Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to edit registry, task manager greyed out & unable to install any app


  • This topic is locked This topic is locked
35 replies to this topic

#1 aszx333

aszx333

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 12:37 AM

Hi

I am unable to unable to install new apps, unable to open my regisry, task manager is greyed out.

 

The message pops up "Registry editing has been disabled by your Administrator"

 

This is newly installed window as yesterday my old also got same message & all my apps/programs crashed, so i thought re-installing with complete formatting of window drive will solve my problem, but even on new window the problem remains.

 

I have tried almst every option available on net to enable my registry editing but none worked.

 

This issue is also not allowing to install Malwarebyte for any scan of malware etc.

 

Plz help me out.


Edited by hamluis, 26 June 2016 - 06:07 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:25 AM

Posted 26 June 2016 - 06:18 AM

If you formatted the hdd and installed Windows from a legit source then I would think....if malware is involved...either

an external drive or your router is reinfecting your computer.

 

What source for Windows are you using to install Windows?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 06:29 AM

I have used an external CD/DVD ROM for installation.

 

Recently, about an hour ago, I was able to install "SUPERANTISPYWARE", I scaned whole system and it removed threats, but still the problem remains the same.



#4 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:25 AM

Posted 26 June 2016 - 08:25 AM

I have used an external CD/DVD ROM for installation.

 

Which begs the question....from where did you get the DVD? Did you purchase it and from where?

 

The chance that a legit DVD...not one you may have downloaded from a site other than Microsoft or purchased at a much reduced price....being

responsible for installing malware on a formatted hdd is extremely small.

 

SAS is no longer considered a top of the line security program. But if you can install it, that makes me think MBAM installation should be possible, too.

 

EDIT: How old is this DVD? Does it contain only the original Windows 7 or is it a later one containing Windows 7.1?

 

What happens when you attempt to update Windows 7?

 

Other than SAS.....what other programs have you installed?


Edited by buddy215, 26 June 2016 - 08:36 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:25 AM

Posted 26 June 2016 - 10:09 AM

Download RKill and run it.  With it running try installing Malwarebytes and run it.

 

Please download and run RKill
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
mbam1_zps98e7fba9.png
 
3)  Click on Settings, you will see a image like the one below.
 
malware%20settings_zpsixkea5sd.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
 

 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
Post this in your topic.

Edited by dc3, 26 June 2016 - 10:09 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 10:13 AM

it is a windows 7 downloaded from Microsoft MSDN Portal (for academia) comes with legit key,

windows updation is fine

 

Other then SAS, I also have tried SpyBoot S&D and ReimageRepair.

 

 

For Enabling Registry Editing I have tried using Symantec UnHookExec, cmd method, gpedit.msc method, vbs method & renaming regedit, but none worked for me.

 

It is also strange for me that why MBM not working for me & why none working for registry editing.



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:25 AM

Posted 26 June 2016 - 10:26 AM

This is why I suggested that you run RKill.  As I previously post RKill kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  Try this and see what happens.

 

You could also try installing Malwarebytes in Safe Mode.

 

Spybot S&D at one time was a decent program.  But unfortunately they haven't kept this program up to date.  Malwarebytes AntiMalware seems to be the current tool of choice for malware.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:25 AM

Posted 26 June 2016 - 11:01 AM

Reimage is not in the least a desirable program to have on your computer. Neither is Spybot S&D as it will interfere with other scans and has long since lost favor of security pros.

 

Please try to uninstall both. There are security programs that will remove Reimage calling it a PUP. It is simply....in my opinion...scamware.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 11:56 AM

Here is log of MBM

 

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 7  32 bit Operating System
Current Version and Build:         6.1.7600
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/06/26
Malware Database:                  2016.06.26.03
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.06.21.01
IP Database:                       2016.06.26.01
Domain Database:                   2016.06.26.02
License:                           Trial
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/06/26 21:05:57

User Information for Local System:
===========================================
User Account: Administrator
 Account Level: Admin
User Account: Guest
 Account Level: Guest
User Account: HomeGroupUser$
 Account Level: Guest
User Account: UMAR
 Account Level: Admin
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
 DWORD 0 Status: OFF
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
 DWORD 5 Status: ON

AntiVirus Information:
===================
NO AntiVirus Software Installed

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed: "Windows Defender"
AntiSpyware Software Installed: "Spybot - Search and Destroy"

