AnthonyY

If I am infected, would it be unsafe to uninstall and reinstall in normal mode? (Im just being paranoid, no real signs of malware, most likely just HDD getting bumped around a little too much) Is it possible to use MBAM Check or something similar to verify the mbam is clean?

Hi, I believe my computer recently had some disk corruption issues. I had to reinstall MBAM since it was giving me a "Verify Integrity Error" when i try to scan. I reinstalled it in safe mode using an old installer with no problem, and have self protection enabled. Is there anyway i can check if the MBAM I have currently is uninfected and unmodified ( just in case )?

Hi, I've been checking my laptop for RATs using netstat. Every time my computer starts up, svchost makes an established connection to the IP address 93.184.215.200:80 . Searching on google is shows that its an IP belonging to EdgeCast, in a residential area; although some uncited sources claim it belongs to microsoft. Can someone confirm if it is in fact a legit microsoft conenction, or have I been RATed? Is there anything else I can do to check for traces of RATs?

Hi, updated to malwarebytes 2.0 yesterday after an installer prompt, and today when I tried to start a scan this happened: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 14-Oct-14Scan Time: 08:47:05 AMLogfile: Administrator: Yes Version: 0.00.0.0000Malware Database: v2014.10.14.08Rootkit Database: v2014.10.11.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Scan Type: Result: FailedObjects Scanned: 0(No malicious items detected)Time Elapsed: 0 min, 0 sec Memory: DisabledStartup: DisabledFilesystem: DisabledArchives: EnabledRootkits: DisabledHeuristics: DisabledPUP: DisabledPUM: Disabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)Malwarebytes Anti-Malwarewww.malwarebytes.org Protection, 14-Oct-14 07:55:46 AM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 07:55:47 AM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 07:55:47 AM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 07:55:49 AM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Update, 14-Oct-14 08:18:01 AM, SYSTEM, USER, Scheduler, Malware Database, 2014.10.13.10, 2014.10.14.8, Protection, 14-Oct-14 08:18:01 AM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 08:18:01 AM, SYSTEM, USER, Protection, Malicious Website Protection, Stopping, Protection, 14-Oct-14 08:18:01 AM, SYSTEM, USER, Protection, Malicious Website Protection, Stopped, Protection, 14-Oct-14 08:18:05 AM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 08:43:21 AM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 08:43:21 AM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 08:46:55 AM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 08:46:55 AM, SYSTEM, USER, Protection, Malware Protection, Started, Scan, 14-Oct-14 08:53:11 AM, SYSTEM, USER, Manual, Duration:0 min 0 sec, Threat Scan, Failed, 0 Malware Detections, 0 Non-Malware Detections, Update, 14-Oct-14 08:55:25 AM, SYSTEM, USER, Manual, Remediation Database, 0.0.0.0, 2013.10.16.1, Update, 14-Oct-14 08:55:25 AM, SYSTEM, USER, Manual, Rootkit Database, 0.0.0.0, 2014.10.11.1, Update, 14-Oct-14 08:57:03 AM, SYSTEM, USER, Manual, Malware Database, 0.0.0.0, 2014.10.14.8, Protection, 14-Oct-14 08:57:03 AM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 08:57:09 AM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 08:57:45 AM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 08:57:45 AM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Scan, 14-Oct-14 10:09:54 AM, SYSTEM, USER, Manual, Start:14-Oct-14 08:57:06 AM, Duration:1 hr 12 min 46 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, Protection, 14-Oct-14 10:22:01 AM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 10:22:01 AM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 10:22:02 AM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 10:22:02 AM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Update, 14-Oct-14 10:32:08 AM, SYSTEM, USER, Manual, Malware Database, 2014.10.14.8, 2014.10.14.9, Protection, 14-Oct-14 10:32:08 AM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 10:32:08 AM, SYSTEM, USER, Protection, Malicious Website Protection, Stopping, Protection, 14-Oct-14 10:32:08 AM, SYSTEM, USER, Protection, Malicious Website Protection, Stopped, Protection, 14-Oct-14 10:32:18 AM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 10:32:19 AM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 10:32:19 AM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Scan, 14-Oct-14 10:32:54 AM, SYSTEM, USER, Manual, Start:14-Oct-14 10:32:10 AM, Duration:0 min 41 sec, Custom Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, Protection, 14-Oct-14 12:43:15 PM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 12:43:15 PM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 12:43:15 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 12:43:16 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Protection, 14-Oct-14 02:01:16 PM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 02:01:19 PM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 02:01:19 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 02:01:22 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Update, 14-Oct-14 02:18:02 PM, SYSTEM, USER, Scheduler, Malware Database, 2014.10.14.9, 2014.10.14.10, Protection, 14-Oct-14 02:18:02 PM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 02:18:02 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopping, Protection, 14-Oct-14 02:18:02 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopped, Protection, 14-Oct-14 02:18:09 PM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 02:18:09 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 02:18:10 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Update, 14-Oct-14 03:05:24 PM, SYSTEM, USER, Scheduler, Malware Database, 2014.10.14.10, 2014.10.14.11, Protection, 14-Oct-14 03:05:24 PM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 03:05:24 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopping, Protection, 14-Oct-14 03:05:24 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopped, Protection, 14-Oct-14 03:05:32 PM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 03:05:32 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 03:05:32 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Protection, 14-Oct-14 07:05:51 PM, SYSTEM, USER, Protection, Malware Protection, Starting, Protection, 14-Oct-14 07:05:51 PM, SYSTEM, USER, Protection, Malware Protection, Started, Protection, 14-Oct-14 07:05:51 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 07:05:54 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, Update, 14-Oct-14 07:18:05 PM, SYSTEM, USER, Scheduler, Malware Database, 2014.10.14.11, 2014.10.14.12, Protection, 14-Oct-14 07:18:05 PM, SYSTEM, USER, Protection, Refresh, Starting, Protection, 14-Oct-14 07:18:05 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopping, Protection, 14-Oct-14 07:18:06 PM, SYSTEM, USER, Protection, Malicious Website Protection, Stopped, Protection, 14-Oct-14 07:18:17 PM, SYSTEM, USER, Protection, Refresh, Success, Protection, 14-Oct-14 07:18:17 PM, SYSTEM, USER, Protection, Malicious Website Protection, Starting, Protection, 14-Oct-14 07:18:17 PM, SYSTEM, USER, Protection, Malicious Website Protection, Started, (end) So the scan somehow gave me a complete blank thing, with no error code ( red in event log), after I manually updated the database despite it doing it automatically before that ( in blue), it worked again ( in green). Also, I see that there are numerous reports about the malware website protection being disabled. Just adding that it happened here too and couldn't turn it on automatically or by pressing "fix it" on the prompt, and the "fix it" button worked after the manual update. Just posting this here in case this helps

