A Hacker Or Virus Or Something Else?

I have completed the steps in the Read Me First forum, the logs are attached. We are not sure what is going on with our computers. We first noticed it with my mom's computer, and wondered if it started there. However, hers completely busted today, so now we will never know, I guess. I was going to attach her logs as well, but now I can't get to them.

She was on Publishers Clearing House playing games, when a black box (like the one that drops down when you are awarded tokens or something) dropped down, stating "PCH needs to take control of your pointer." PCH has never done this before. She noticed that her cursor was gone, and she had to hit control-alt-delete before she could regain control. This happened around January 24th, 2021.

We cleared history and cache on all computers, ran scans (avast, spybot, malwarebytes), and nothing showed up. Then a couple days later, I was using my computer, and an Avast box popped up, saying I had to restart my computer because that was the only way to contain the threat it found. I was not provided with the option of not containing the threat. This is what the Avast box said about the threat:

Threat name: IDP.Generic

File Path: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGauge\Package\x64\LenovoBatteryGaugePackage_bk.dll

Process:C:\Windows\System32\rundll32.exe

Detected by: Behavior Sheild

I had Avast contain it, we again did scans on everything, an there was nothing. Then, the next day, I tried to call my sister, and our Ooma voip phone service started acting up. I talked to her for a few seconds, then the phone stated it could not connect, and disconnected us. I called her back, and the phone said something about how I don't have a second line, and need to hang up on the first one. I tried to call her again, and it went through. When I checked my phone logs to see what happened, instead of showing that I dialed her number the second time, it showed a bunch of binary code. I have had this phone service for five years or more, and have never seen anything like this. A few hours later, my Roku reset, reset, reset, reset, reset, reset, by itself. Once in a while, it will have to reset twice, but this is the first time it has done this continually.

We changed our wifi and router passwords, and ran scans on all computers again. Still nothing.

A couple days later, Mom was on Walmart.com, not signed in to her account, just looking around, when a Captcha screen popped up, saying it needs to verify her account. The screen behind the captcha no longer looked like a Walmart screen. The screen was blank, and in the bottom right corner, it said something like "copyright 2020 Walmart inc". A normal Walmart window says, on the bottom left corner, "copyright 2021 Walmart All Rights Reserved." We have been shopping on Walmart.com for ten or more years, and this has never happened. Once in a while, sure we'd get a captcha while checking out, but not while browsing. I browse Walmart.com almost constantly, and this never happens to me. Mom can't be on Walmart for a few seconds before it happens to her, it has caused her to stop going to this website. For her, this started as a captcha drop down box, and then become a full page. Again, the computer that this has been happening on is completely dead now.

Then, just a few days ago, she (on the same now dead computer) was playing a downloaded game, not on a website, and her cursor went away again, though there was no drop down this time stating anything needed to take control of it.

All of this seems like strange coincidences, but we have had and used these same devices for more than a year each, and never have they all acted out at the same time.

Since our scans show nothing, and since it seems like Mom's computer was taken control of by someone else initially, instead of getting a virus, did we get hacked in to? If we did, why didn't changing the wifi password fix the problems? We don't know what is going on, or if it is safe to continue to use my computer. We don't know what to do at this point. Could something be in our modem, our Ooma, or our Roku? Could it be in my computer, even though other than what was caught in my battery it has not been acting up like Mom's was?

Thanks for any help.

 

And another log:

 

What is a pokki infection? How did I pick it up? Did it spread from my mother's computer to mine? Is it affecting our Roku and Ooma?
I will follow your instructions and attach the new log shortly.
Thanks.

 

Also, could this have taken control of my mother's cursor?

 

Hello. I ran AdwCleaner again, and went through the list of things you said to remove. Everything matches up, except in this new scan, there is something that says: File - C:\Windows\Sustem32\Tasks_Migrated\AppExplorer which is also under the pokki section.
Instead of saying "file", everything else you said to get rid of says either "registry key" or "folder". Should I get rid of this one too?

 

Removing all of this will not accidentally get rid of something my computer needs in order to work, right? (I figure you wouldn't tell me to do something like that, but just checking)

 

Okay, I removed the items you listed, and here is the new log.

Could this Pokki infection have made my Roku act up, and my Ooma voip service too? Do you think removing this from my computer will have the problem solved?

I really appreciate your help. I feel like I am drowning in computer hell and I understand none of it. It is so overwhelming. How would I go about becoming a geek like you?

 

Okay, I will. Thank you.
Do you think someone may have hacked into my network? Is there someway for me to tell for sure if someone has done this? Is it safe now to do things like online banking, etc?

 

Thank you so much. I really appreciate your help. I will watch for anything new. This is such a relief.
I am tired of being so stupid about computers, and so overwhelmed whenever there is a problem.
How do I begin learning about all of this stuff?