New
#1
Unusual Activity on Computer
Windows 10 Pro
AMD Ryzen 5 4500U
Before I reformat and re-install Windows Pro 10 again. Just reformatted two weeks ago on 6/20/23. I would like to figure out the cause of the below activities on my computer.
I was wondering if using cloud products is increasing my exposure. I use Anaconda, Replit, SAS On-Demand, Google Sheets,Google Docs, Tableau. I am often connected for hours on the cloud.
I have stopped using my vpn.
#1
ZoneAlarm OSFirewall log
Product CTF Loader
Filename: c:\windows\system32\ctfmon.exe
Event: Registry
SubEvent: DELValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Run internat.exe
There are four instances of this in the OSFirewall log of ZoneAlarm: 6/28, 6/29, 6/30, 7/1. The 7/1 entry happened at 11:21am.
I cannot find internat.exe on the computer. I looked at the registry and the only entry I see is for the vpn.
#2
MalwareBytes
At 11:22am on 7/1 MalwareBytes, flagged a RTP Detection.
outgoing connection
Category: compromised
IP: 138.199.7.129
Port: 7770
File: vpn program file
other instances:
6/22/23 12:07pm port 7770
6/26/23 8:05pm port 51820
I ran MalwareBytes with scan for rootkit set multiple times, nothing.
I also ran Malicious Software Removal Tool, full scan. Nothing.
#3
I am receiving the following AMD notifications.
AMD Software: Adrenalin Software has detected one or more high-DPI panels are connected to your system. Enabling Virtual Super Resolution will increase your resolution...
Press "Alt +R" to access Radeon Overlay for in-game configuration
c:\program files\windowApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftw...\launcherrsxruntime.exe. A required privilege is not held by the client.
I do not have any monitors connected to my laptop. My graphics driver is AMD Radeon.
#4
I have disabled multicast mDNS for Windows 10 & Edge as well as SSDP, UPnP, and LLMNR
Yet, when I turn on the computer, it attempts to connect to 239.255.255.250 before internet is active. The computer is also attempting to connect to 224.000.000.252.
Null sessions and guest accounts are disabled
#5
VPN has confirmed everything is working as designed. There are no DNSleaks.
#6
I have SEAPODAT.HDAUDIO.FUNC_01&VEN_10E... zipfiles in c:\windows\systems32. Could be normal just not sure.
Thanks