Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. In addition to the post above (and PM I sent) here are the requested FRST logs. Addition.txt FRST.txt
  2. Hello Yoan I just noticed the email notifying me of your reply. FYI, since originally making the OP on Saturday I have since created new local profiles on Windows10 and did a reset+keep everything. Things are a *little* better but there is still an egregious amount of ADS everywhere (including foreign language sites on my PC and other devices like phones and android TV units). I reset my router also. Once I am on the PC in question, I will provide you the FRST logs and go from there. (Just wanted to post here to say I'm still with ya). I've read some of your other threads and am excited to get your diagnosis and seal of approval! Semi-related question; when resetting windows 10 or even a clean install, is it normal for all the developer options to be active by default in Windows 10 Pro? I saved some screenshots of peculiar items (after a fresh reset) that may or may not be malicious in nature - I'll post some here and PM you some others. Just know that I'm giving you any information for the sake of being thorough rather than paranoid. WILL GET THE FRST LOGS TONIGHT IN THE NEXT REPLY! THANKS AGAIN for you TIME!
  3. So I've posted before about some odd happenings and never really found a solution but think I got a little closer. In my event logs, I have several power shell events like pshell console starting a server (among other things), Multiple WMI services starting, and browser redirects. Nothing has ever been found by Win defender or MBAM Premium (I really don't feel like they're working - on the surface they seem to working fine but I think it's an illusion). Hitman Pro did find a file Win32.Droma.abdb (first malicious file I've ever found) and that led me to googling that and found this article. http://niiconsulting.com/checkmate/2014/04/analysis-of-malware-detecting-behavior-anti-reversing-techniques/ ^^Please read! That almost explains my situation to a tee - I've even seen Russian/Chinese sites that will occasionally pop up on google suspiciously. If you look at my Registry or a Driverquery of my windows drivers, there are red flags everywhere. As far as I know I'm on the latest update of Win10 but I'm not sure anymore. I was hoping an expert could read the above article and know immediately what's going on or, if not, help me figure it out in order to get rid of it I've reinstalled windows after nuking it 5 times. I've been careful about any kind of syncing application (I don't even have chrome installed) and have reset the sync of any services I do use. I could go on but will stop here and wait for an experts advice should I run FRST? Oh yeah, some programs think I'm on Windows 8 (including mbam) and I thinks that's due to registry infection. i would LOVE to get a clean bill of health because this has consumed way to much of my life in the past ~8 months off an on. Thanks in advance! Fingers crossed
  4. Potential malware or anything else I should be concerned about? Let me know as soon as necessary - feel free to email me if you want. (Will PM you my personal email)
  5. None of the scans were in Safe Mode. I posted this because since it's saying I'm on Windows 8, obviously I have some kind of weird config issue for a new, vanilla install of Win10 (UEFI, GPT). I wanted to confirm that it is indeed protecting the system from the experts. 1PW asked me to do a FRST scan, but I'm not sure he's been able to look at it since telling me to do so. There are some entries in the Addition.txt that seem like the Anti-Exploit feature isn't working with EDGE - although admittedly I'm not trained on how to read those logs. Specifically, there are several of these entries: CodeIntegrity: =================================== Date: 2017-07-03 18:10:11.168 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. But there are other things related to MBAM in the logs that may or may not indicate an issue. Hopefully someone can shed some light as to why it would think I'm on an old OS and if I'm totally secured as far as mbam is concerned.
  6. If you meant the mb-check utility, here's a new mb-check-results from admin account. I see it reports Win10 on that but the REPORTS tab within the actual MBAM 3.1.2 program reports Windows 8 as my OS (screenshot also attached). It also doesn't feel like it's scanning everything properly and the FRST logs in my second post above suggest the Anti-Exploit protection isn't working with Edge. mb-check-results.zip
  7. Running scan from admin account yields the same thing now - windows 8. How do the logs look, 1PW?
  8. False positives on this program, I guess? Running Scan..will attach EDIT: Logs Attached FRST.txt Addition.txt
  9. Just in case, I'm adding the mb-check-results as well. mb-check-results.zip
  10. When I first installed mbam, it detected the OS fine (Windows 10 Version 1703 - 15063.447). Since then, each scan reports that I'm on Windows 8. I had a malware/hacker scare not long ago and after nuking everything from orbit, I'm hyper-aware of every little nuance happening on my machine so this may just be a bug report. I would like to make sure it's working correctly though so I attached log number 1, which was accurate, along with my most recent log which reports I have Windows 8. Please let me know if you need anything else to ensure I'm fully protected. correct.txt incorrect.txt
  11. I have this exact same issue. Since around the same time frame - all devices. I think I got it from using a USB that was unknowingly used by my friend that's infected with the same thing but somewhat oblivious. The win10 VM thing is really annoying. I'm hoping I'm just paranoid and it's a hardware issue. Have you had any luck with this?
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.