I have to RMA my motherboard due to constant crashes, will do these steps once I get another board. Is it possible that a malware causes the computer to constantly get a bsod with the same fault addresses?

A few things that might be related. About 2 weeks ago, AVG detected 2 dlls that according to their AVG lab is an Inject.2 Trojan, which have been quarantined; and about a day ago, AVG real time detected a file that is MSIL virus.

Rogue Killer Report ------- RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Safe mode with network supportUser : AnthonyY [Admin rights]Mode : Scan -- Date : 09/12/2014 18:14:56 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A302E245-5E9B-405E-AB84-490B584AA754} | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A302E245-5E9B-405E-AB84-490B584AA754} | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A302E245-5E9B-405E-AB84-490B584AA754} | DhcpNameServer : 204.197.191.194 38.117.85.2 192.168.1.1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: KINGSTON SH100S3120G ATA Device +++++--- User ---[MBR] 3349654b99d12e7868912de6c9049004[bSP] 3af8ee71a1806b95256bdb468f300cae : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++--- User ---[MBR] a3fa3c07d45cf595845abe289cec3f89[bSP] 37c54b9bdb4b36f1aa90bdb3087e45ac : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 1907728 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive2: WD My Book 1140 USB Device +++++Error reading User MBR! ([57] The parameter is incorrect. )Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )Error reading LL2 MBR! ([32] The request is not supported. )

Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 9/12/2014Scan Time: 6:12:11 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.09.12.08Rootkit Database: v2014.09.12.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Enabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AnthonyY Scan Type: Threat ScanResult: CompletedObjects Scanned: 330106Time Elapsed: 3 min, 17 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ------------------------------------- Mbam is currently on free trial because I had to use mbam clean and reinstall to get it to work, should be fine?

