disk number of the C drive, it'll be the biggest one usually unless you have partitioned the entire ssd into seperate drives
Type select disk # (whichever the number is, most likely it's 1)
Type clean
Type convert gpt (if it's not already listed as a gpt drive)

That'll wipe the drive. If you are nervous about anything remaining, you can use 'clean all' instead of 'clean' command but realize that writes over the entire drive totally destroying everything any...
That won't work on C drive, can't use windows to wipe itself, system won't allow it.

Unplug from internet.
Boot the pc but while windows loads, turn it off. Do this 3x. That'll put you into the repair screen. Choose repair, command prompt.
Type diskpart
Type list disk
Look for the disk number of the C drive, it'll be the biggest one usually unless you have partitioned the entire ssd into seperate drives
Type select disk # (whichever the number is, most likely it's 1)
Type clean
Type convert gpt (if it's not already listed as a gpt drive)

That'll wipe the drive. If you are nervous about anything remaining, you can use 'clean all' instead of 'clean' command but realize that writes over the entire drive totally destroying everything any anything. Any installation after 'clean' will start overwriting prior inaccessible data anyways, so 'clean all' is of little use to you if reusing the drive.

Then insert USB media and reboot. You'll be starting windows install from a basically brand new, clean ssd.

Windows default is zero remote access, get it up and running first, before plugging the internet back in. Only after windows is done will you go back to Microsoft account and reapply the registration and any updates.

You might also consider accessing your router Admin page and changing the password.
 
Last edited:
Solution
Status
Not open for further replies.