Machine Information
===============================================
Machine ID: d1179008dd8091cdf7f52bbeaa48587d5a1c3186
Installation Token: BTQK1atGzjsgjEAbC7bF1466955033
System has been up for:  0.470556 Hours
System has been booted within the last hour
Current Date: 2016-Jun-26 16:06:07.681776
Date Booted: 2016-Jun-26 16:06:07.681776

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 E:\win 7 drivers 32 bit\sp46732.exeREG_SZ  WINXPSP2

 

Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\Windows\system32\drivers\mbam.sys
File Size: 24448     BYTES FileVersion: 0.1.16.0 MD5: [a1d52db330e18b5a7a718d31d950ca87]
C:\Windows\system32\drivers\mwac.sys
File Size: 53120     BYTES FileVersion: 1.0.6.0 MD5: [66ddf98174707cbadbca6bbabda1231c]
C:\Windows\system32\drivers\mbamswissarmy.sys
File Size: 170200    BYTES FileVersion: 0.3.0.4 MD5: [5023f594d5448e16f920157174c61358]
C:\Windows\system32\drivers\mbamchameleon.sys
File Size: 126336    BYTES FileVersion: 1.1.22.0 MD5: [22649dc583ae1f124c12fb1d39ae8b0b]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMService:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMScheduler:--------------
Type:                   16
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A

--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
 DisplayName                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1001
 Group                         REG_SZ  NetworkProvider
 ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
 Description                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1002
 ObjectName                    REG_SZ  NT AUTHORITY\LocalService
 ErrorControl                  REG_DWORD  1
 Start                         REG_DWORD  2
 Type                          REG_DWORD  32
 DependOnService               REG_MULTI_SZ RpcSs

 ServiceSidType                REG_DWORD  3
 RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege

 FailureActions                REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
 ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 ServiceDllUnloadOnStop        REG_DWORD  1
 ServiceMain                   REG_SZ  BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
 {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

 {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

 {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

 {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

 {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

 {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

 {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

 {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

 {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
 {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

 {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

 {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

 {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
 {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

 {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
 AttachWhenLoaded              REG_DWORD  1
 DisplayName                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
 Group                         REG_SZ  FSFilter Infrastructure
 ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
 Description                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 ErrorControl                  REG_DWORD  3
 Start                         REG_DWORD  0
 Tag                           REG_DWORD  1
 Type                          REG_DWORD  2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
 0                             REG_SZ  Root\LEGACY_FLTMGR\0000
 Count                         REG_DWORD  1
 NextInstance                  REG_DWORD  1

C:\Windows\system32\drivers\fltmgr.sys
File Size: 198208    BYTES FileVersion: 6.1.7600.16385 MD5: [7520ec808e0c35e0ee6f841294316653]
C:\Windows\system32\olepro32.dll
File Size: 90112     BYTES FileVersion: 6.1.7600.16385 MD5: [c10459dbdc2099c5a8428cb7d87db85f]

MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced:
    AutomaticQuarantine:                                       true
    AutostartProtection:                                       true
    LimitedMode:                                               false
    StartSilentMode:                                           false
    StartupDelay:                                              -15
ApplicationState:
    First-Run-After-Installation:                              false
General:
    DaysUntilNotifyExpiration:                                 5
    Language:                                                  en
    RightClickAccess:                                          true
    SilentErrors:                                              false
Logging:
    ExportLog:                                                 true
Marketing:
    LastPostScanMarketingIndex:                                1
Notification:
ProtectionTray:
    DisplayMilliseconds:                                       3000
ScanHistory:
    Duration_Complete:                                         473636
    Duration_Driver:                                           0
    Duration_Filesystem:                                       744
    Duration_Heuristics:                                       529004
    Duration_Loading:                                          0
    Duration_MasterBootRecord:                                 0
    Duration_Memory:                                           40000
    Duration_PreScan:                                          81279
    Duration_Registry:                                         41573
    Duration_Sector:                                           0
    Duration_Startup:                                          146978
    ItemCount_Complete:                                        248304
    ItemCount_Driver:                                          0
    ItemCount_Filesystem:                                      17630
    ItemCount_Heuristics:                                      5769
    ItemCount_Loading:                                         0
    ItemCount_MasterBootRecord:                                0
    ItemCount_Memory:                                          2797
    ItemCount_PreScan:                                         81250
    ItemCount_Registry:                                        546
    ItemCount_Sector:                                          0
    ItemCount_Startup:                                         3920
    LastRemovalRequiredDOR:                                    false
    LastScanDateEpoch:                                         1466955756648
    LastScanType:                                              1 (Threat Scan)
    QuarantineCompletedCount:                                  8
Update:
    LastUpdate:                                                2016-06-26T15:35:41
    NotifyInstallReady:                                        true
    NotifyOutdatedDatabase:                                    7
    ProxyPassword:                                             
    ProxyPort:                                                 0
    ProxyServer:                                               
    ProxyUsername:                                             
    UseProxy:                                                  false
    UseProxyAuthentication:                                    false
    CheckProgramUpdates:              true
--------------Account:--------------
  Account Status:                                              Trial
  Expiration Time:                                             2016/07/10 15:30:35
  Activation Time:                                             2016/06/26 20:30:34
  Trial Used:                                                  true
--------------Access Policies:--------------

