Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 pro with media center and network keeps getting hacked


  • Please log in to reply
30 replies to this topic

#1 Scottiesmusicroom

Scottiesmusicroom

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 19 February 2016 - 01:53 AM

Hello,

 

I am becoming very upset as I keep getting viruses and trojans in my network. It ruins all my computers and I have a dell restore usb they sent for this Dell inspiron with windows 8.1 home edition. I use my product code i paid for to upgrade to Pro media center. I just reinstalled and malwarebytes already found a new one. The first was in november it was called androidExploit and then dell updates on my total defender pro says miniunz.exe and stritz.exe malware blocked and now fresh and reinstalled from a USB from dell its Malwarebytes saying trojan/malpack C:\Windows\options\setb.exe. here is one of the folders thats been created in that folder tonight 

 

 Wed 02/17/2016-21:54:39.45-[BCDFix.cmd]: START
 
mount partitions
check if RP only or WINRE + RIP
no WINRE nor RP on disk
launch reagentc to set default WINRE options
set winre options
Windows Recovery Environment (Windows RE) and system reset configuration
Information:

    Windows RE status:         Enabled
    Windows RE location:       \\?\GLOBALROOT\device\harddisk0\partition3\Recovery\WindowsRE
    Boot Configuration Data (BCD) identifier: f81c8d39-d602-11e5-824f-bc6d208076b8
    Recovery image location:   
    Recovery image index:      0
    Custom image location:     
    Custom image index:        0

unmount partitions
remove rpmgmt
 
 Wed 02/17/2016-21:54:42.63-[BCDFix.cmd]: END
 

 

What is going on??? malwarebytes is still running now for 1:30:00

 

Attached File  virus found.png   422.91KB   0 downloads

Attached File  virus2.png   466.9KB   0 downloads


Edited by hamluis, 19 February 2016 - 09:47 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 jcgriff2

jcgriff2

  • BSOD Kernel Dump Expert
  • 1,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey Shore
  • Local time:06:53 PM

Posted 19 February 2016 - 01:59 AM

Hi. . .

 

Perhaps you are still infected.

 

Have the system checked out - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

 

Regards. . .

 

jcgriff2


Microsoft MVP 2009-2015
Microsoft Windows Insider MVP 2018 - Present

#3 Scottiesmusicroom

Scottiesmusicroom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 19 February 2016 - 02:42 AM

Ok I will right now. Yeah malwarebytes said it had to reboot to remove it. It froze on reboot. I had to force it to shut off after 30 min. I disconnected the Internet now. It turned back on and windows updates are now working on updates at 30%. I installed office professional plus 2007 and all my programs I hope they dont help this issue get worse. Its restarting now. We will see and i will go read now. Thank you.

#4 TCSNinc

TCSNinc

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 AM

Posted 19 February 2016 - 05:27 AM

It's impossible to keep everyone out all of the time but you can most certainly slow them down by

memorizing where most of your cookie and temp caches folders are so you can dump them.

 

I'm taking a dump like four times a day because I visit a lot of dodgy sites.

 

By the way Advanced System Cleaner doesn't have as much jurisdiction over it as software native to America.

That's why a lot of people throw sticks at it because it reveals everyones dirty secrets...

...like Malware Byte's unlock serial they thought they were hiding in registry a few years back.

 

ASC is the only program I subscribe with $ too but I also like Wise & CCleaner.



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:53 PM

Posted 19 February 2016 - 09:43 AM

Please download and run RKill
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.  Do not reboot your computer until all of the requested scans have completed.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 

 ================
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
================
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 19 February 2016 - 09:44 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Scottiesmusicroom

Scottiesmusicroom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 19 February 2016 - 09:57 AM

I am trying it right now. Thank you so much. Everytime I am going to dell to reinstall my driver and get malware everytime. I finally went into safe mode and installed drivers anyways just to see and as you see Im on the internet now typing this. But I still am getting frozen programs and its not letting me into my Total defender Antivirus now to take a screen shot of the names of the malware alerts and the names to send on here. It is funny how it freezes as it knows I am about to kill it. But I just ran the rkiller and it finished in 1 minute and is clear. Not trusting it at all as the malware like you said protects its self.

