PC is being remotely accessed, Event Viewer logs

Torrey -

While you have me here to help why don't you back up your files to quarantine and wipe the drive to do a gold standard Clean Install which compiles the best possible Install of Windows which will stay that way as long as you stick with the tools and methods given, has zero reported problems, and is better than any amount of money could buy: http://answers.microsoft.com/en-us/windows/wiki.... Read over it first, take notes, ask back any questions so you're prepared.

To create bootable Windows 10 Installation Media (on another PC if necessary) install Media Creation tool and follow the steps toward the bottom of the download page here in the section "Using the tool to create installation media:"

https://www.microsoft.com/en-US/software-downlo...

Insert media, boot it by powering up PC while pressing the BIOS Boot Menu Key for your PC maker given in this chart: https://www.sysnative.com/forums/hardware-tutor...

If the media won't boot you may need to enter BIOS/UEFI Setup (pressing key given in chart in link above) to turn off Fast Boot or Fast Startup first.

Choose the boot device as a UEFI device if offered, then on second screen choose Install Now, then Custom Install, then at the drive selection screen delete all partitions down to Unallocated Space to get it cleanest, select the Unallocated Space, click Next to let it create and format the needed partitions and start install - this makes it foolproof.

During the account setup phase you can disconnect from the internet to force it to let you create a Local Account to leave your MS account off for now. If you need OneDrive or another feature you can sign into it individually so that Windows is not as easily hacked.

I would use two factor authentication to sign into Windows and your financial accounts: https://www.windowscentral.com/how-set-two-step.... Follow all of the other steps in the guides I gave you in my first post.

You will get and keep the best possible install to the exact extent you stick with the steps, tools and methods in the linked tutorial. It's a great learning experience that will make you the master of your PC because you will learn everything that works best and how to apply it with your own hands.

Feel free to ask back any questions. Report back results for more steps if necessary.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

Hi Torrey. I'm Greg, 10 years awarded Windows MVP, specializing in Installation, Performance, Troubleshooting and Activation, here to help you.

No need to worry about the Events shown, they are routine attempt to connect to internet, which sometimes fails and has to try again and is logged. If you didn't notice an interruption in your internet service, it's a negligible error, like 90% of the errors in Event Viewer - which are really only useful if you have actual performance problems and need to use it to troubleshoot them.

What makes you think you're being hacked? Here are the best guides to read up on how to know if you're being hacked, prevent it or react:

https://preyproject.com/blog/en/have-i-been-hac...

https://www.windowscentral.com/signs-pc-hacked

https://www.csoonline.com/article/2457873/signs...

Let's go over the PC to make sure it's not infected with malware or spyware, has unwanted remote connection apps or browser extensions:

To check most thoroughly for infection and any resulting System damage, Download, install and run a full scan with the most powerful on-demand free scanner Malwarebytes:

https://www.malwarebytes.com/mwb-download/ Make sure to only choose the Free version.

In the Malwarebytes Settings (gear icon) > Security tab set it to include scanning for Rootkits.

If necessary run it in Safe Mode with Networking (to have internet), or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf.... These require a password and not PIN to access.

Clean up anything found, restart PC and then run again until it comes up clean.

Then download, install and run a full scan with AdwCleaner:

http://www.bleepingcomputer.com/download/adwcle...

Remove whatever it finds.

Check for anything found but is still left over in Settings > Apps > Apps & Features, and C:\Program Files and C:\Program Files(86) to uninstall or delete them. I can guide you how to do this if there are problems.

Also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://www.computerhope.com/issues/ch001411.htm

to disable anything you didn't add yourself and are sure you need. Ask back if in doubt.

Then check for damaged System files by running System File Checker and DISM from Step 10 in this checklist:

https://answers.microsoft.com/en-us/windows/for...

If completing all of Step 10 in above Checklist doesn't fix it then run a Repair Install which reinstalls WIndows while keeping your files, programs and most settings in place, by installing the Media Creation Tool from this link: https://www.microsoft.com/en-US/software-downlo..., open the tool and choose Upgrade This PC Now. This will solve most problems and also bring it up to the latest version which you need anyway and by the most stable method.

If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version using the slider buttons on it's front panel. I recommend it as the #1 tool for your toolbox. For best WIndows performance, use built-in Defender which gives adequate real-time protection.

Feel free to ask back any questions. Report back results for more steps if necessary.

______________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

Remote Desktop Services: Session logon succeeded:

User: DESKTOP-3H16OGA\TorreyDesktop

Session ID: 2

Source Network Address: LOCAL

Event ID:21

Remote Assistance started with:        as the command line parameters.

Microsoft-Windows-RemoteAssistance/Operationa

logged: 4/2/2022 1:20:30 PM

source: RemoteAssistance

EventID: 13

Level: Verbose

User: DESKTOP-3H16OGA\TorreyDesktop Computer:DESKTOP-3H16OGA

This I'm sure is proof as I don't have any remote access that I allowed, but the User: DESKTOP-3H16OGA\TorreyDesktop is my pc.

Ill start with malwarebytes scan then AdwCleaner

Ok I ran malwarebytes and it detected 1rootkit and deleted it.

I cant access my task manager or event veiwer anymore, I cant even save a screenshot to my picture folder, Im sure they saw me doing this and messed a bunch of stuff up, and yea I also had my net connection turned off and on numerous times recently. The AdWCleaner wont run either.

Network Error

Winindows cannot access

C:/Windows/System32/eventvwr.msc

and when I click on diagnose I get

An error occurred while troubleshooting

A Problem is preventing the troubleshooter from starting

Under Settings there were a few Xbox apps that i didnt install

Xbox Game Bar

Xbox Networking

Connection status

Internet connection: Connected

Xbox live services Up and Running

I also ran netstat -a

theres like 50 TCP addresses LISTENING and about 25 ESTABLISHED, I didnt wanna post here cuz the addresses.

I dont know what to to now, I really wanted to backup event veiwer logs atleast then prolly a fresh install of windows. I really wana find a way to getto and backup those event viewer logs.

You can disable Windows 10 remote assistance here:

https://www.windowscentral.com/how-disable-remo...

Keep me posted on your progress as I will be here to help until the case is resolved.