Scheduler Queue:
================

tasks:
    5dd21a07-6930-42ed-bcad-7c94ad67d25e:                      
      parameters:                                              
        NotifyWhenUpdateCompletes:                             false
        TaskType:                                              3
      triggers:                                                
        64d4f2e7-c0c3-4627-ac3a-98ea21856e10:                  
          dateinterval:                                        0:0:0 (Days:Months:Years)
          lastscheduled:                                       Sun, 26 Jun 2016 21:03:57.087880 +0500
          lasttriggered:                                       Sun, 26 Jun 2016 21:03:57.087880 +0500
          nextscheduled:                                       Sun, 26 Jun 2016 21:47:12.051541 +0500
          recovery:                                            00:00:00 (Hours:Minutes:Seconds)
          start:                                               Sun, 26 Jun 2016 20:52:43.051541 +0500
          timeinterval:                                        01:00:00 (Hours:Minutes:Seconds)
          type:                                                Hourly
          uuid:                                                64d4f2e7-c0c3-4627-ac3a-98ea21856e10
      type:                                                    update
      uuid:                                                    5dd21a07-6930-42ed-bcad-7c94ad67d25e
    e76ff9e5-8867-4b07-9e21-a3ea2ea230c2:                      
      parameters:                                              
        AutoDelete:                                            false
        CheckForUpdatesBeforeScanStart:                        true
        ScanConfig:                                            
          ExportLog:                                           true
          FileSystemOption:                                    true
          Quarantine:                                          Prompt
          RebootSystemWhenMalwareDetected:                     false
          ScanArchives:                                        true
          ScanExtra:                                           true
          ScanHeuristic:                                       true
          ScanMemoryObjects:                                   true
          ScanPUM:                                             Treat Detections as Malware
          ScanPUP:                                             Treat Detections as Malware
          ScanRegistry:                                        true
          ScanRootkits:                                        false
          ScanSource:                                          1
          ScanStartup:                                         true
          ScanTargets:                                         
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true
        StartTaskFromSystemAccount:                            false
        TaskType:                                              0
      triggers:                                                
        38ffe32c-7151-48b9-aede-7d23628bd487:                  
          dateinterval:                                        1:0:0 (Days:Months:Years)
          lastscheduled:                                       
          lasttriggered:                                       
          nextscheduled:                                       Mon, 27 Jun 2016 02:12:41 +0500
          recovery:                                            23:00:00 (Hours:Minutes:Seconds)
          start:                                               Mon, 27 Jun 2016 02:18:26 +0500
          timeinterval:                                        00:00:00 (Hours:Minutes:Seconds)
          type:                                                Daily
          uuid:                                                38ffe32c-7151-48b9-aede-7d23628bd487
      type:                                                    scan
      uuid:                                                    e76ff9e5-8867-4b07-9e21-a3ea2ea230c2

Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
 Type                          REG_DWORD  2
 Start                         REG_DWORD  3
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
 Group                         REG_SZ  FSFilter Anti-Virus
 DependOnService               REG_MULTI_SZ FltMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
 DefaultInstance               REG_SZ  MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
 Altitude                      REG_SZ  328800
 Flags                         REG_DWORD  0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
 PassThruFile                  REG_SZ  mbampt.exe
 ProductPath                   REG_SZ  C:\Program Files\Malwarebytes Anti-Malware
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum
 0                             REG_SZ  Root\LEGACY_MBAMPROTECTOR\0000
 Count                         REG_DWORD  1
 NextInstance                  REG_DWORD  1