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/19/2016 08:50:06 AM in x64 mode.
Windows Version: Windows 8.1 Pro with Media Center

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/19/2016 08:51:23 AM
Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)
 



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:53 PM

Posted 19 February 2016 - 10:46 AM

Without restarting the computer after installing Rkill run the suggested scans and post the results in your topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Scottiesmusicroom

Scottiesmusicroom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 19 February 2016 - 11:23 AM

Ok sorry it is taking long. It did windows updates in the middle of Kaspersky which is not getting posted as no infections. HOWEVER Malwarebytes found a trojan and I deleted all before I did the log so i dont know if you see it. I already mentioned I just restored from a USB from DELL and its home 8.1. I have a upgrade I bought from a local well known store for 8.1pro media center.  I also install 2007 Office Professional plus and have premium malwarebytes that I havent activated yet as I dont want to keep using my key over and over again. Or should I no matter what? Also my anti virus says I used all my keys and its on trial and wont let me update but is still working. My malwarebytes and antivirus keep stalling and Malwarebytes fails and says service not working and never has before. The antivirus greys out the main screen but still does stuff in the back ground if I click clear cache on the start bar at the bottom right but the UI for me to click in the program stays semi greyed out. It looks like this trojan is in my hardware or something. Please help me get this thing out of my computer. It infected my roommates and is in our network. I am very good with Local policy settings and Pro type features so anyone who knows what Local policy to set and what needs to be done to stop this in its tracks I can! please tell me the local policies to make my computer like a company domain that is very protected. my computer thought it was a server/workstation the otherday I messed with the settings trying everything so now its like this virus is bypassing restore. I may have sent a local policy settings by mistake to make the integrity of my system weak. I also played with the secure boot in the bios. But I set it all back to normal but still get this Trojan and malware attack at dell.com driver download. I also Was messing around on the comodo website and installed certificates for servers and networks. I dont know what I was thinking messing with certificates I dont know what they do and I was just trying to get the virus locked out of my computer and now you see whats happening... So please if you know anything help! and this all started in october when I installed android sdk to root my galaxy s4. I got a monitoring.androidexploit and was using windows defender at the time and malwarebytes premium. It was in quarantine with another Trojan called win32/something and I deleted them and have been hacked since. I bought  a new Dell and just brought it back as I was locked out of it and it was destroyed when I put my pics and files on it from this computer. So of coarse I am taking all saftey steps. Please do NOT try and use my information or logs to hunt down this or to connect to my computer you will be infected and I will be right behind it defending my computer lol. Sorry As you can see I am smart enough to rename the accounts to my pc so they are not typical Administrator names. I read its better to change them. Is this a malware site I read it? Should I not do this? anything helps.. Sorry if Im on the wrong thread. At least my issue is REAL and I am a real person who is in immediate help of any developer or proffessional out there who is willing to help me know for a FACT that I am clean and fighting off all infections. As well as help me get my drivers that are signed and from the makers of this dell and not dell.com Malware infected files they give. If I can post on this site that Apple recommended then I think that the Trojan is starting to lose because at first I couldnt get to any real site that helped me for some reason I was always redirected. At last I am at a site that Apple the safest of safe recommended. I also see you saying to use the tools that my uncle who works at a computer shop here in town uses all the time, and you are recommending a tool that my roommates computer guy uses. So you are REAL I can tell. So if you can do this with me I am ready lets do it! I will be changing my network names and user names once we are done to keep my data private as these logs give info and I am not going down that road of exposure again. Thanks so much for reading this and I pray to get all the help I can. I am scizophrenic and ill and do not deserve this and my mental wellbeeing depends on my computer running correct and me getting online safe. I cant be a victim of cyber attack anymore. I can go to the pros here in town but they are so busy with there customers to help me for free. I refuse to pay for anything and will not be "ransomed" into getting left alone when I got all the smart developers on here willing to help for free. I am disabled and have nothing better to do then to sit here all day and make friends with the ones who help me fix the integrety of my system at last. So again... Thank you!!!

