Draz Posted February 14, 2013 ID:647018 Share Posted February 14, 2013 Hello,I was hoping an expert could look over my these logs for me. I recently had my credit card info stolen and I'm not really sure how it happened. My computer was formatted clean with a new Windows 8 installation not to long ago so I'm not sure if I have any spyware or what. I haven't noticed any problems, but I did find one .exe that looks suspicious. The program is called ProtectionID. After a quick google search I guess it is some sort of game file scanner that can be downloaded from pid.gamecopyworld.com. I scanned the file with Malwarebytes and it came back clean. Not sure how it got on my system, thinking my brother was using this program. Anyways, I have ran full scan with Malwarebytes and Windows Defender anti-virus. Nothing has been detected and my system does seem to be stable. I went ahead and did a bunch of scans with the programs recommended by expert Gringo. I followed his instructions and scanned one by one in the order he recommends.Below are the logs. If someone could give these a quick look, I would really appreciate. Unfortunately, I was not able to run Combofix on Windows 8 so I skipped it.By the way, I'm really loving the website blocking feature in the Pro version of Malwarebytes. I'm currently running the trial and I will definitely be making a purchase soon.DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16482Run by PC at 22:29:26 on 2013-02-13Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.8083.6784 [GMT -8:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Windows\SysWOW64\HsMgr.exeC:\Windows\System\HsMgr64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exemRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressbootTCP: NameServer = 192.168.11.1TCP: Interfaces\{56E75891-438D-424C-8653-04E6DE7AECBD} : DHCPNameServer = 192.168.11.1SSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressbootx64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envokex64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envokex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-7 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-7 682344]R3 cmudaxp;ASUS Xonar D1 Audio Interface;C:\Windows\System32\Drivers\cmudaxp.sys [2012-9-25 2733056]R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-7 24176]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248].=============== Created Last 30 ================.2013-02-14 05:50:45 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74591FF1-3450-4BBD-8D98-69AC9DC15824}\mpengine.dll2013-02-13 23:40:33 4055552 ----a-w- C:\Windows\System32\win32k.sys2013-02-13 21:48:47 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-02-13 20:45:29 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-02-13 19:24:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-02-13 02:52:00 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-13 02:52:00 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-02-12 20:36:58 0 ----a-w- C:\Windows\ativpsrm.bin2013-02-09 04:00:54 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll2013-02-09 04:00:54 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll2013-02-09 04:00:54 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll2013-02-09 04:00:54 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll2013-02-09 04:00:53 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll2013-02-09 04:00:53 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll2013-02-08 10:45:37 -------- d-----w- C:\Users\PC\AppData\Local\Google2013-02-08 06:55:28 -------- d-----w- C:\Users\PC\AppData\Roaming\Arrowhead2013-02-08 05:42:43 -------- d--h--w- C:\Windows\msdownld.tmp2013-02-08 05:42:38 -------- d-----w- C:\Windows\SysWow64\directx2013-02-08 05:27:25 -------- d-----w- C:\Program Files\Common Files\Intel2013-02-08 05:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel2013-02-07 10:33:50 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes2013-02-07 10:33:45 -------- d-----w- C:\ProgramData\Malwarebytes2013-02-07 10:33:44 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-02-07 10:33:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-02-07 10:33:37 -------- d-----w- C:\Users\PC\AppData\Local\Programs2013-02-07 08:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-02-07 08:52:00 -------- d-----w- C:\Program Files (x86)\Steam2013-02-06 04:15:52 3554304 ----a-w- C:\Windows\System32\tquery.dll2013-02-06 04:14:59 955904 ----a-w- C:\Windows\System32\WebcamUi.dll2013-02-06 04:13:32 641536 ----a-w- C:\Windows\System32\WSShared.dll2013-02-06 04:13:32 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll2013-02-06 04:13:32 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll2013-02-06 04:13:32 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll2013-02-06 04:13:32 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll2013-02-06 