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
 Type                          REG_DWORD  16
 Start                         REG_DWORD  2
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe"
 DependOnService               REG_MULTI_SZ MBAMProtector

 ObjectName                    REG_SZ  LocalSystem
 Description                   REG_SZ  Malwarebytes Anti-Malware service
 DelayedAutostart              REG_DWORD  0

MBAMScheduler Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
 Type                          REG_DWORD  16
 Start                         REG_DWORD  2
 ErrorControl                  REG_DWORD  1
 ImagePath                     REG_EXPAND_SZ "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe"
 ObjectName                    REG_SZ  LocalSystem
 Description                   REG_SZ  Malwarebytes Anti-Malware scheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
 SystemPartition REG_SZ  \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

Language and Regional Settings:
===============================

ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
 (Default):                    REG_SZ  IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files\Malwarebytes Anti-Malware

 

List of MBAM Related Directories:
=================================

C:\Program Files\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 922080    BYTES FileVersion:  9.20.0.0       MD5: [14079a2411fa2bb7f78bc100c92bbcc2]
changes.txt                              File Size: 1596      BYTES FileVersion:  N/A            MD5: [09371a0c8bd9e9554571da257d554d3e]
cloud-enumeration.dll                    File Size: 287200    BYTES FileVersion:  1.0.1.0        MD5: [84ac20b9327dbd4d94039be93384dad5]
cloud.dll                                File Size: 352736    BYTES FileVersion:  1.0.1.0        MD5: [5659790448fb136a80be407c4a0dbb50]
license.rtf                              File Size: 38870     BYTES FileVersion:  N/A            MD5: [ed36ea764c3a452334416713c8cf1eed]
master.conf                              File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 609760    BYTES FileVersion:  1.0.40.0       MD5: [c4a51c1cb174066fdaf383c09f0d574b]
mbam.exe                                 File Size: 9926112   BYTES FileVersion:  2.3.173.0      MD5: [8e98e3ec16d2641005b4748cd330fb45]
mbamcore.dll                             File Size: 2127840   BYTES FileVersion:  1.3.24.0       MD5: [63ce66ef2b30a09308eafe29baec6a75]
mbamdor.exe                              File Size: 128992    BYTES FileVersion:  1.0.2.0        MD5: [dd9b944e794a86e9b8d72d60d6b07534]
mbamext.dll                              File Size: 381920    BYTES FileVersion:  3.1.1.0        MD5: [1a29329d4abdb7d765a9ed2bfe39a515]
mbampt.exe                               File Size: 122848    BYTES FileVersion:  1.0.57.0       MD5: [245512bb67228c7fb76c16dd76d4c5d7]
mbamresearch.exe                         File Size: 2031072   BYTES FileVersion:  1.1.1.0        MD5: [af195bbbee85aa868340494f703eb8f5]
mbamscheduler.exe                        File Size: 1514464   BYTES FileVersion:  3.1.7.0        MD5: [9611577752e293259c7dce19e9026362]
mbamservice.exe                          File Size: 1136608   BYTES FileVersion:  3.2.21.0       MD5: [f1a89a34388b5626f1548d393b23ecb1]
mbamsrv.dll                              File Size: 3863008   BYTES FileVersion:  2.1.10.0       MD5: [a33629c51295570fe9f252a39ddcea93]
msvcp100.dll                             File Size: 422880    BYTES FileVersion:  10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c]
msvcr100.dll                             File Size: 775648    BYTES FileVersion:  10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c]
Qt5Core.dll                              File Size: 4646880   BYTES FileVersion:  5.4.1.0        MD5: [91c7c50b2a290b82604163b5a679ea24]
Qt5Gui.dll                               File Size: 4640224   BYTES FileVersion:  5.4.1.0        MD5: [1d59b3e632aef8e24cc1707fd411113b]
Qt5Network.dll                           File Size: 673248    BYTES FileVersion:  5.4.1.0        MD5: [e089635a8cbed229ec30cdbe29748c08]
Qt5Widgets.dll                           File Size: 4474848   BYTES FileVersion:  5.4.1.0        MD5: [33881dda0ccc3898facadf1e4d1df237]
unins000.dat                             File Size: 36940     BYTES FileVersion:  N/A            MD5: [4f4980c3afd02ce1abdc9e0fefa997a1]
unins000.exe                             File Size: 793813    BYTES FileVersion:  51.52.0.0      MD5: [626a6ea4644caf48a614659dd0a1ab03]

