Determined
New Member
Long story short, someone gained access to my IP address and my IP router passcode and wrote a program to spy on me. I found out a few weeks ago and have been trying to clean my Dell 8.1 laptop. I did a complete reinstall of Windows tonight and did NOT save ANY of my files. Just reinstalled the original 8.1 dated 3-14-2014 ( bought laptop new in July ). So after reinstall I went in and disabled ALL remote programs and ran ShieldsUP and everything came back as all ports being in stealth mode, downloaded KeyScrambler ( 5 stars on Cnet ). Then I started my search. And as the hours went by more and more red flags began to appear. Before I did a reinstall with file saving, and upon opening the Control Panel, the ALLOW REMOTE ACCESS was turned ON..........again.
Under ServiceProfiles: Local Service: AppData: Local: Temp this file was there.
MpCmdRun: and below is what it contained, which appears to be an ongoing attack to DISABLE Windows Defender.
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:57:53
Time Info - Sat Feb 28 2015 19:58:07 MpCmdRun: End Time: Sat Feb 28 2015 19:58:07
-------------------------------------------------------------------------------------
tart Time: Sat Feb 28 2015 19:58:05
Time Info - Sat Feb 28 2015 19:58:16 MpCmdRun: End Time: Sat Feb 28 2015 19:58:16
-------------------------------------------------------------------------------------
tart Time: Sat Feb 28 2015 19:58:07
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:07
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:16
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:16
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:36
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:36
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:37
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:37
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:59:29
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 19:59:29
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:59:29
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 19:59:29
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 20:08:53
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 20:08:53
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:18:02
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:18:02
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:42:56
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:42:56
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:24:41
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:24:41
-------------------------------------------------------------------------------------
If anyone has ANY ideas on steps to take on this, AND IF I am correct about this file, PLEASE post a reply. Thank you.
Oh yes, and although I am the ONLY listed USER and the ONLY listed ADMIN on this laptop after install, when I go into SCHEDULED Tasks and go into advanced settings, there are FIFTEEN USERS listed. Can this be right?
There are settings that I CANNOT change as it states I do NOT have administration permission.
Under ServiceProfiles: Local Service: AppData: Local: Temp this file was there.
MpCmdRun: and below is what it contained, which appears to be an ongoing attack to DISABLE Windows Defender.
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:57:53
Time Info - Sat Feb 28 2015 19:58:07 MpCmdRun: End Time: Sat Feb 28 2015 19:58:07
-------------------------------------------------------------------------------------
tart Time: Sat Feb 28 2015 19:58:05
Time Info - Sat Feb 28 2015 19:58:16 MpCmdRun: End Time: Sat Feb 28 2015 19:58:16
-------------------------------------------------------------------------------------
tart Time: Sat Feb 28 2015 19:58:07
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:07
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:16
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:16
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:36
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:36
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:58:37
ERROR: WDEnable() failed (800106B5)
MpCmdRun: End Time: Sat Feb 28 2015 19:58:37
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:59:29
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 19:59:29
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 19:59:29
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 19:59:29
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 20:08:53
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 20:08:53
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:18:02
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:18:02
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:42:56
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:42:56
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wddisable
Start Time: Sat Feb 28 2015 22:24:41
ERROR: WDEnable() failed (800106BA)
MpCmdRun: End Time: Sat Feb 28 2015 22:24:41
-------------------------------------------------------------------------------------
If anyone has ANY ideas on steps to take on this, AND IF I am correct about this file, PLEASE post a reply. Thank you.
Oh yes, and although I am the ONLY listed USER and the ONLY listed ADMIN on this laptop after install, when I go into SCHEDULED Tasks and go into advanced settings, there are FIFTEEN USERS listed. Can this be right?
There are settings that I CANNOT change as it states I do NOT have administration permission.
Last edited:
