newman87

Dale, Just wanted to thank you for your help and replying . Very useful information and 1 less thing for me to worry about (I thought there was a problem with mine but now I see it is throttled). Have a great day!

Hey Guys! Just a quick Question - Should the MBAM application update (similar to the database updates). Mine still says 2.1.4 but according to the history of releases, it should be 2.1.6. My databases are updating automatically though. Is this normal for the application to not auto-update? Thank you

Thanks Marius! I was finally able to send a message to the software developers and hopefully they will get back to me. Is there anything else we should do with my computer? Also, where you able to get my cbs logs filtered? I still cannot get anything when I ran that command you posted - it's just a blank document. Im going to image my computer soon, so if there was anything else you felt I should do please let me know. and Thank you!

Sorry Marius, I still can't get the txt file to produce anything (it ends up blank). Is there another way or different search string to try in the command line? I did use the admin command prompt. Also, If you see anything that might be the reason for the sketchbook pro not installing, do you think it is related to my computer being infected and is there a way to fix it? Thank you for your help!

I types the command in like you had quoted, but the resultant txt file was blank. I went ahead and attached the entire log file, maybe there is another way you know to filter it. Thanks CBS.log

The SFC said "Windows Resource Protection found corrupt files but was unable to fix some of them" "details are included in the cbs.log windir\logs\cbs\cbs.log" "Logging is not supported in offline servicing". The log file is very big, so im not sure if you want me to post it or not.

Here is the chkdisk results: Chkdsk was executed in scan mode on a volume snapshot. Checking file system on C: Stage 1: Examining basic file system structure ... 861440 file records processed. File verification completed. 7962 large file records processed. 0 bad file records processed. Stage 2: Examining file name linkage ... 1083070 index entries processed. Index verification completed. Stage 3: Examining security descriptors ... Security descriptor verification completed. 110816 data files processed. CHKDSK is verifying Usn Journal... 38509872 USN bytes processed. Usn Journal verification completed. Windows has scanned the file system and found no problems. No further action is required. 958011391 KB total disk space. 511236724 KB in 679367 files. 369288 KB in 110817 indexes. 998607 KB in use by the system. 65536 KB occupied by the log file. 445406772 KB available on disk. 4096 bytes in each allocation unit. 239502847 total allocation units on disk. 111351693 allocation units available on disk. ---------------------------------------------------------------------- Stage 1: Examining basic file system structure ... Stage 2: Examining file name linkage ... Stage 3: Examining security descriptors ... Windows has scanned the file system and found no problems. No further action is required. I will post the sfc /scannow in another reply

Here are the Logs that you requested: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Michael at 2015-02-04 09:22:55 Run:2 Running from C:\Users\Michael\Desktop Loaded Profiles: Michael & (Available profiles: Michael) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\Common Files\InstallShield\Driver\8 EmptyTemp: ***************** C:\Program Files (x86)\Common Files\InstallShield\Driver\8 => Moved successfully. EmptyTemp: => Removed 181.6 MB temporary data. The system needed a reboot. ==== End of Fixlog 09:22:59 ====

Marius, I just wanted to let you know, that I ran the online scan and it did not find anything. That's a good thing, but like I said in my first post, I wasnt getting any detections before either - it was only through the comodo database that AdvancedStartup showed me that we figured out I had a virus. Is there a way to deeply run a scan/ check my system just to make sure? Thank you BTW, there were no logs for the online scanner, so I think that is all you needed for now right?