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                            File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.exe                              File Size: 1038304   BYTES FileVersion:  3.1.29.0       MD5: [a6e4cc03d9d0bd29e66bda2ed5498213]
firefox.pif                              File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
firefox.scr                              File Size: 1030112   BYTES FileVersion:  3.1.29.0       MD5: [96d6c3f4ae0bccad28c6a86894fea9d1]
iexplore.exe                             File Size: 1030112   BYTES FileVersion:  3.1.29.0       MD5: [b9af11864363211f92f42075370e0806]
mbam-chameleon.com                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.exe                       File Size: 1042400   BYTES FileVersion:  3.1.29.0       MD5: [2876980605dcf27b38e59c9073b221ff]
mbam-chameleon.pif                       File Size: 960480    BYTES FileVersion:  3.1.29.0       MD5: [f86a4139730504047f52ccfb8c47e9f5]
mbam-chameleon.scr                       File Size: 1038304   BYTES FileVersion:  3.1.29.0       MD5: [70f8c335958e9e1098d3cda1a2114503]
mbam-killer.exe                          File Size: 1574368   BYTES FileVersion:  3.0.15.0       MD5: [f4a6d4414006854cbf3a2424d61f30a4]
rundll32.exe                             File Size: 1030112   BYTES FileVersion:  3.1.29.0       MD5: [de48508847dde0e960ef03ddeb3ae366]
svchost.exe                              File Size: 1038304   BYTES FileVersion:  3.1.29.0       MD5: [b16ebcbf4dab7c72149595ed8f8e84a5]
windows.exe                              File Size: 1038304   BYTES FileVersion:  3.1.29.0       MD5: [39b02c78a5db45cfbf6e7e1da0702c31]
winlogon.exe                             File Size: 1038304   BYTES FileVersion:  3.1.29.0       MD5: [bea57b4427eeb911ec051f8640c738d9]

C:\Program Files\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d]
qico.dll                                 File Size: 29664     BYTES FileVersion:  5.4.1.0        MD5: [7b36d94db81b8b0dfd9323228dd96b51]