04:13:32 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-02-06 03:31:04 -------- d-----w- C:\Users\PC\AppData\Roaming\WinPatrol2013-02-06 03:31:01 -------- d-----w- C:\Program Files (x86)\BillP Studios2013-02-06 03:17:22 56832 ----a-w- C:\Windows\System32\OpenCL.DLL2013-02-06 03:17:22 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL2013-02-06 03:17:22 -------- d-----w- C:\Intel2013-02-06 03:15:40 273840 ------w- C:\Windows\System32\MpSigStub.exe2013-02-06 03:13:50 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll2013-02-06 03:13:49 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll2013-02-06 03:11:13 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin2013-02-06 03:09:17 -------- d-----r- C:\Users\PC\Searches2013-02-06 03:09:17 -------- d-----r- C:\Users\PC\Contacts2013-02-06 03:05:56 -------- d-----w- C:\Windows\Panther.==================== Find3M ====================.2013-02-06 23:06:14 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-06 23:06:14 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll2013-01-09 23:23:09 274432 ----a-w- C:\Windows\System32\srmstormod.dll2013-01-09 23:23:08 279040 ----a-w- C:\Windows\System32\srm.dll2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll2013-01-09 23:22:25 820736 ----a-w- C:\Windows\System32\gpprefcl.dll2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys2013-01-04 05:32:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-04 04:19:53 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2012-12-20 00:37:37 1775616 ----a-w- C:\Windows\SysWow64\wininet.dll2012-12-20 00:37:04 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-12-20 00:37:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2012-12-20 00:37:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2012-12-20 00:29:16 2246656 ----a-w- C:\Windows\System32\wininet.dll2012-12-20 00:29:11 907776 ----a-w- C:\Windows\System32\uxtheme.dll2012-12-20 00:28:29 3966464 ----a-w- C:\Windows\System32\jscript9.dll2012-12-20 00:28:26 136704 ----a-w- C:\Windows\System32\iesysprep.dll2012-12-18 01:56:27 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-14 10:42:22 56832 ----a-w- C:\Windows\System32\Intel_OpenCL_ICD64.dll2012-12-14 10:42:20 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2932.dll2012-12-14 10:42:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll2012-12-14 10:42:12 56320 ----a-w- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe2012-11-27 04:19:52 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll2012-11-27 04:19:48 1096704 ----a-w- C:\Windows\System32\wmpmde.dll2012-11-27 04:19:42 1145856 ----a-w- C:\Windows\System32\winmde.dll2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL.============= FINISH: 22:29:31.88 ===============Attach log:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume1Install Date: 2/5/2013 7:08:36 PMSystem Uptime: 2/13/2013 9:56:57 PM (1 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | Z77-DS3HProcessor: Intel® Core™ i5-3570K CPU @ 3.40GHz | Intel® Core™ i5-3570K CPU @ 3.40GHz | 1600/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 890.448 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1: 2/5/2013 7:14:07 PM - Windows UpdateRP2: 2/7/2013 12:51:43 AM - Installed SteamRP3: 2/8/2013 8:00:14 PM - Installed DirectXRP4: 2/13/2013 1:49:07 PM - Windows Update.==== Installed Programs ======================.ASUS Xonar D1 AudioCounter-Strike: Global OffensiveDishonoredGoogle ChromeGoogle Update HelperIntel® Processor GraphicsIntel® SDK for OpenCL - CPU Only Runtime PackageMalwarebytes Anti-Malware version 1.70.0.1100Mark of the NinjaMicrosoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319OpenALSteamWinPatrol.==== Event Viewer Messages From Past Week ========.2/7/2013 3:44:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}2/7/2013 3:21:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}2/7/2013 3:21:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}2/7/2013 3:21:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/7/2013 12:52:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.2/7/2013 12:52:46 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/13/2013 9:56:59 PM, Error: volmgr [46] - Crash dump initialization failed!2/12/2013 1:49:02 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance..==== End Of File =========================== Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647019 Share Posted February 14, 2013 Security Check log:esults of screen317's Security Check version 0.99.57 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` AdwCleaner log:# AdwCleaner v2.112 - Logfile created 02/13/2013 at 21:10:19# Updated 10/02/2013 by Xplode# Operating system : Windows 8 Pro (64 bits)# User : PC - DC# Boot Mode : Normal# Running from : C:\Users\PC\Downloads\adwcleaner0.