I'm sorry, my mistake. Here is the log file from the scan Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/3/2015 Scan Time: 1:55:38 AM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.03.02 Rootkit Database: v2015.01.14.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Michael Scan Type: Hyper Scan Result: Completed Objects Scanned: 282469 Time Elapsed: 1 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Sorry for the delay. Here are the logs from the MBAM scan Malwarebytes Anti-Malware www.malwarebytes.org Scan, 2/2/2015 12:58:38 AM, SYSTEM, ULTRAPC, Manual, Start:2/2/2015 12:20:27 AM, Duration:38 min 6 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Scan, 2/2/2015 1:16:38 AM, SYSTEM, ULTRAPC, Manual, Start:2/2/2015 1:14:43 AM, Duration:1 min 53 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 2/2/2015 1:58:45 PM, SYSTEM, ULTRAPC, Protection, Malware Protection, Starting, Protection, 2/2/2015 1:58:45 PM, SYSTEM, ULTRAPC, Protection, Malware Protection, Started, Protection, 2/2/2015 1:58:45 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Starting, Protection, 2/2/2015 1:58:46 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Started, Protection, 2/2/2015 2:09:48 PM, SYSTEM, ULTRAPC, Protection, Malware Protection, Starting, Protection, 2/2/2015 2:09:48 PM, SYSTEM, ULTRAPC, Protection, Malware Protection, Started, Protection, 2/2/2015 2:09:48 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Starting, Protection, 2/2/2015 2:09:49 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Started, Update, 2/2/2015 2:10:39 PM, SYSTEM, ULTRAPC, Scheduler, Malware Database, 2015.2.1.7, 2015.2.2.5, Protection, 2/2/2015 2:10:39 PM, SYSTEM, ULTRAPC, Protection, Refresh, Starting, Protection, 2/2/2015 2:10:39 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Stopping, Protection, 2/2/2015 2:10:39 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Stopped, Protection, 2/2/2015 2:10:45 PM, SYSTEM, ULTRAPC, Protection, Refresh, Success, Protection, 2/2/2015 2:10:45 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Starting, Protection, 2/2/2015 2:10:45 PM, SYSTEM, ULTRAPC, Protection, Malicious Website Protection, Started, Scan, 2/2/2015 2:12:44 PM, SYSTEM, ULTRAPC, Manual, Start:2/2/2015 2:10:39 PM, Duration:2 min 2 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Scan, 2/2/2015 2:26:17 PM, SYSTEM, ULTRAPC, Manual, Start:2/2/2015 2:15:32 PM, Duration:10 min 44 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Scan, 2/2/2015 3:10:41 PM, SYSTEM, ULTRAPC, Manual, Start:2/2/2015 3:08:24 PM, Duration:2 min 15 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 2/2/2015 7:14:56 PM, SYSTEM, ULTRAPC, Scheduler, Failed, Unable to access update server, (end)

Hi Marius! First, Can't thank you enough. Thank you for helping me get my machine cleaned. I read your instructions so im going to post the logs for you one reply at a time, as I do each step. Here is the fixlog file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Michael at 2015-02-02 14:08:41 Run:1 Running from C:\Users\Michael\Desktop Loaded Profiles: Michael (Available profiles: Michael) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {93BE8B93-CAA0-483B-8DE5-E11F91A46E17} - System32\Tasks\{136ECA48-34EC-468C-83C0-ECC0A4080459} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -d "C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32" C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe" -d "C:\Program Files (x86)\Common Files\InstallShield\Driver AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:cUnso0kR9qdmoFwq7tcm9LW4gJd AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:kqNzdWk8fSkXEqNQeMKGwg AlternateDataStreams: C:\Users\Michael\AppData\Local\Temp:nkzMtoUbpyS3kiksgaAbvDDuLO EmptyTemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93BE8B93-CAA0-483B-8DE5-E11F91A46E17}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93BE8B93-CAA0-483B-8DE5-E11F91A46E17}" => Key deleted successfully. C:\Windows\System32\Tasks\{136ECA48-34EC-468C-83C0-ECC0A4080459} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{136ECA48-34EC-468C-83C0-ECC0A4080459}" => Key deleted successfully. "C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe -d "C:\Program Files (x86)\Common Files\InstallShield\Driver" => File/Directory not found. C:\Users\Michael\AppData\Local\Temp => ":cUnso0kR9qdmoFwq7tcm9LW4gJd" ADS removed successfully. C:\Users\Michael\AppData\Local\Temp => ":kqNzdWk8fSkXEqNQeMKGwg" ADS removed successfully. C:\Users\Michael\AppData\Local\Temp => ":nkzMtoUbpyS3kiksgaAbvDDuLO" ADS removed successfully. EmptyTemp: => Removed 14.4 GB temporary data. The system needed a reboot. ==== End of Fixlog 14:08:51 ====

Hey Guys! I'm pretty sure I've got a virus or something that isnt being detected by kaspersky or MBAM. Ive run both of them and no detections, but through online searches I think i've found a match on the comodo databases. A bit of history: It started when I could not get sketbook pro to install (which I still cannot), and after hours of trying to debug what was wrong I found this error: So after googling I found that it matched some trojan and AdvancedSetup wanted me to start a new topic. Please see my old post if you need to: https://forums.malwarebytes.org/index.php?/topic/164063-help-with-autodesk-install-and-pc-performace-issues/ Ive posted the files requested below, please let me know if you need anything else. Thank you guys as always for your generosity in helping me with this issue Comodo link: http://camas.comodo.com/cgi-bin/submit?file=ea38a94d44d5c95e060f1c36fe1b7e343a76252fabf8a8d7a7b2576b25631e43 Addition.txt FRST.txt