C:\Program Files\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                               File Size: 87404     BYTES FileVersion:  N/A            MD5: [269d3107ca72a75fe154ce4ff718af50]
lang_bg.qm                               File Size: 133911    BYTES FileVersion:  N/A            MD5: [376ad1e4ad206bc32da09b12b564ecc4]
lang_ca.qm                               File Size: 92634     BYTES FileVersion:  N/A            MD5: [2d35f58b0c2db44ad2717f4a4526a085]
lang_cs.qm                               File Size: 105193    BYTES FileVersion:  N/A            MD5: [2c191de828d5e05fd7afa27ee1245023]
lang_da.qm                               File Size: 88039     BYTES FileVersion:  N/A            MD5: [f8a4941d5d388160d252832a77ab584f]
lang_de.qm                               File Size: 139276    BYTES FileVersion:  N/A            MD5: [b55f37281f0fcadfae67aecf0bf4cca5]
lang_el.qm                               File Size: 126897    BYTES FileVersion:  N/A            MD5: [bd671253e071bac626beea63393abcda]
lang_en.qm                               File Size: 3081      BYTES FileVersion:  N/A            MD5: [e2790b3cd9fdd9d3e266e9623fe477af]
lang_es.qm                               File Size: 138468    BYTES FileVersion:  N/A            MD5: [cc4f3aab63d933d5964e2bba62df4277]
lang_et.qm                               File Size: 107794    BYTES FileVersion:  N/A            MD5: [aa4845cd64b20377cea0ebc66eed4a42]
lang_fi.qm                               File Size: 130793    BYTES FileVersion:  N/A            MD5: [00653d1fb2f790817aef991025c176aa]
lang_fr.qm                               File Size: 141996    BYTES FileVersion:  N/A            MD5: [e06db8ef6b826b75ec5859913651ed44]
lang_he.qm                               File Size: 98928     BYTES FileVersion:  N/A            MD5: [2954e902664f2e129f8a8d8238e90552]
lang_hu.qm                               File Size: 132359    BYTES FileVersion:  N/A            MD5: [6bf3b8c78fd393ef2811a19742518b9a]
lang_id.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [6be058072a90897595c6f097a3caa797]
lang_it.qm                               File Size: 134154    BYTES FileVersion:  N/A            MD5: [183990148beec433023688db65a7bf2e]
lang_ja.qm                               File Size: 73762     BYTES FileVersion:  N/A            MD5: [f6bfd643cb92fa760ae6ec64344ee7e1]
lang_ko.qm                               File Size: 85731     BYTES FileVersion:  N/A            MD5: [53b5a94eb309d69993a5bc3cd43a85e4]
lang_lt.qm                               File Size: 90799     BYTES FileVersion:  N/A            MD5: [eecd8edca1fb068ad3bd88aa711bdae2]
lang_lv.qm                               File Size: 90659     BYTES FileVersion:  N/A            MD5: [683950904e725821740217824df440ff]
lang_nl.qm                               File Size: 133514    BYTES FileVersion:  N/A            MD5: [442a6cf7e07e6f676d8b5ae41637549c]
lang_no.qm                               File Size: 129833    BYTES FileVersion:  N/A            MD5: [8949e21e367e5a32ca9f36d8d22c9771]
lang_pl.qm                               File Size: 133827    BYTES FileVersion:  N/A            MD5: [48379f4ac164adfc8d448bf53c8e2df8]
lang_pt_BR.qm                            File Size: 136918    BYTES FileVersion:  N/A            MD5: [b1ea2002cf5362b24ca0a026f448e3f1]
lang_pt_PT.qm                            File Size: 136982    BYTES FileVersion:  N/A            MD5: [5e23b66cb6d8d9894b991cc8f33658af]
lang_ro.qm                               File Size: 90458     BYTES FileVersion:  N/A            MD5: [bcf524020255c4f7a6fdbae8df2bfe81]
lang_ru.qm                               File Size: 137874    BYTES FileVersion:  N/A            MD5: [5e28394fbd12f21301e2b7e1a9dbac94]
lang_sk.qm                               File Size: 131080    BYTES FileVersion:  N/A            MD5: [68e0e95e7131d101188a57e3a413dee5]
lang_sl.qm                               File Size: 107631    BYTES FileVersion:  N/A            MD5: [83755001a3f1bd527d0b4b7a77d0b37d]
lang_sv.qm                               File Size: 129135    BYTES FileVersion:  N/A            MD5: [b3c38242beb63f895fabcc14bbc6807a]
lang_tr.qm                               File Size: 88838     BYTES FileVersion:  N/A            MD5: [1e4a3c0dcd7074ad4a3971ce67762cda]
lang_vi.qm                               File Size: 133386    BYTES FileVersion:  N/A            MD5: [586de19c023986bf884ad56fc29c8f5e]
lang_zh_TW.qm                            File Size: 87797     BYTES FileVersion:  N/A            MD5: [e120a014cf077bdcbcdcbf98c3438188]

C:\Program Files\Malwarebytes Anti-Malware\\platforms
qwindows.dll                             File Size: 929760    BYTES FileVersion:  5.4.1.0        MD5: [6c54d2ebeaacbe9b56816536041c8281]

C:\Program Files\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                            File Size: 905696    BYTES FileVersion:  1.4.0.1001     MD5: [06f45e08b08011e3d39c2bc308b6d6a6]