 

Here is "Malwarebytes Anti-Malware Home Trial" log and yes the trojan found is trojan/malpack C:\Windows\options\setb.XXX. Where XXX is actually EXE. and my update for my drivers site is also giving me on even the Autodetect option a malware called miniunz.XXX and xxx is EXE. the link is

 

 

 

I used my ipod to get some updates from the site and installed in safe mode and it worked. However now the trojan issue exists and windows updates stalls. Lets see if this Malwarebytes log says anything!! Here you go!! (and no more endless explanations, I just needed to state the issue once at least)

 

Potential issues:
==============================

TermService Start is set to: (Disabled)         <-- TERMSERVICE SHOULD NOT BE DISABLED

LAN Settings: No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9600
Malwarebytes Anti-Malware:         2.2.0.1024
Installed On:                      2016/02/19
Malware Database:                  2016.02.19.03
Rootkit Database:                  2016.02.17.01
Remediation Database:              2016.02.12.01
IP Database:                       2016.02.08.01
Domain Database:                   2016.02.19.01
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/02/19 09:48:14

User Information for Local System:
===========================================
User Account: Big quantamX
    Account Level: Admin
User Account: Little Quantam
    Account Level: Limited User
User Account: Scott_000
    Account Level: Admin
User Account: Welcomemenot
    Account Level: Guest
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    2    Status: ON
    DWORD    3    Status: ON
    DWORD    4    Status: ON
    DWORD    5    Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed:    "Windows Defender"
AntiVirus Software Installed:    "Total Defense Anti-Virus"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Total Defense Anti-Virus"
AntiSpyware Software Installed:    "Windows Defender"

Machine Information
===============================================
Machine ID:    a84b38d4169559dbe1e5282b7c2561949dbd1d2e
Installation Token:    9qpwh44jG7M-Tb1CLHSr1455772969
System has been up for:     0.411111 Hours
System has been booted within the last hour
Current Date:    2016-Feb-19 15:48:14.945319
Date Booted:    2016-Feb-19 15:48:14.945319

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    true
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Users\Scott_000\Documents\3441A07.EXEREG_SZ        ~ RUNASADMIN
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 25816     BYTES    FileVersion: 0.1.16.0    MD5: [cfbc6c6d8a492697cabd1d353ee64933]
C:\Windows\system32\drivers\mwac.sys
File Size: 64216     BYTES    FileVersion: 1.0.6.0    MD5: [08decfcb9ba97786165a69ab1015bc30]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 192216    BYTES    FileVersion: 0.3.0.4    MD5: [78488af2ab2111d67b3c4044707a519b]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 109272    BYTES    FileVersion: 1.1.21.0    MD5: [42b3f5c9fbc9b3f0e0ba6b5d7fc8e849]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl                  REG_DWORD        1
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    DependOnService               REG_MULTI_SZ    RpcSs
                            WfpLwfs

    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    ErrorControl                  REG_DWORD        3
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\Windows\system32\drivers\fltmgr.sys
File Size: 360792    BYTES    FileVersion: 6.3.9600.17031    MD5: [46d1df775fff14585218bbe16e5b2c9a]
C:\Windows\SysWOW64\mscomctl.ocx
File Size: 1077336   BYTES    FileVersion: 6.1.95.45    MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d]
C:\Windows\SysWOW64\olepro32.dll
File Size: 80384     BYTES    FileVersion: 6.3.9600.16384    MD5: [0fc9b04c7f729498b41a19fa55c33573]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    EarlyStartSelfProtection:                                  false
    LimitedMode:                                               false
    SelfProtection:                                            false
    StartSilentMode:                                           false
    StartupDelay:                                              -30
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          false
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Marketing:
    LastPostScanMarketingIndex:                                4
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       9000
ScanHistory:
    Duration_Complete:                                         300453
    Duration_Driver:                                           38745
    Duration_Filesystem:                                       190
    Duration_Heuristics:                                       211819
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 2
    Duration_Memory:                                           40000
    Duration_PreScan:                                          37274
    Duration_Registry:                                         55864
    Duration_Sector:                                           0
    Duration_Startup:                                          87807
    ItemCount_Complete:                                        251128
    ItemCount_Driver:                                          352
    ItemCount_Filesystem:                                      45996
    ItemCount_Heuristics:                                      1539
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         37250
    ItemCount_Registry:                                        637
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         1179
    LastRemovalRequiredDOR:                                    false
    LastScanDateEpoch:                                         1455893938595
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  1
Update:
    LastUpdate:                                                2016-02-19T11:29:37
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    1
    ProxyPassword:                                              
    ProxyPort:                                                 0
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Trial
  Expiration Time:                                             2016/03/03 05:22:50
  Activation Time:                                             2016/02/18 00:22:52
  Trial Used:                                                  true
--------------Access Policies:--------------
users:
    83f65df7-1bfc-47a4-b002-817176c82375:                       
      parameters:                                               
        Description:                                           approval to view,change,see
      passwordhash:                                            XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      permissions:                                              
        00ed244a-9c78-4db1-baa3-558816faaede:                  logging_delete
        28c85214-f747-4b2a-9e14-74c37dd2a43b:                  detection_settings
        358a1d5b-e462-4eb2-93f5-5ad11cb3dccc:                  quarantine
        419ac7dd-517b-488b-bc23-cb9867b920e0:                  history
        4b2edc52-9217-4165-ab3b-e4c4b71030ef:                  update_settings
        61171424-10fa-4068-b27f-5818b69d31f5:                  history_settings
        8379bd81-013a-4dd1-9072-2823137a052b:                  licensing
        9bb7129d-4ca0-4abf-acf5-a34683352aa2:                  logging_export
        9be5a8a0-0f6a-400e-b43d-342be57e8723:                  scheduler
        d8b7cc6e-0a22-4206-bc0f-41290e3e3286:                  logging_view
        dfe8a039-7ee1-4a17-baff-11d8195b01cd:                  exclusions
        ee5e4323-47ca-4da7-859a-85c5d5f924b5:                  advanced_settings
        f2b6bdbd-ccaa-44d8-aaf4-90ef5cf0e781:                  general_settings
        f356c265-9146-4093-b2a5-66ef3f653c55:                  settings
        f5e57d75-e913-4412-a4c9-51e88360eba5:                  access_policies
      username:                                                Administrator rights

