Weird Changes In Computer and possibility of Hidden Spyware

Galagyy

Galagyy

Member
Joined
Nov 11, 2021
Posts
12
Hello! I hope you are having a nice day.

So recently, my PC has been behaving erotically and as a result has made me paranoid that I have malware as my account has been accessed before and some very unusual thing shave been happening.
I've posted the same question on the Malwarebytes Forums and have been redirected here due to a possiblity of a kernel related error.
> Link Here: Suspected Invisible Spyware and Other Errors

Any help would be appreciated, thank you!

More Information:
  • A brief description of your problem (but you can also include the steps you tried) See above:
  • System Manufacturer? HP
  • Laptop or Desktop? Desktop
  • Exact model number (if laptop, check label on bottom) HP Gaming Desktop Tg01- 2020 edition
  • OS ? (Windows 10, 8.1, 8, 7, Vista) Win 10 Home
  • x86 (32bit) or x64 (64bit)? x64
  • (Only for Vista, Windows 7) Service pack? N/A
  • What was original installed OS on system? Win 10 Home
  • Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM/Win 10 Home
  • Age of system? (hardware) Unknown
  • Age of OS installation? Around 1.5 weeks
  • Have you re-installed the OS? Yes, Nuked from orbit, could be malware still (A few weeks ago)
  • CPU Intel Core i5-10400f
  • Video Card NVIDIA GTX 1650
  • MotherBoard - (if NOT a laptop) From HP, Unknown type.
  • Power Supply - brand & wattage (if laptop, skip this one) PSU, Unknown, from HP and voltage unknown,
  • Is driver verifier enabled or disabled? Yes I have it, it is listed as verifier.exe without the capital V in System32.
  • What security software are you using? (Firewall, antivirus, antimalware, antispyware, and so forth) Malwarebytes (Premium ran out yesterday) / Windows Defender
  • Are you using proxy, vpn, ipfilters or similar software? No, I am not.
  • Are you using Disk Image tools? (like daemon tools, alcohol 52% or 120%, virtual CloneDrive, roxio software) No I am not.
  • Are you currently under/overclocking? Are there overclocking software installed on your system? No there is not.
Link to Speccy Results: http://speccy.piriform.com/results/2FrW1EFw4eKBm3g3KCF5IQh
 

Attachments

DR M said:
Based on AdvancedSetup, your computer is free from malware and he sent you to the BSOD, Crashes, Kernel Debugging Forum here.
Click to expand...
I've moved the thread to the Windows 10 forum since the issue doesn't appear to be BSOD related.

From your thread on the MBAM forums, the exception code seen in your event log:

Error: (11/11/2021 12:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RobloxPlayerLauncher.exe, version: 1.6.0.49602, time stamp: 0x76e4591b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x02057938
Faulting process id: 0x1148
Faulting application start time: 0x01d7d73af870e7e4
Faulting application path: C:\Users\Galaxy\AppData\Local\Roblox\Versions\version-7d72b8c1be984938\RobloxPlayerLauncher.exe
Faulting module path: unknown
Report Id: 1eb82334-8cec-4104-82be-8c5db1afee03
Faulting package full name:
Faulting package-relative application ID:
Click to expand...

This is because an exception handler which the runtime attempted to execute was seen to be invalid for some reason. Do you have the latest Roblox game client? I'll have to have a look into the rest of the logs for you.
 
Yes, I have installed the latest version and have done a reinstall, I can try to reproduce the issue and send a image from Event Viewer or a Farbar Log.
Regards on the issue with the Roblox Client, this usually doesn't happen and the app runs perfectly fine when this happens, which is odd. Is it possible that it has been tampered with?
 
I've also gotten issues like this even when I do a clean reinstall of Windows 10, they always popup sooner or later and come from somewhere.
 
From that message/the timestamp on that message, I can confirm that there have been 7 more instances of this error.
 
I'm not too concerned with the application crashes, they'll be a symptom of a greater problem. I'm concerned with your services seemingly terminating and the following log entry in your system event log:

Rich (BB code): 
Event[93]:
  Log Name: System
  Source: Microsoft-Windows-Kernel-Boot
  Date: 2021-11-11T15:08:03.9850000Z
  Event ID: 29
  Task: N/A
  Level: Error
  Opcode: Info
  Keyword: N/A
  User: S-1-5-18
  User Name: NT AUTHORITY\SYSTEM
  Computer: DESKTOP-OUQOLAC
  Description: 
Windows failed fast startup with error status 0xC00000D4.

Rich (BB code): 
4: kd> !error C00000D4
Error code: (NTSTATUS) 0xc00000d4 (3221225684) - {Incorrect Volume}  The target file of a rename request is located on a different device than the source of the rename request.

Could you please download and run the SSD support tool - SSD Utility Management Software | KIOXIA

Please provide a screenshot of the SSD health screen.
 
Ok, I'm running it and showing it, right now, all the log files and screenshots are posted from another pc that gets the data via usb.
> rename request is located on a different device than the source of the rename request
Does that mean there is a RAT on my pc that is doing something, or some hidden malware, or something of the sort?
 
Volume Shadow Copy is also disabled due to the errors it was causing in event manager.
We also have got 2,000 events in event viewer.
 
We got 3 new warnings that are a bit sketchy.
I think the windows install is corrupt or I have a BIOS problem...
> The Open procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed with error code The System cannot find the file specified.. Performance data for this service will done be available.
> The Configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "LSM" service does not match the trusted performace libraray information stored in the registry. The functions in this library will not be treated as trusted.
> Same error as above,,,
 
Last edited:
Should I just nuke my pc from orbit and try again as whenever I try to install Windows I get this error; I can retry nuking from orbit, BUT, this was a result of a nuke from orbit.
Is there any possiblity there is something really wrong with my pc and I need to do something, or should I just nuke from orbit and not worry about it.
 
Galagyy said:
Not detected; cannot show health tab.
Click to expand...
Which version did you install? There's one for NVMe drives and one for SATA drives.

Galagyy said:
Should I just nuke my pc from orbit and try again as whenever I try to install Windows I get this error; I can retry nuking from orbit, BUT, this was a result of a nuke from orbit.
Is there any possiblity there is something really wrong with my pc and I need to do something, or should I just nuke from orbit and not worry about it.
Click to expand...
Clean installing the system again is not the answer and since you had that error before after clean installing, then I suspect that the issue is more likely to be hardware related.
 
For the downloads, there isn't any software for my device, and there is no way to pick for NVMe or SATA.
 
Update on that, HP the vendor of the computer, wants the computer back to check for malware and other system fixes as one of their support agents could not find out the cause of the issue.
 
Galagyy said:
For the downloads, there isn't any software for my device, and there is no way to pick for NVMe or SATA.
Click to expand...
There was two download links on that page - one for NVMe drives and one for SATA. Unfortunately, I don't know what your exact model is because the msinfo32.nfo file and Speccy report aren't showing it. I assume that might be a generic drive possibly manufactured just for HP.

Galagyy said:
Update on that, HP the vendor of the computer, wants the computer back to check for malware and other system fixes as one of their support agents could not find out the cause of the issue.
Click to expand...
Okay, I would send it back to them and see what they find. Is the system still under warranty?
 
Then I would strongly suggest, as you've already probably done, sending the system back to HP, otherwise you could potentially void your warranty.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top