Root Admin, Thank you for that link. I was able to post detailed logs on autodesk forums but im still waiting. Im replying because I was fishing around the event viewer and found the following event would occur when trying to install: So then I did some googling and found dcom errors usually are not anything to worry about, and I was about to stop looking when I finally seared for the {8B1670c8..... part in quotes on google. I then found this link from norton av http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2014-120400-5113-99 That string of letters/numbers is in their log file for some trojon but I dont know enough about it or if my case is the same/related to this. I do now that I have an intel32/8/idriver directory on my computer.. I also know I did have a conduit.a and something else (both .pups) which MBAM did find and remove awhile back. Do you think I am infected wih a trojon or anything else in my computer? Thank you for your help as always Also enjoy the superbowl game if you are going to be watching it

I was able to find something about idriver in the event viewer. C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe in appears to be a 1000 eventID Does that mean anything to anyone?

Thank you Root Admin, I will research how to run the installer with logs to see if I can figure it out. I wanted to say I love MBAM and you guys are great/geniuses. I wanted to ask you about becoming a helper on the forum. I know there are classes but they always fillup. Does MBAM offer classes as well? If I can find the error for sketchbook installer, I might post back if I cant make sence of it, but I will let you know what I find. Thanks again

Thank you for getting back to me, and so fast too! Here are the logs you wanted. Addition.txt CheckResults.txt FRST.txt

hey Guys! you guys are always my go to since I consider you all the best computer guys on the net . Im having a problem installing autodesk sketchbook pro 7 on my computer. Naturally, even though I paid them for the app, I dont get support with the company and had to post on their forums (for which their response of linking me to their general support area did not hit home for me). Anyway, if anyone cares to help me review my logs (which I will need help posting), or has had a similar problem before, I would be very appreciative. I posted the instal error as a screenshot below in the attached files. ------------------------------------------------------------------------------------------------------------------------------------------------------------- on another note, I could also use some help on my computer performance if anyone knows how to boost it. Ive just had to restore my computer and have been installing updates all day. My computer since has frozen twice or three times. It completly freezes. I attached several event logs as an xml file. I know I have edited the services (services.msc) but I have not done anything besides that. any help you guys can give would be super helpful. I dont know how to read the events log to determine the problems. Thank you guys! computer_event.xml

Thank you AdvancedSetup! That was very helpful Also that's a good idea to keep a few good backups on hand, I need to start doing this.

hey guys, I was looking through my computer and found a strange folder in my directory C:\Users\(my_user_account)\AppData\Roaming The folder is called identities and has a weird string of numbers in it similar to something like this {8726DBE-H335-1221.... etc Does anyone know what this is for. also, I was trying to clean out this folder cause I saw a lot of different programs that I had already uninstalled. I wish uninstall would remove all these but it doesnt. ----------------------------------------------------------------------------------------------------------------------------------------------------------------- As an aside: What do you guys use for 1) uninstalling 2) keeping your computer safe (besides MBAM and antivirus) I used to be on a mac and now that im on a pc im super paranoid. Thanks for your help guys!

Also guys, What do you think of Winpatrol? Anyone using that atm?

Hey Guys, Just a quick question for everyone. I have MBAM premium and I feel safer with it running in the background. After getting these pups though, I wanted to know what everyone thought of these apps and if I need them: 1) Spywareblaster 2) Malwarebytes anti-exploit free edition 3) TFC Also, Do I need to install Chameleon now, or is that something you only do when you get infected? Thank you guys for your help!

Hey Guys, for some reason today when I scaned with malwarebytes it found these 3 detections. Im attaching my log files like it says to do with Farbar. Thank you guys for your help. PS the ones listed were conduit.A and pricegong Addition.txt FRST.txt malwarebytes_log.txt

Thank you everyone for your help!

Guys, Im still having lots of problems, even after the restore... Im attaching new logs. If anyone can give me some assistance it would be very much appreciated. Basically it gets these bugs where everything is fine but then ill click file explorer or control panels and explorer freezes and then crashes. After this, if i shutdown it fails and does a restart (takes about 5 mins trying to shutdown before it fails). Ive already done resets before in the past and the problem keeps coming back so id like to get to the bottom of it. I really appreciate all your help. Note, I really dont think this is an infection or anything like that since mbam has not detected anything in the past Addition.txt CheckResults.txt FRST.txt