Scheduler Queue:
================

tasks:
    377531f3-e5c0-4ee6-8cb1-29b849369543:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true
        ProcessLaunchedFromScheduler:                          true
        TaskType:                                              3
      triggers:                                                 
        531e149a-79ac-4cde-a02c-0a503dd4db24:                   
          dateinterval:                                        0:0:0 (Days:Months:Years)
          lastscheduled:                                       Fri, 19 Feb 2016 09:10:27.024839 -0600
          lasttriggered:                                       Fri, 19 Feb 2016 09:10:27.024839 -0600
          nextscheduled:                                       Fri, 19 Feb 2016 16:12:55 +0000
          recovery:                                            01:00:00 (Hours:Minutes:Seconds)
          start:                                               Thu, 18 Feb 2016 06:59:15 +0000
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds)
          type:                                                Hourly
          uuid:                                                531e149a-79ac-4cde-a02c-0a503dd4db24
      type:                                                    update
      uuid:                                                    377531f3-e5c0-4ee6-8cb1-29b849369543
    8f075074-e664-4188-84ac-3f0762d3f52c:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                             
          FileSystemOption:                                    true
          RebootSystemWhenMalwareDetected:                     true
          RemoveMalwareAutomaticallyWhenScanEnds:              true
          ScanArchives:                                        true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        true
          ScanSource:                                          2
          ScanStartup:                                         true
          ScanTargets:                                         G:\|C:\
          ScanType:                                            4 (Custom Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              1
      triggers:                                                 
        68387dad-26c0-4a4d-830c-873a6ee10532:                   
          dateinterval:                                        2:0:0 (Days:Months:Years)
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Sun, 21 Feb 2016 06:27:09 +0000
          recovery:                                            01:00:00 (Hours:Minutes:Seconds)
          start:                                               Fri, 19 Feb 2016 06:21:41 +0000
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                68387dad-26c0-4a4d-830c-873a6ee10532
      type:                                                    scan
      uuid:                                                    8f075074-e664-4188-84ac-3f0762d3f52c
    92d7a0cc-be4c-4765-babb-eccb51a24cdf:                       
      parameters:                                               
        AutoDelete:                                            false
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                             
          ExportLog:                                           true
          FileSystemOption:                                    true
          Quarantine:                                          Prompt
          RebootSystemWhenMalwareDetected:                     true
          RemoveMalwareAutomaticallyWhenScanEnds:              true
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        true
          ScanSource:                                          2
          ScanStartup:                                         true
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                 
        06caf57d-cbb4-4ee8-94ce-0553af93a84a:                   
          dateinterval:                                        1:0:0 (Days:Months:Years)
          lastscheduled:                                       Fri, 19 Feb 2016 03:42:35.014740 -0600
          lasttriggered:                                       Fri, 19 Feb 2016 03:42:35.014740 -0600
          nextscheduled:                                       Sat, 20 Feb 2016 09:41:55 +0000
          recovery:                                            02:00:00 (Hours:Minutes:Seconds)
          start:                                               Fri, 19 Feb 2016 09:37:35 +0000
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                06caf57d-cbb4-4ee8-94ce-0553af93a84a
      type:                                                    scan
      uuid:                                                    92d7a0cc-be4c-4765-babb-eccb51a24cdf