C:\Users\UMAR\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                              File Size: 8263      BYTES FileVersion:  N/A            MD5: [c312abcb0e4fa4d6007dcd1976b49b77]
akadomains.ref                           File Size: 92        BYTES FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                               File Size: 92        BYTES FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                              File Size: 659915    BYTES FileVersion:  N/A            MD5: [e24e8d5dbad77614ae2b251e93317002]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                  File Size: 137874    BYTES FileVersion:  N/A            MD5: [71ca01f6294c2ad66d7452abe27dad44]
rules.ref                                File Size: 9655741   BYTES FileVersion:  N/A            MD5: [e449b3c07e17360383295ce6bfcfca9a]
swissarmy.ref                            File Size: 28249     BYTES FileVersion:  N/A            MD5: [796931ca33465057e4349a3844809397]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4585      BYTES FileVersion:  N/A            MD5: [fb9c89aabd7997c46c8f347f05d979f7]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 1609      BYTES FileVersion:  N/A            MD5: [c94e80d179a118fe455ed466dd4c2f66]
manifest.conf                            File Size: 3388      BYTES FileVersion:  N/A            MD5: [06a4d244adaa3c03b4df661229fce3b9]
marketing.conf                           File Size: 7318      BYTES FileVersion:  N/A            MD5: [cd6e1293e83e42fdf54ca5766c533a69]
net.conf                                 File Size: 7325      BYTES FileVersion:  N/A            MD5: [ca0bbd5aee2cba2cf91d121b42230503]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2047      BYTES FileVersion:  N/A            MD5: [f82cfc74c85f4fd37e04f46d19f04880]
settings.conf                            File Size: 2125      BYTES FileVersion:  N/A            MD5: [d2d04adb3b97d14328f22c775a2c8441]
statistics.conf                          File Size: 513       BYTES FileVersion:  N/A            MD5: [0f79f2ddd1eb63c22612f969e6bd54bd]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                               File Size: 4179      BYTES FileVersion:  N/A            MD5: [20d9566b3cf94f1e395de8f40046fc68]
database.conf                            File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 23        BYTES FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                            File Size: 3171      BYTES FileVersion:  N/A            MD5: [a6e5576f7723acab40490fb9e64dfc1c]
marketing.conf                           File Size: 6974      BYTES FileVersion:  N/A            MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28]
net.conf                                 File Size: 6530      BYTES FileVersion:  N/A            MD5: [9fb4acfdc11c7af48a760db4c7bfebf0]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                            File Size: 1724      BYTES FileVersion:  N/A            MD5: [e27b42126b89352fdaae8f1630b9a8d8]
statistics.conf                          File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2016-06-26 (20-41-53).xml       File Size: 7480      BYTES FileVersion:  N/A            MD5: [ff6cdac4e3e7104c990e4ab847be7852]
protection-log-2016-06-26.xml            File Size: 6793      BYTES FileVersion:  N/A            MD5: [d4ba89282b34d797a5bbe56025f72dcd]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
1174329722.data                          File Size: 838       BYTES FileVersion:  N/A            MD5: [5faf14001556e65600ad9ae2c82712bf]
1946872240.data                          File Size: 810       BYTES FileVersion:  N/A            MD5: [923541204860af8d8c47a7fc600027f5]
2272712206.data                          File Size: 863       BYTES FileVersion:  N/A            MD5: [c05e663545c4b8d2b0ffb199b9781d86]
4041543880.data                          File Size: 811       BYTES FileVersion:  N/A            MD5: [f258626c66189ffaedc4c950e3dd3079]
4869796692.data                          File Size: 809       BYTES FileVersion:  N/A            MD5: [da7381bf577834cc927ca54f8f6138c0]
4914299494.data                          File Size: 826       BYTES FileVersion:  N/A            MD5: [72204169c5376336fb8c84a390f56054]
7733931770.data                          File Size: 875       BYTES FileVersion:  N/A            MD5: [e4f574ad5818bbea55ece48d4cc41b78]
9942926888.data                          File Size: 728       BYTES FileVersion:  N/A            MD5: [01ef43d9884b9cfa79712ad77f5a1754]
9942926888.quar                          File Size: 11206     BYTES FileVersion:  N/A            MD5: [8cc02c8d6252744abbed452d73930252]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUM.Optional.DisableRegistryTools, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools
Vendor: PUM.Optional.DisabledSecurityCenter, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify
Vendor: PUM.Optional.DisableTaskMgr, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKU\S-1-5-21-971697514-1962752975-4212416763-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr
Vendor: PUM.Optional.DisabledSecurityCenter, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify
Vendor: PUM.Optional.DisabledSecurityCenter, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify
Vendor: PUM.Optional.DisableTaskMgr, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DISABLETASKMGR
Vendor: PUM.Optional.DisableRegistryTools, Date: 2016/06/26 15:42:35, Type: Registry Value, Location: HKU\S-1-5-21-971697514-1962752975-4212416763-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools
Vendor: Trojan.Agent.Trace, Date: 2016/06/26 15:42:35, Type: Registry Key, Location: HKU\S-1-5-21-971697514-1962752975-4212416763-500\SOFTWARE\Aasppapmmxkvs
===============================================================
END OF FILE

