Vuyek

Ok. I finally figurę it out. Had to wipe my entire disc. It was a bug or malware in my usb WiFi adapter drivers. I had them on my Hard disc. When I was trying to install drivers my bugged exe file was named athurx and appaerently it was doing something with my DNS server, because each time I was downloading newer/other version I was downloading exact same athurx file in zip archive. This time when i wiped entire disc I went to my neighbour to download WiFi drivers, and I dont know how, but he downloaded another zip archive, but with completely different files inside. Same TP link website, same drivers, but inside zip archive were completely different files with setup. Exe So i guess it had to do something with DNS.

Yes, I set that, so the possible reason for my issue is lack of security in my local network? Still sometimes I get firewall notifications about 'system' or other service is trying to connect to ipv6 device (or address?) it starts with 'fe:". Correct me if I'm wrong but is ipv6 used in local networks? Should I block that? And if yes, how can i restrict access from every device in my local network? Is remote desktop access a thing here? Or some kind of web view bitstreaming like rtp or rstp? Through all those hours I spent educating myself about internet protocols and windows services I think I might got lost a bit Thanks for helping me out itman

Just got this:

Yes. And I asked my neighbour lately if he also is having any clues or suspicions and he said he doesn't use any firewall or antivirus software, he just formats everything twice a year after he notices anything unusual

I share my flat and internet with my neighbours so I guess it's half public half private. I don't know if they have their end of wifi protected. I managed to record some odd stuff happening. https://mega.nz/folder/5iYwGL7C#2hLOe2HYm6qheB7V4xBGjg There is record of my wifi suddenly deciding to disable and enable few times. When I click on tcpip4 properties sometimes I have my gateway set as 192.168.1.1 and sometimes it's blank. Another record shows that I had Cloudflare WARP app to keep my IP private. Yesterday I had notification that an update is available, I clicked to install and my cloudflare app disappeared. Uninstalled. So I decided to download new installer manually but installation process cant go through. Also today I found out my desktop changed. It's now half in C;/users/public and half C:/users/Z and because of security restrictions I couldn't save my game (gothic 3 ) so something definitely changed without me knowing it. Also in security tab there was unknown account with special permissions to C:/users/public but I deleted it. Answering to questions in linked topic: It coudn't be account that I created and deleted in the past. Since this windows installation I had only one account, didnt create, edit or delete any. No I dont. I was using cloudflare app if that one counts but virtual network adapter was before I got that installed. I didnt install any of hyper-v features, dont know what it is to be honest. It keeps reinstalling with every new win installation.

They were named "unknown account S-1" + a number of random digits. Most concerning devices like WAN miniports, Microsoft kernel debug network adapter and Microsoft virtual hosted network adapter I already deleted. But before I deleted them I made this screenshot:

Yes, I have ESET installed. I'm using external wifi network adapter, so maybe that's the reason, but what can I do to deny access and regain control? Not anymore. Yesterday I did another reinstall because each time I unplugged my Wifi adapter I kept getting bluescreens and when I tried to reinstall drivers I got message 'access denied'. I will try to capture some screenshots with those messages about restarting my PC when they happen or to record my screen with adapter reenabling. Also I already deleted microsoft network adapter and microsoft kernel network adapter, but here's the screenshot of devices installed at this moment:

As I was writing this down I got security alert from windows. It turns out that my reputation-based protection was turned off. Never did this of course. There's a lot more small things happening for no reason, like my network adapter disabling and enabling multiple times within a minute - sometimes it happens right in front of me So I Can observe it.

Hello I've been struggling lately with my PC changing IP addresses, installing new devices and updates by itself. Nothing helped. I was reinstalling different windows 10 and 7 versions and every single time after a while I could notice that in C drive win files unknown accounts were granted control privileges in security tab, I couldn't change some settings like airplane mode or night light. I was getting messages that changes were made to my system and I have to restart PC. To be honest I got really paranoid about this, but everyone was telling me that It's probably Microsoft implementing updates and so on. Today I found another new device installed "NDIS Virtual Network Adapter Enumerator". Yesterday there was no trace of it so I decided to google name and check what this device does and I found this topic: https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/windows-10-home-network-has-been-hijacked-by-an/c91fe5aa-0907-431d-835c-8919076d1d3c This topic pretty much sums up my issue, I have same devices reinstalling in my windows. Everything looks similar. Is this really an issue or are we all wrong about this? Also in my clipboard history I had this: I NEVER copied this from any source, I didnt write that down, nothing, my PC was turned ON entire night when I was sleeping. I'm in dead end, don't know what to do...

Well, the firewall troubleshooting wizard deletes reports after 1 hour so I cannot find any more informations. About the trusted zone - I live in house shared between multiple people, which I dont know that well, so there is a lot of people sharing internet connection so the last thing I wanna do is to add my network into trusted zone. Sometimes I sew that I had established connection through 1900 upnp port, but I managed to block it through simplewall. Of course I get into consideration that I might just be a little paranoid about this, but I guess it's better safe than sorry.

I couldnt find the 'reply' button in the topic. Yes, that unknown account was phantom account created by ESET certainly. But aside of that, isn't it suspicious that my network adapter received over 1,5 billion packets already within 44 hours? Since I created my topic I received 600 million packets while not even using my PC. It was just turned on. Also ESET blocked one of my apps in "Network protection troubleshooting" indicating that there were 46 attempted connections from 192.168.1.118 IP. So does it mean that other PC in my LAN got a security threat issue or is trying to connect to my PC without my knowledge? Link to topic: https://forum.eset.com/topic/27403-found-unknown-local-user-account-after-eset-installation/?tab=comments#comment-129217