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
Pending File Rename Operations:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations    REG_MULTI_SZ    \??\C:\Users\Scott_000\AppData\Local\Temp\{0D2C0961-BA5F-420B-9636-FBA06FB4E6EF}\{755ABB9E-6B47-4C5E-BD2A-93BFD48638C3}.exe



MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

    WOW64                         REG_DWORD        1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DependOnService               REG_MULTI_SZ    MBAMProtector

    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
    WOW64                         REG_DWORD        1
    ObjectName                    REG_SZ        LocalSystem
    Description                   REG_SZ        Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 4 (Disabled)         <-- TERMSERVICE SHOULD NOT BE DISABLED

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
    ProxyOverride    REG_SZ        *.local

LAN Settings:
=============

No Settings are Set        <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM
        PM
        :

Currently:
REG_SZ        h:mm:ss tt
REG_SZ        AM
REG_SZ        PM
REG_SZ        :

Language and Regional Settings:
===============================

ACP:     Language is English (United States)
MACCP:     Language is English (United States)
OEMCP:     Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================
















List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [0bce989cf27fdce498305a041d1eba95]
changes.txt                                 File Size: 1301      BYTES    FileVersion:  N/A            MD5: [b535a0821de0464a9927c996f7e957d8]
cloud-enumeration.dll                       File Size: 286008    BYTES    FileVersion:  1.0.1.0        MD5: [9fdabf510e37b06c24aaac53d402633e]
cloud.dll                                   File Size: 351544    BYTES    FileVersion:  1.0.1.0        MD5: [020f7775a0f0bedfbbc2d87cac34e452]
license.rtf                                 File Size: 270257    BYTES    FileVersion:  N/A            MD5: [4bac855abf62066aa03591d904a26558]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 608568    BYTES    FileVersion:  1.0.40.0       MD5: [9f597ef193ba422303888cdd34e33456]
mbam.exe                                    File Size: 9832760   BYTES    FileVersion:  2.3.125.0      MD5: [babbbdef9dbb5e012ee5210fcb47c33b]
mbamcore.dll                                File Size: 2126648   BYTES    FileVersion:  1.3.24.0       MD5: [9507addeb1f70f4abf50a9835cd2f8cb]
mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.2.0        MD5: [9cee13ddcf207923a1849a8371e714e9]
mbamext.dll                                 File Size: 310584    BYTES    FileVersion:  3.0.7.0        MD5: [9c96d44764f8b8bdb09e6ad6ad68d494]
mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.57.0       MD5: [edd398e736e3efd188dfa86ca4f28527]
mbamresearch.exe                            File Size: 1947960   BYTES    FileVersion:  1.1.1.0        MD5: [f4fe7e8cbf51aa07cfb947dbef07e1af]
mbamscheduler.exe                           File Size: 1513784   BYTES    FileVersion:  3.1.6.0        MD5: [ab176b9e59c0435499d83047d84edd59]
mbamservice.exe                             File Size: 1135416   BYTES    FileVersion:  3.2.19.0       MD5: [40c126cb15fab7d6c66490dca9c1aed2]
mbamsrv.dll                                 File Size: 3861816   BYTES    FileVersion:  2.1.9.0        MD5: [8853bc829caee0b5c4952e97156c9fc5]
mbamtoast.dll                               File Size: 97080     BYTES    FileVersion:  1.70.0.0       MD5: [b7398889823f2ce0116ad31344b43197]
msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [955743f613f744c184383e09c1d2b16d]
msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [f7659c545773f2d21f0335f58a7f20cd]
Qt5Core.dll                                 File Size: 4645688   BYTES    FileVersion:  5.4.1.0        MD5: [0187e57536d48f33acb8d9789c7ff3fc]
Qt5Gui.dll                                  File Size: 4639032   BYTES    FileVersion:  5.4.1.0        MD5: [8eb68983624868507f33b8da78507f7c]
Qt5Network.dll                              File Size: 672056    BYTES    FileVersion:  5.4.1.0        MD5: [21f2b555c0a904232f00c480219a35a8]
Qt5Widgets.dll                              File Size: 4473656   BYTES    FileVersion:  5.4.1.0        MD5: [c14017b307fb9a222ce12f7ba6c7a9c8]
unins000.dat                                File Size: 35047     BYTES    FileVersion:  N/A            MD5: [49ea7aa2100249e0dfe83b4717d88d36]
unins000.exe                                File Size: 720085    BYTES    FileVersion:  51.52.0.0      MD5: [f1505d347325c77e3eeef418495e1f57]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.pif                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
firefox.scr                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
iexplore.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.com                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.exe                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.pif                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-chameleon.scr                          File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
mbam-killer.exe                             File Size: 1503544   BYTES    FileVersion:  3.0.15.0       MD5: [f604a8e64d02412be1d4b94c6f294b14]
rundll32.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
svchost.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
windows.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]
winlogon.exe                                File Size: 893752    BYTES    FileVersion:  3.1.27.0       MD5: [e9a75e4b409a01e52055ce7cca7ff925]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 28472     BYTES    FileVersion:  5.4.1.0        MD5: [98abe94698324f6326781e492e774bd3]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87404     BYTES    FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                                  File Size: 133911    BYTES    FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                                  File Size: 92634     BYTES    FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                                  File Size: 105193    BYTES    FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                                  File Size: 88039     BYTES    FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                                  File Size: 139276    BYTES    FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                                  File Size: 126897    BYTES    FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                                  File Size: 3081      BYTES    FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                                  File Size: 138468    BYTES    FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                                  File Size: 107794    BYTES    FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                                  File Size: 130793    BYTES    FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                                  File Size: 141996    BYTES    FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                                  File Size: 98928     BYTES    FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                                  File Size: 132359    BYTES    FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                                  File Size: 134154    BYTES    FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                                  File Size: 73762     BYTES    FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                                  File Size: 85731     BYTES    FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                                  File Size: 90799     BYTES    FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                                  File Size: 90659     BYTES    FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                                  File Size: 133514    BYTES    FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                                  File Size: 129833    BYTES    FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                                  File Size: 133827    BYTES    FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                               File Size: 136918    BYTES    FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                               File Size: 136982    BYTES    FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                                  File Size: 90458     BYTES    FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                                  File Size: 137874    BYTES    FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                                  File Size: 131080    BYTES    FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                                  File Size: 107631    BYTES    FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                                  File Size: 129135    BYTES    FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                                  File Size: 88838     BYTES    FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                                  File Size: 133386    BYTES    FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                               File Size: 87797     BYTES    FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 928568    BYTES    FileVersion:  5.4.1.0        MD5: [1dadf33fdeaabb550384beaef851313b]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 822584    BYTES    FileVersion:  1.4.0.1001     MD5: [16fd048f3362bf6fd2050ef22b85dba8]

