malware problem out of control Its fast 10G of new data less then an hr

Not open for further replies.


New Member
Thread author
May 27, 2020
So I have tried the main guides for removal. when running fubar I did not t get a REMOVAL list. there should be one.... so I am assuming malware ate it. it has created like 7662 new security events since March 27th and crated many admin new accounts ripped up virus software or prevented it from being installed. I have been trying to do it myself self but I am forced to admit that I cant. Any help would be greatly appreciated. oh and it was able to alt my win 10 install DVD I did (not finalize it during/after creation. now when I try to use it tells me that it needs drivers to install./ I thought that I had finalized it but I guess not. never seen that before! OK, soo here we go to the main event. this has been going on for a while. I do regular backups and HAD rescue media via DVD and bootable USB's

So .........
once upon a time in a land far away ...... I noticed a system slow down and started to poke around and see what was going on. I was running windows insider fast lane os usually. so errors happen. so after checking I found that I had a serious problem. guess my stats would help


Windows 10 Professional (x64) Version 1909 (build 18363.418)
Install Language: English (United States)
System Locale: English (United States)
Installed: 5/28/2020 6:10:01 AM
Servicing Branch: Current Branch (CB)
Boot Mode: Legacy BIOS in UEFI (Secure Boot not supported)
System Model
Dell Inc. Latitude E6430s 01
System Service Tag: 36xxxx (support for this PC)
Chassis Serial Number: 36xxxxx
Enclosure Type: Laptop
Processor a
2.60 gigahertz Intel Core i5-3320M
128 kilobyte primary memory cache
512 kilobyte secondary memory cache
3072 kilobyte tertiary memory cache
64-bit ready
Multi-core (2 total)
Hyper-threaded (4 total)
Main Circuit Board b
Board: Dell Inc. 0XHTPW A00
Serial Number: /36PM7W1/CN129612XXXXX
Bus Clock: 100 megahertz
UEFI: Dell Inc. A21 11/30/2018
105.91 Gigabytes Usable Hard Drive Capacity
79.56 Gigabytes Hard Drive Free Space

ST1000LM024 HN-M101MBB [Hard drive] (1000.20 GB) -- drive 0, s/n S2ZPJ9CD473594, SMART Status: Healthy
Memory Modules c,d
6050 Megabytes Usable Installed Memory

Slot 'DIMM A' has 4096 MB (serial number BDA4XXXX
Slot 'DIMM B' has 2048 MB (serial number 671DXXXXX
Local Drive Volumes
c: (NTFS on drive 0) *104.25 GB78.40 GB free
f: (NTFS on drive 0)1.05 GB1.03 GB free
g: (NTFS on drive 0)607 MB129 MB free
* Operating System is installed on c:
Network Drives
None detected
Users (mouse over user name for details)
local system accounts
local user accountslast logon
15/31/2020 10:12:19 PM(admin)
X Marks a disabled account; L Marks a locked account
Microsoft Print To PDFon PORTPROMPT:
Microsoft Shared Fax Driveron SHRFAX:
Microsoft XPS Document Writer v4on PORTPROMPT:
None detected
Intel(R) HD Graphics 4000 [Display adapter]
Generic Non-PnP Monitor
Generic PnP Monitor (13.9"vis)
Bus Adapters
Intel Chipset SATA RAID Controller
Microsoft Storage Spaces Controller
Microsoft VHD Loopback Controller
SD Storage Class Controller
Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Intel(R) USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
High Definition Audio Device
Intel(R) Display Audio
Virus Protection
Windows Defender Version 4.18.1902.5
Scan Engine Version 1.1.17100.2
Virus Definitions Version 5/30/2020 Rev 1.317.318.0
Last Disk Scan on Sunday, May 31, 2020 10:22:01 PM
Realtime File Scanning On

So I tried to get help form bleeping computers as I have used their sight in the past for info. you can see it here virus malware problem out of control Its fast 10G of new data less than an hr - Virus, Trojan, Spyware, and Malware Removal Help

