Jump to content


  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. these record happened when I was already logged on and during that time I was on a google meet session also, I don't access my PC through PIN, I use Microsoft pass
  2. also to me this is an unresolved issue 2/19/2021 5:05:06 PM;C:\Windows\System32\LogonUI.exe;Modify startup settings;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{D6886603-9D2F-4EB2-B667-1971041FA96B}\S-1-5-21-2775152818-1588230348-2558996214-1001\DestructiveResetInProgress;allowed;Automatic mode; after doing google search D6886603-9D2F-4EB2-B667-1971041FA96B = PIN so im going to assume someone logged in via my PC's PIN did a "DestructiveResetInProgress" and "TpmClearRecoveryInProgress" whatever this
  3. ive also sent some sort of .exe s to eset they are CR_xxxxx/setup.exe the x are random number / chars these things keep popping up from HIPS from time to time targeting my browsers I couldnt obtain all of them, as soon as it gets reported by eset's HIPS I try to go the location of that .exe and its not there anyway, do you how to disable safe boot without logging into windows and without a windows 10 physical disc?
  4. not sure about that, after blocking 0x1f4b0.com and restarting its now replaced by 0123movies.com
  5. these are some of those "Can not obtain ownership information"
  6. ive added the 0x1f4b0.com to hosts and it returned back to, but still this shows in eset what are suppose to be the default connections / ports of these things should I block ports 15xx? is my system services hijacked?
  7. theres also an unknown user S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 in the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisDrv and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisSvc im the only user on this device WdNisDrv also stops running from time to time
  8. dunno, something definitely suspicious is going on I just discovered in my documents 2 exported bookmark htmls that the contents contain selectively private stuff and not just talking about porn (although it was included) also today, I found in my recycle bin files ive deleted long ago, these files all of them deleted at the same time of 5:08, and their original location deleted is on microsoft/windows/recent
  9. what about these services? no results on googling i cant disable it, all it says parameter incorrect
  10. where can I locate these "updates", because I want to send it for inspection, get to see what's inside of it. ty
  • Create New...