 

 

No threat found by TDSS KILLER

 

However registry is still unable to edit / open, Task Manager is still greyed out

 

A new message appeared on rebooting system

"Hiddata.exe-Application Error"

 

After a while MBM again detected another new threat

 

"Domain: abd.ind.in

IP: 166.78.145.90

Port: 49258

Type: Outbound

Process: C:\Programe Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"

 

Plz guide me further

 

PS: I have uninstalled SP S&D & Reimage both

I wish i could attach screen shots of error messages comming

 



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:25 AM

Posted 26 June 2016 - 12:13 PM

Please restart the computer to allow Malwarebytes to complete the threat removal.

 

 

emsisoft%201_zpsoqojjiws.png
 
Please download Emsisoft Emergency Kit and save it to your desktop. 
 
Double click on Emsisoft Emergency Kit file on your desktop.  emsisoft%203_zpsoox6uxmj.png 
 
When the installation starts you see a image like the one below, click on Install.
 
Emsisoft%207_zpsmbuolk9r.png
 
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
 
When the update is complete, click on MALWARE SCAN under Scan.  When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes.
 
Emsisoft%20scan_zpsifqyozhf.png
 
Emsisoft Emergency Kit will start scanning.
 
When the scan is completed click on Quarantine.
 
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.  Copy the log and paste it in your topic.

Edited by dc3, 26 June 2016 - 12:16 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 buddy215

buddy215

  • BC Advisor
  • 12,910 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:25 AM

Posted 26 June 2016 - 12:14 PM

Use the programs below to further remove both adware and malware....which you obviously have.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 05:38 PM

Emsisoft Emergency Kit log

 

 

Emsisoft Emergency Kit - Version 11.0
Last update: 6/26/2016 11:56:24 PM
User account: UMAR-PC\UMAR

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 6/26/2016 11:56:55 PM
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-971697514-1962752975-4212416763-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-971697514-1962752975-4212416763-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-971697514-1962752975-4212416763-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-971697514-1962752975-4212416763-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASAPI32  detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\AU__RASMANCS  detected: Application.Win32.InstallExt (A)
 



#13 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 05:41 PM

C:\$Recycle.Bin\S-1-5-21-971697514-1962752975-4212416763-1001\$REHT262.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Apoint2K\Ezcapt.exe  detected: Win32.Sality.3 (B)
C:\Program Files\IDT\setup.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Malwarebytes Anti-Malware\mbampt.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Apoint2K\Uninstap.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Malwarebytes Anti-Malware\mbamdor.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-install-av-update.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-windows-upgrade-installer.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-install-bdcore-update.exe  detected: Win32.Sality.3 (B)
 



#14 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 05:43 PM

C:\Program Files\Malwarebytes Anti-Malware\unins000.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\BootSafe.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-translation-hux2.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-install-iefreezefix.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\SUPERDelete.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\Uninstall.exe  detected: Win32.Sality.3 (B)
C:\Program Files\WinRAR\Rar.exe  detected: Win32.Sality.3 (B)
 



#15 aszx333

aszx333
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 26 June 2016 - 05:45 PM

C:\Program Files\WinRAR\Uninstall.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\SASTask.exe  detected: Win32.Sality.3 (B)
C:\Program Files\Spybot - Search & Destroy 2\spybotsd2-translation-nlx2.exe  detected: Win32.Sality.3 (B)
C:\Program Files\WinRAR\UnRAR.exe  detected: Win32.Sality.3 (B)
C:\Program Files\WinRAR\WinRAR.exe  detected: Win32.Sality.3 (B)
C:\Program Files\SUPERAntiSpyware\SSUpdate.exe  detected: Win32.Sality.3 (B)
C:\Users\Administrator\AppData\Local\Temp\001C5DC9_Rar\Malwarebytes_Portable_1.46_Multilingual.paf.exe  detected: Win32.Sality.3 (B)
C:\Users\Administrator\AppData\Local\Temp\001ADF08_Rar\MalwarebytesPortable.exe  detected: Win32.Sality.3 (B)
C:\Users\Administrator\AppData\Local\Temp\001B70EB_Rar\wrar400.exe  detected: Win32.Sality.3 (B)
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe  detected: Win32.Sality.3 (B)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users