The long and the short of it was that **** wasssss crazy! it destroys any antivirus and malware program in installed if I could get it installed and seamed like it was adaptive for instance I could not install fubar. I would try and there hours later it was still at 3%... (This is Now when I run it goes into a loop. checking for updates it completes and starts again. when I put it into airplane mode and run it I get past that and it scans.. after it finishes and starts to generate the text doc I get asked says that it does not exists do I want to create one now. Now I've already reset the hard drive wipe it completely out. Used sfc, chkdsk, dism, and finally when I finally had enough I used diskart clean all to wipe the drive. It's a 1 terabyte drive so I took a while. I did notice this time when I wipe the drive reformatted and everything that I didn't have as much space as I used to it show me available space that was about a hundred gigs less that I should have. I tried everything I could think of to get it back clean realigning the drive couldn't find anything anywhere online for help I did just check the disk for any errors. Finally gave up on it reinstall Windows from fresh download from Microsoft ', Windows 10 ISO 1909. I install Malwarebytes 360 Total Security I ran Malwarebytes I ran CC cleaner, Iran Spybot Search & Destroy Iran's location 360, RogueKillerCMD, McAfee Real Protect, McAfee Stinger, Malwarebytes, Zemana AntiMalware, Zemana AntiMalware, Windows Defender, Windows offline, Windows malicious software removal tool, Adwcleaner, Microsoft Anti-Malware Signature Package, Microsoft Anti-Malware Signature Package, Microsoft Anti-Malware Signature Package, Microsoft Anti-Malware Signature Package, some pooSysRescue CD , it just goes on and on so all the major stuff to no avail.

So here are some of the attributes that it exhibits.

1) if you open task manager there are all kinds of things that are running.

when I go to the services section of the control panel there are A number of duplicated services that have a number-letter combo after the services like this CaptureService_504a3. so there is one service named CaptureService_504a3 CaptureService and one named CaptureService_504a3 CaptureService_504a3. looking at the service they are all key services IE: AarSvc_504a3 Agent Activation Runtime_504a3, BcastDVRUserService_504a3 GameDVR and Broadcast User Service_504a3, BluetoothUserService_504a3 Bluetooth User Support Service_504a3, CaptureService_504a3 CaptureService_504a3, cbdhsvc_504a3 Clipboard User Service_504a3, ConsentUxUserSvc_504a3 ConsentUX_504a3, CredentialEnrollmentManagerUserSvc_504a3 CredentialEnrollmentManagerUserSvc_504a3, etc.

Ok, the other things that make them stand out are that the service that does not have the "extension" is always stoped and the one with is set to manual trigger, there is no PID. In some cases the command line is blank or the description is missing or the command line is ridiculously long. if you try to change anything in the property of the second on it will not allow you for instance if wanted to change the service to auto instead of the manual trigger it books me and says "the parameter is incorrect.
Screenshot (1).pngScreenshot (2).pngScreenshot (3).pngScreenshot (4).pngScreenshot (36).png

2)event Viewer
ok so there will be 3000 to 4000 new security events on a new install of windows there are sometimes hundreds of reading of security credentials in ONW Second until it is able to create a new user. this new user will have rediculous privileges. There are errors for a defender or any other security software for downloading[ update or running a scheduled times..
Screenshot (20).pngScreenshot (20).pngScreenshot (17).pngScreenshot (16).pngScreenshot (15).pngScreenshot (14).pngScreenshot (7).pngScreenshot (8).png

3) if you go to C:\Program Files\WindowsApps\ there is a duplication of every folder with the ëxtention __kzf8qxf38zg5cScreenshot (5).png

4) there are a ton of new rules in the firewall incoming g and outgoing
Screenshot (6).pngScreenshot (7).pngScreenshot (8).pngScreenshot (10).pngScreenshot (11).png

it blocks installation of virus and malware programs or nutters them by selecting the definition database or adding its self to the white list

Screenshot (37).png
And I can go on and on

I have found other instances of this problem. but most of them did not see in the scope that I have . here are[ some references that I have found
Need Help with Pesky Virus
Error message popping up frequently, even when no Office program is running
Virus...please explain this virus and what it can access
Solved - Possible Virus? Weird computer problems

Please Attention to this thread. This person is experiencing the same things that I and gives more details but it is almost a mirror of my problem down to the habits of the malware

I have done reinstalled windows and doing all the stuff in the first section of this post I found that it has also corrupt the pre-boot and the ""x-drive"" so all I am doing is reinfecting my self.

I am in an isolated area of OR and after my second computer went down with the same thing while I waS TRYING to fix the first one. i am assuming that it implanted its self on a USB drive I was using to load clean programs on the infected machine. possably hiding in sector 0 or mbr OR bios. SO that's the quick version.

hear things that happened when trying to remove it

So it has created aa bunch of loops for me and any program to trave down. To say that it was interesting would bed an understatement. Took ME A bit to figure how to get the feaking thing installed and running before it got neutered. I hid it "outside" of windows and got it to run it found me before it was done with the reports and kept deleting them..And then the battle began to get them out of the computer. it blocked me form sending them via email browser was just spinning so I tried wifi direct i don't even know how it made ENTIRE NETWORK AND INTERNET SETTINGS networking vanish like that like everything I'm thinking the registry. blue tooth and usb no go. so[ i riped the hard drive out running and got them like that. I put reinstalled it is doing just fine getting bigger. here are a couple of shots of the loops and such.

Pictures showing the windows in the folders is me puran rescue disk those folders that say Loop is in a file that's called a block that was hidden in my C drive I found that when I was trying to install fubar I had to write a VBS script in order for me to be able to install Fubar and run it it wouldn't let me install it would tell me that an error out or it would freeze it and it would crawl for like an hour and go 1%


I am uploading the event logs and such for you to look at if that helps


  • Screenshot (18).png
    Screenshot (18).png
    102.9 KB · Views: 10
  • Screenshot (12).png
    Screenshot (12).png
    97.7 KB · Views: 10
  • Screenshot (10).png
    Screenshot (10).png
    102.5 KB · Views: 10
  • Screenshot (11).png
    Screenshot (11).png
    99.2 KB · Views: 10
  • Screenshot (9).png
    Screenshot (9).png
    101.3 KB · Views: 11
  • Screenshot (6).png
    Screenshot (6).png
    145.6 KB · Views: 10
  • Screenshot (3).png
    Screenshot (3).png
    140.1 KB · Views: 11
  • Screenshot (4).png
    Screenshot (4).png
    165.5 KB · Views: 9
  • Screenshot (5).png
    Screenshot (5).png
    142.2 KB · Views: 10
  • out.txt
    36 KB · Views: 7
  • inbouynd.txt
    46.1 KB · Views: 6
  • Screenshot (9).png
    Screenshot (9).png
    129.1 KB · Views: 9
  • eventerror.txt
    16.7 KB · Views: 6
  • out.txt
    36 KB · Views: 6
  • inbouynd.txt
    46.1 KB · Views: 6
  • security.txt
    2.5 MB · Views: 6
  • security2.txt
    2.6 MB · Views: 6
Last edited:


Staff Member
Jan 8, 2011
So I tried to get help form bleeping computers as I have used their sight in the past for info. you can see it here virus malware problem out of control Its fast 10G of new data less than an hr - Virus, Trojan, Spyware, and Malware Removal Help
They said it was not a Malware problem.

nasdaq said:
The more I read your information and the review of your first logs from the Farbar program were no malware was found i think that your problem is not caused by malware.


This Forum is for problem with Malware/virus etc...
  • Like
Reactions: upnorth
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.