Bumping for help

Just used Mbam clean and reinstalled Mbam, I also run a paid version of AVG 2014 alongside. Could it be that I have not excluded all the files and caused conflicts? I recall that something like mbamswissarmy of sorts have to be excluded from system32? I only excluded the mbam files in programfiles x86 and programdata, anymore I need to set exclusion for?

Hi, for some reason my mbam.exe always gets an APPCRASH error when I try to use it, even Chameleon doesn't work, the fault module it shows is MSVCR100.dll. Any idea what's causing this? I also have AVG and Avast, both of which I have set an exception for Mbam folders in Programfiles and Programdata. There was once that when AVG and Avast was scanning for the first time it just hung at a certain number of file and didn't move on past it. I had to close them and reopen them to get it to work again, and consequent scans showed up nothing. Even in safemode and enabled thorough scanning and scanning for rootkits had nothing show up for both Avast and AVG. Mbam worked before for 2 days and then this error showed up. Tried using a clean copy of the entire mbam directory and renaming Mbam to something else, and nothing worked. Is it some sort of really nasty trojan or is there something else blocking the Mbam? Shouldnt be conflict because Mbam works for about 2-3 days everytime I do a fresh reinstall with Mbam clean. Also, mbamcheck.exe returns with error whenever I try to run it as well. Also used bleeping computer's Rkill and returned with clean results. *Have used mbam clean and reinstalled a number of times, same thing shows up a few days after installation. I have tried every single file in Chameleon, and the Mbam kill as well.; and renamed mbam.exe and changed its directories numerous times with no success. I installed Avast on top of AVG because I once had a trojan that AVG scanned and removed. I wanted to make sure it was completely gone so I had avast on top. Which one would you recommend for me to keep using as the main one? Also, mbam-check also returns with an APPCRASH event, so I am unable to get the CheckResults.txt Is there any chance the trojan is still there? Both AVG and Avast comes back clean in full thorough scans, and MBAM works if I use the Mbam clean and reinstall with safe mode, but stops working after a few days.

I installed Avast on top of AVG because I once had a trojan that AVG scanned and removed. I wanted to make sure it was completely gone so I had avast on top. Which one would you recommend for me to keep using as the main one? Also, mbam-check also returns with an APPCRASH event, so I am unable to get the CheckResults.txt Is there any chance the trojan is still there? Both AVG and Avast comes back clean in full thorough scans, and MBAM works if I use the Mbam clean and reinstall with safe mode, but stops working after a few days.

Here are the FRST results FRST.txt Addition.txt

I have tried every single file in Chameleon, and the Mbam kill as well.; and renamed mbam.exe and changed its directories numerous times with no success.

Hi, for some reason my mbam.exe always gets an APPCRASH error when I try to use it, even Chameleon doesn't work, the fault module it shows is MSVCR100.dll. Any idea what's causing this? I also have AVG and Avast, both of which I have set an exception for Mbam folders in Programfiles and Programdata. There was once that when AVG and Avast was scanning for the first time it just hung at a certain number of file and didn't move on past it. I had to close them and reopen them to get it to work again, and consequent scans showed up nothing. Even in safemode and enabled thorough scanning and scanning for rootkits had nothing show up for both Avast and AVG. Mbam worked before for 2 days and then this error showed up. Tried using a clean copy of the entire mbam directory and renaming Mbam to something else, and nothing worked. Is it some sort of really nasty trojan or is there something else blocking the Mbam? Shouldnt be conflict because Mbam works for about 2-3 days everytime I do a fresh reinstall with Mbam clean. Also, mbamcheck.exe returns with error whenever I try to run it as well. Also used bleeping computer's Rkill and returned with clean results. *Have used mbam clean and reinstalled a number of times, same thing shows up a few days after installation.