Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Same infection pattern over 3 devices. Can't install any anti virus anymore

  • Please log in to reply
No replies to this topic

#1 Xv1700


  • Members
  • 2 posts

Posted Today, 02:36 AM

Hi guys,


first of all I would like to say that you guys have a great forum and since my problem occurred your website was my go to site to research and apply different steps into my issue but I was pretty much unsuccessful. 


I am trying to explain in detail what my own steps are and what I have found and concluded out of this. I am not an expert in IT security so things that seem suspicious to me, could be normal. So I apologize for that upfront. Hopefully we can analyze together what is happening to my system. 


My system: 

Windows 10 home 64x build 17134.345 1803

AMD 8350 FX 8 Core processor

Gigabyte 990FX UD3 Bios update to F3

12G Ram

Nvidia GTX 970 driver 416


AntiVirus software:

Bitdefender Total Security 2019 Full version

Hitmen Pro Alert 3.7.9 Full Version

Adguard Free Trial


Additionally: CCleaner premium Trial


Internet Connection:

Xfinity Extreme 250

Technicolor XB6 gateway/router+modem


My Desktop PC is connected via ethernet cable to the XB6

Laptops and all other devices like the kids phones ect are connected via Wifi 2.4 - 5GHz


My Chromecast Ultra is connected via ethernet cable to the XB6


Firewall Settings within the Router XB6 are set to MAX inbound and outbound 




Here is my routine when I install a fresh new Windows 10 on one of my devices:


Download Media Creation tool from microsoft


Format, download and install WIN 10 on new USB flash drive


Return to Bios - Change Boot Device - Start from USB


Format and Wipe the whole drive until there is no partition left


Install windows 10, refuse to connect to the internet, return back to desktop.


(At this point I am leaving the internet disconnected until I have all drivers, software ect installed.)


On first initial boot, installing Bitdefender, hitmenpro alert and adguard from second USB flash drive.


Opening "Apps and features" and uninstalling all bloatware that came with the installation, like candy crush, outdated NVidia drivers 386.92, outdated realtek audio drivers and 4 or 5 Xbox Live apps, office 365 trial, onenote and adobe flash player 32 bit are being deleted as well.


Installing new driver (That i loaded from the manufactures website into my second usb flash drive) like motherboard, audio, LAN/WAN adapter, Nvidia Display Drivers 416. 


Turning all default privacy settings off under settings > privacy


Changing location settings to off and everything else that could compromise privacy in the privacy settings.


Opening search > Update > checking windows updates status, obviously off because no internet connection yet.


Ok so at this point everything goes smooth. The PC is quiet and I have absolutely no issues with anything so far.




My issue:


Every time I connect to the internet after the above mentioned steps and run windows 10 updates, weird things starting to happen to my computer.  


As long as I don't connect to the internet everything is fine, but every time, after approx. 30 minutes to 1 hour of being connected to the internet, my


-bitdefender stops its full scan (the scan window stays open and the timer keeps running but the percentage number stops and the scanned files stop too)


-it also stops updating with an internal error message from bitdefender 1002 couldnt update bitdefender.,


-bitdefender settings are being turned off (I set all bitdefender settings to on, for example, real time protection, scan archives, firewall settings ect)

but something turns them off when things starting to go south.


- at some point bitdefender doesnt react anymore and I get the windows notification to close the program or wait it out


-I get mesages from windows defender telling me that some files tried to make changes to the memory and SAM host files? (I forgot to make a note of that I apologize.)  


- I am losing admin rights and it seems like certificates and registry are being changed.


-CPU usage is through the roof approx 80-100% usage.


Ccleaner shows me 2 strange context startup commands by powershell to the Directory and Drive: "Powershell.exe -noexit -command -set -location \path "%V". When I try to remove them I get a notofication saying "Access Denied" 


- under Local C\hidden recycle bin\ there is 2 folders named S-1-5-18 and S-1-5-21-1659294763-XXXXXX


- there is a desktop.ini in almost every single folder on my harddrive C: and 2 desktop.inis on my desktop


- I am gettting following error message "the service cannot be started, either because it is disabled or because it has no enabled devices associated with it."

for following programs/apps:


Windows Logs

Control Panel

Task Manager

Event Log

Device Manager

REmote Settings

System Protection

Firewall Settings

ADvanced System Settings


also, every single app i try to start gets the same message. can't open Ccleaner, any anti virus ect..


The only way for me to access these things is in Safe Mode.


Under safe mode i noticed following:


Device Manager shows a new network adapter called Microsoft Kernel debug Network Controller PND device ID ROOT\KDNIC\0000


New "WINPK" filter in ethernet adapter properties.


Ccleaner shows me "INVALID FIREWALL RULES"


Collab P2p Host IN 

Collab P2P host OUT

Collab P2P host WSD IN UDP 

Collab P2P Host WSD OUT UDP







Both located in systemroot\ehome\eshell.exe





Both located in ehome\mcx2prov.exe and mcrmgr.exe


under user\gdrwi\appdata\local\temp\rawsfx1\installer.exe and rawsfx2 \ installer.exe


I tried to open C:\Users\gdrwi>sfc /scannow

"You must be an administrator running a console session in order to
use the sfc utility."
When I try to open it as administrator i get following message
C:\user\gdrwi\appdata\local\microsoft\windows\winX\group3\01 - command prompt.ink
"this file does not have an app associated with performing this action. pleaseinstall an app or,if one is already installed create an association default apps settings page"
All the uninstalled bloatware apps that I had removed in the very beginning are back like candy crush, xbox live apps and other nonsense.
Under SAFE mode with networking i performed following: (things i learned in this forum)
(I noticed under safe mode my windows build version changed to 180410 1804)
I ran Farbar scanner, attached in the files
i ran all other scanners like malwarebytes, malwarebytes adware, hitmenpro alert, and uploaded the logs for you. 
I tried to upload the windows event viewer logs with a lot of critical error messages but it says i am not permitted to upload these kinds of files.
at this point i am going to leave my PC the way it is and will wait until someone gets back to me and looks into this. 
also this exact same pattern of issues happens if i try to install windows 10 freshly with the same routine mentioned above on my laptop or my wifes laptop.
thank you

Attached Files

Edited by Xv1700, Today, 02:49 AM.

BC AdBot (Login to Remove)


4 user(s) are reading this topic

0 members, 3 guests, 1 anonymous users