C:\Users\Scott_000\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 4455      BYTES    FileVersion:  N/A            MD5: [e57e3639810c722c6cd44727b55743a7]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 420869    BYTES    FileVersion:  N/A            MD5: [9f713c5e689bc93c33dddedab94637bd]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 128189    BYTES    FileVersion:  N/A            MD5: [9802c698991af460d6bb6b69d221dd7e]
rules.ref                                   File Size: 9972956   BYTES    FileVersion:  N/A            MD5: [0afe9a4db304759e00294c15e0c7d1fc]
swissarmy.ref                               File Size: 27849     BYTES    FileVersion:  N/A            MD5: [2ce389bbcd0b5ed1ce98cc04fde453e8]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4599      BYTES    FileVersion:  N/A            MD5: [b7a54ffd36832238f7e42b54e5e8aa64]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 1168      BYTES    FileVersion:  N/A            MD5: [8f606c03b7745f71b2f537bea3b9afb5]
license.conf                                File Size: 1533      BYTES    FileVersion:  N/A            MD5: [cf3f5763d04b3f445ac93a6034308546]
manifest.conf                               File Size: 3387      BYTES    FileVersion:  N/A            MD5: [467fac06674ea3ccbee48ea18a8f867f]
marketing.conf                              File Size: 7288      BYTES    FileVersion:  N/A            MD5: [17c7c98776f2224aa181d27248c63c30]
net.conf                                    File Size: 7204      BYTES    FileVersion:  N/A            MD5: [96fd53dcb2b1f567b89995ccb877953a]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 3331      BYTES    FileVersion:  N/A            MD5: [6c9c19a42bb4f14a113080ea6acd0084]
settings.conf                               File Size: 2188      BYTES    FileVersion:  N/A            MD5: [d9c93c4d6244c9061da2eba32e1ee38b]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [6e4edf3fe2610e5e9658b5a64f303660]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4178      BYTES    FileVersion:  N/A            MD5: [6759bfb0d20758e828f322cb432d8acb]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 3184      BYTES    FileVersion:  N/A            MD5: [f9da45921ee39ca76afc39467ebc8e0a]
marketing.conf                              File Size: 6944      BYTES    FileVersion:  N/A            MD5: [c2133abde83f47a94e64d581e20b29cd]
net.conf                                    File Size: 6402      BYTES    FileVersion:  N/A            MD5: [859eb83405ed41b02f5a960bfb4ab573]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1725      BYTES    FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-02-18 (00-42-12).xml          File Size: 2592      BYTES    FileVersion:  N/A            MD5: [3a2d17437afb9d932f2db5a659ea2ddf]
mbam-log-2016-02-19 (08-58-54).xml          File Size: 2582      BYTES    FileVersion:  N/A            MD5: [91aa7676694e09a651c58857dbd632a6]
protection-log-2016-02-18.xml               File Size: 15573     BYTES    FileVersion:  N/A            MD5: [228fd1db4f82dcb04b902f0e32b6b424]
protection-log-2016-02-19.xml               File Size: 23127     BYTES    FileVersion:  N/A            MD5: [1bbd5eaf9db542c1840a79258a3689f9]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE

 



#9 Scottiesmusicroom

Scottiesmusicroom
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:53 PM

Posted 19 February 2016 - 11:26 AM

Without restarting the computer after installing Rkill run the suggested scans and post the results in your topic.

Sorry I got excited to get help I overlooked your instructions all the way. I will follow the instructions as you all say. If I feel that you are helping and really not malware yourself. However I see that you are real from the programs you recommended already. I know some i just am out of date on my training. I messed with local policy and acted as the operating system the other day. Yikes...



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:53 PM

Posted 19 February 2016 - 11:39 AM

I understand your caution, but you will not need to be concerned about this here at Bleeping Computer.

 

If you look at the instructions for running Malwarebytes there are separate instructions for finding and posting its log.  Please do so as the scan you posted doesn't shoe the Malware and Web Exclusions.  Just to be through I would like for you to run one other program to check for malware.

 

 
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

  • Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #11 Scottiesmusicroom

    Scottiesmusicroom
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:04:53 PM

    Posted 19 February 2016 - 11:59 AM

    I am reading your reply very slow. Here is an update with screen shots. I am finding in the Local security policy's that the settings are being changed all around. And ESET is finding infections!! We are getting somewhere!! I am writing you on the laptop now.. So the fact Im online in amazing! I think I need to clear the local polcy asap I just dont know the quick way?? I see they tell you default options but I dont want to mess with it and it be the programs you say helping. however I have firewalls down to do this and am worried they can be changing all my policy as we speak.. I am just a regular home workgroup and I am on windows 8.1 pro with media center and Microsoft office Professional Plus 2007 so understand that my computer is very built with the tools to alter the policys that can compromise my systems integrity as I learned they are not something to mess with. but as you see its to late. i need to reverse this as well. So please keep this in mind in the following steps ahead. I need to get the 80 changed local policys changed that I didnt change under control. but I am doing as you say! Here are screen shots as I wait on the scans. I am also getting info to give. I have them in paint files as pics. I cant figure out how to attach the pics.

     

     



    #12 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,612 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:03:53 PM

    Posted 19 February 2016 - 12:04 PM

    Let's do one thing at a time.  The first thing to do is to clean the computer of any malware, then once it is clean we can move on if needed.
     
     
    You can post the screenshot in your next post as an attachment.  
     
    Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options
     
    Post2_zpsf05c0430.png
     
    When you click on More Relpy Options  you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you want to post, then click on Attach This File, then Add Reply.
     
    attachment_zps9v6amtri.png

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #13 Scottiesmusicroom

    Scottiesmusicroom
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:04:53 PM

    Posted 19 February 2016 - 12:14 PM

    I am reading your reply very slow. Here is an update with screen shots. I am finding in the Local security policy's that the settings are being changed all around. And ESET is finding infections!! We are getting somewhere!! I am writing you on the laptop now.. So the fact Im online in amazing! I think I need to clear the local polcy asap I just dont know the quick way?? I see they tell you default options but I dont want to mess with it and it be the programs you say helping. however I have firewalls down to do this and am worried they can be changing all my policy as we speak.. I am just a regular home workgroup and I am on windows 8.1 pro with media center and Microsoft office Professional Plus 2007 so understand that my computer is very built with the tools to alter the policys that can compromise my systems integrity as I learned they are not something to mess with. but as you see its to late. i need to reverse this as well. So please keep this in mind in the following steps ahead. I need to get the 80 changed local policys changed that I didnt change under control. but I am doing as you say! Here are screen shots as I wait on the scans. I am also getting info to give. I have them in paint files as pics. I cant figure out how to attach the pics.

     

     



    #14 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,612 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:03:53 PM

    Posted 19 February 2016 - 12:34 PM

    Once again I have forgotten that this is posted in the Am I Infected forum.  In this forum you can't use the method outlined in post #12.  The only way you can post an image in this topic would be to use a host website like Photobucket where you can upload the image and copy and paste a hyperlink to the image.  My apologies for any confusion.


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #15 Scottiesmusicroom

    Scottiesmusicroom
    • Topic Starter

    • Members
    • 21 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:04:53 PM

    Posted 19 February 2016 - 01:10 PM

    Once again I have forgotten that this is posted in the Am I Infected forum.  In this forum you can't use the method outlined in post #12.  The only way you can post an image in this topic would be to use a host website like Photobucket where you can upload the image and copy and paste a hyperlink to the image.  My apologies for any confusion.

    Ok PHEW! I have been sitting here panicking that I am back to fake websites again. I am so glad that you said something. I was thinking that you were hinting Photobucket and just not saying it to throw off any viruses from knowing what we were doing. But I was thinking that would be very far fetched to have to do. But I was already going to photo bucket and then said no because firewalls are letting scanners work and I dont want too risk anything in the wild getting in. So we will just wait for my results. here is an update

     

    1. ESET has been going for over an hour and is still at 30%. It has been at a constant 30% since you told me to start the scan. It is still scanning file by file however and is not stalled as I can see the files scanning one by one. Is there anyway to speed up the process on the scan to give it more priority?

     

    2. EMISOFT found 0 threats. I am now running a complete scan with the tool. I figured it will be safer then sorry.

     

    3. Malwarebytes found the first trojan this morning. You can find the screen shot in my first post. The trojan came right away following restore from my dell USB from dell they overnight shipped me as there Dell Backup and recovery failed me. The DBR is reinstalled and created the recovery again. Of coarse my antivirus Total Defender Internet security suite from my internet provider says Malware right away at the dell driver and update site. This is in Https even. So I dont know what that is all about. However Dell claims to not have any idea. This makes me wonder about the DellRoot issue they had. I looked and see no Edellroot issues with the certificates. I do see in my firefox that in the certificates section under Server certificates it has them all saying they cant be verified and when I read the about certicate and look at the names they all say aka Mozilla.fireox.BOGUS certif. I dont know if they are actually installed and an issue or if they are just to make sure I dont get bogus certificates. I dont know just giving good details to help diagnose.

     

     

    Finally for now ESET is not 1:30:00into the scan and still at 30% and scanning system 32. It still says 6 possible threats.

     

    A variant of WIN32/NETFILTER.A

    A vairant of WIN64/NETFILTER.A

    A variant of WIN32/NETFILTER.A

    A vairant of WIN64/NETFILTER.A

    A variant of WIN32/NETFILTER.A

    A vairant of WIN64/NETFILTER.A

     

     

    AND EMISOFT at 67% of full custom scan of all drives. It has no infections so far and scanned almost 260,000 Files on this fresh reinstalled windows 8.1 pro with upates and Office 2007 pack. That is a lot of files to me. It is running some kind of Winsock proccesses, and scanning folders called WOW64 that almost looks like another System32 to me. I dont know I may just be talking about normal dell computer files but I figure anything helps. I am just documenting as I am going along now. If I am overloading you with information or saying to much please let me know. I am just done with feeling isolated and offline by myself with all of this.

     

     

    Also I have found a group policy change that I did not make. It says Log on as service> NT/ALL SERVICES. It is normally no one. I removed the all services nervous. Was this the programs? If I need to put it back let me know. I just am not letting any hackers inside that easy. Policys are changing left and right and making me uncomfortable.

     

    But ESET is looking good!






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users