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\InstallMate***** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16453[OK] Registry is clean.-\\ Google Chrome v24.0.1312.57File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[s1].txt - [667 octets] - [13/02/2013 21:10:19]########## EOF - C:\AdwCleaner[s1].txt - [726 octets] ##########RogueKiller log:RogueKiller V8.5.1 [Feb 12 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : PC [Admin rights]Mode : Remove -- Date : 02/13/2013 21:20:58| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 +++++--- User ---[MBR] 9ee4b48ba33351814d5a8380c1cd29b5[bSP] f67aa2cc0add83816fc333f1f77f555a : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2]_D_02132013_02d2120.txt >>RKreport[1]_S_02132013_02d2119.txt ; RKreport[2]_D_02132013_02d2120.txt Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647021 Share Posted February 14, 2013 TDSSKiller log was too long so I attached it.aswMBR log:aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-02-13 22:06:49-----------------------------22:06:49.821 OS Version: Windows x64 6.2.9200 22:06:49.821 Number of processors: 4 586 0x3A0922:06:49.821 ComputerName: DC UserName: PC22:06:51.185 Initialize success22:07:27.997 AVAST engine defs: 1302130422:08:30.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003622:08:30.429 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 1122:08:30.439 Disk 0 MBR read successfully22:08:30.441 Disk 0 MBR scan22:08:30.443 Disk 0 Windows 7 default MBR code22:08:30.445 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 204822:08:30.465 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953517 MB offset 71884822:08:30.505 Disk 0 scanning C:\Windows\system32\drivers22:08:37.101 Service scanning22:08:50.944 Modules scanning22:08:50.950 Disk 0 trace - called modules:22:08:50.964 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 22:08:50.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dd1060]22:08:51.298 3 CLASSPNP.SYS[fffff88001eb08aa] -> nt!IofCallDriver -> [0xfffffa80073b0d20]22:08:51.302 5 ACPI.sys[fffff88000e09a91] -> nt!IofCallDriver -> \Device\00000036[0xfffffa80073b0060]22:08:52.417 AVAST engine scan C:\Windows22:08:54.384 AVAST engine scan C:\Windows\system3222:10:30.839 AVAST engine scan C:\Windows\system32\drivers22:10:38.688 AVAST engine scan C:\Users\PC22:13:52.485 AVAST engine scan C:\ProgramData22:13:58.931 Scan finished successfully22:14:05.561 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"22:14:05.595 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt"Thanks you for taking time to look at my logs.TDSSKiller.2.8.16.0_13.02.2013_22.04.58_log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 14, 2013 ID:647031 Share Posted February 14, 2013 Hello Draz,You have broken several basic principles. 1) You have made more than 1 consecutive posts -before- an authorized expert had replied.We look for zero (0) reply count to indicate someone who has not been helped !!!Your making 3 consecutive posts "hid" your thread from obvious sighting.2) You have taken it on your own to run specialized tools. STOP self-medicating !!!!Do the following:To show all files:Press and hold Windows-key & then press R key to get the RUN menu.Type in explorer.exe and press EnterWhen in Windows Explorer, press ALT-key then V key to get VIEW menuLook at the top ribbon, right side. {the Show/Hide block} Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.Close any open documents/programs & all internet browsers you have running.Please start AdwCleanerClick on Delete button.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[s1] Step 2Save and close any work documents, close any apps that you started.Temporarily turn off (disable) your antivirus programHow To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsStart your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that.When done, click the Scanner tab.Do a Full Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. When all done, Copy & paste the MBAM scan log into a new reply.Tell me, How is the system ?Re-enable your antivirus program.Step 3Download Dr.Web CureIt to the desktop. The download is nearly 104.6 MB in sizeTurn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsTurn off any other add-on security app {if you have them} like MBAM File System Protection.If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.You will see a screen similar to this:Click the checkbox to participate, and then click on Continue button.NextClick on Select onjects for scanningNextPut a checkmark by clicking on the boxes as shown.Do not select Temporary files or System Restore points.Then click on Start scanning buttonThe scan in progress will be shown like thisIF something is detected, you will see a screen similar to thisFor each item "detected", click on the Action column down arrow, like thisYour options will be Cure or IgnoreIF you see an item that you are very sure is ok, then un-check the checkbox for that item.Typically, you will keep the Cute default.Then click on the Neutralize button.When the actions are completed, you will see thisClick on the green Open Report line. It will pop-up the report in NOTEPAD.Save the report to your desktop. The report will be called Cureit.logWhile in NOTEPAD, do a CTRL+A to Copy all to clipboard.You should be able to get back to your forum topic, start a new reply,click 1 time in the boxand do a CTRL+V (Paste}into reply.Close Dr.Web Cureit. Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, post the contents of the log from Cureit.log you saved previously in your next reply. ONLY if the log is too large, then you may "attach" it. Re-Enable your antivirus program when all done. Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647053 Share Posted February 14, 2013 Hi Maurice,Thanks for the quick reply even though I screwed things up. I appreciate it.Here is the adwcleaner log you asked for.# AdwCleaner v2.112 - Logfile created 02/14/2013 at 02:10:35# Updated 10/02/2013 by Xplode# Operating system : Windows 8 Pro (64 bits)# User : PC - DC# Boot Mode : Normal# Running from : C:\Users\PC\Desktop\adwcleaner0.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16482[OK] Registry is clean.-\\ Google Chrome v24.0.1312.57File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[s2].txt - [620 octets] - [14/02/2013 02:10:35]########## EOF - C:\AdwCleaner[s2].txt - [679 octets] ##########I will be doing a full Malwarebytes scan with all the settings checked next. Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647054 Share Posted February 14, 2013 MB full scan complete and didn't find any infections.The system feels fine. Other than my credit card info being stolen and finding that ProtectionId.exe I haven't experienced anything off with my system.Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.02.14.03Windows 8 x64 NTFSInternet Explorer 10.0.9200.16484PC :: DC [administrator]Protection: Enabled2/14/2013 2:23:45 AMmbam-log-2013-02-14 (02-23-45).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 343910Time elapsed: 14 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Will be doing step 3 next. Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647063 Share Posted February 14, 2013 Cureit log won't save so I attached it.cureit.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 14, 2013 ID:647090 Share Posted February 14, 2013 You are encouraged to do the following .....IF you have not already done so.1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.2. Change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.* Take any other steps you think appropriate for an attempted identity theft.Consumers – Identity Theft http://www.ftc.gov/b...mers/index.htmlHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451Now then, the Dr Web Cure-It scan detected no infection.The MBAM scan is excellent.Download aswMBR.exe ( 511KB ) to your desktop.On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.On Windows XP, double click the exe to start.IF prompted to update Avast definitions, answer NO.On the following screen:uncheck trace disk IO calls at the bottom left Now, Click the "Scan" button to start scan.Have patience as it scans.On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)Now click save log, save it to your desktop and Copy & Paste in your next reply.Do NOT click any Fix button.EXIT the tool. Link to post Share on other sites More sharing options...
Draz Posted February 14, 2013 Author ID:647177 Share Posted February 14, 2013 Hey Maurice,I'm having trouble getting aswMBR to finish scanning. Every time it gets to scanning windowsdefend the program will stop working and Windows will give me a crash report. When I first ran the program, I had downloaded the latest Avast definitions (shouldn't of) so I'm not sure if that is causing the problem. I have tried selecting none for the AV scan option and also disabled the Trace disk IO calls. Anything else I could try?Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 14, 2013 ID:647188 Share Posted February 14, 2013 (edited) No you did not need to get the Avast definitions.What you do need to do is..... temporarily turn off Windows Defender. before starting aswMBR or if I (on another occasion) ask you to turn off your antivirus. Windows Defender (in your case) is your a-v on this WIN8 system.On the Start screen, type in on the keyboard, windows defenderwhen you see the rectangle boxDo a Right-click on it to get a mini-options menuSelect Run as Administrator with your mouse and click on it.That will bring up Windows Defender on your Desktop.Now click on Settings tabLook at the line Turn on real-time protection.UN-check the box so that Windows Defender is not in monitor mode.Then press Save Changes & exit Windows Defender <<<<-- added noteThen run the tool I asked for.After you are all done, go back to the Settings tab in Windows Defender (as we did before)and click on {to put a checkmark) in the checkbox for real-time protection. Edited February 15, 2013 by Maurice Naggar Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647211 Share Posted February 15, 2013 Hey Maurice,I installed the Avast definitions when I decided to self medicate. I have tried disabling my windows defender and it still won't work. What I don't understand is, I got aswMBR to work when I was doing all those scans on my own. I will following your steps once again. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 15, 2013 ID:647213 Share Posted February 15, 2013 But installing the Avast definitions is not needed for what I need from that tool.Do as much as you can so we can proceed.I do not believe that temporarily turning OFF Windows Defender is that complicated. Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647216 Share Posted February 15, 2013 I understand. What I'm trying to say is, I installed the definitions before you responded to my thread.I have disabled Defender and tried running the scan and it is still not working. Is there anyway to completely delete the files aswMBR downloaded to my computer? Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647220 Share Posted February 15, 2013 Scanning: Service WinDefend C:\Program Files sysThat is where aswMBR stops scanning and I get this crash report from Windows:Problem signature: Problem Event Name: APPCRASH Application Name: aswMBR.exe Application Version: 0.9.9.1707 Application Timestamp: 509be8bf Fault Module Name: ntdll.dll Fault Module Version: 6.2.9200.16420 Fault Module Timestamp: 505aaa82 Exception Code: c0000005 Exception Offset: 0004f44d OS Version: 6.2.9200.2.0.0.256.48 Locale ID: 1033 Additional Information 1: 5861 Additional Information 2: 5861822e1919d7c014bbb064c64908b2 Additional Information 3: f3d5 Additional Information 4: f3d5be0cad2787556264647dc02181c3 Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647241 Share Posted February 15, 2013 Got it to work after a few reboots and redownloads.I disabled the trace disk IO calls and set AV scan to none. The fix button did not enable.aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-02-14 21:27:11-----------------------------21:27:11.059 OS Version: Windows x64 6.2.9200 21:27:11.059 Number of processors: 4 586 0x3A0921:27:11.059 ComputerName: DC UserName: PC21:27:12.364 Initialize success21:27:16.320 AVAST engine defs: 1302130421:27:21.822 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003621:27:21.822 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 1121:27:21.836 Disk 0 MBR read successfully21:27:21.838 Disk 0 MBR scan21:27:21.840 Disk 0 Windows 7 default MBR code21:27:21.842 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 204821:27:21.854 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953517 MB offset 71884821:27:21.884 Disk 0 scanning C:\Windows\system32\drivers21:27:26.303 Service scanning21:27:37.632 Modules scanning21:27:37.636 Scan finished successfully21:27:58.324 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"21:27:58.324 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 15, 2013 ID:647420 Share Posted February 15, 2013 There you go; good result.Now then, start [color-darkblue]Windows Defender.Click on the Settings Tab. And make sure that real-time protection is Enabled (checkmarked).Click on the Update tab. Click on Update button.Click the Home button. Do a Quick scan.Tell me the result. And tell me, How is your system now? Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647512 Share Posted February 15, 2013 Quick scan came up clean.System feels fine. Good to see everything is looking normal. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 15, 2013 ID:647517 Share Posted February 15, 2013 Very good. Bravo. You are good to go after the following.Delete the following if still present:Dr Web Cure-Itadwcleaner.exeaswmbr.exeroguekiller.exeDDSsecuritycheck.exeSafer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer.Use a Standard user account rather than an administrator-rights account when "surfing" the web. Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Important Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onTake extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}Don't plug in an unknown flash/thumb drive into your PC.IF you must do so, hold down the SHIFT-key when you insert the drive.Scan any file with your Antivirus prior to opening or using.On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender Quickscan Trend Micro HousecallF-Secure Online ScannerMicrosoft Safety ScannerPanda ActiveScanSee Six tips to help you stay safer online Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647521 Share Posted February 15, 2013 Awesome, thanks for all the help Maurice. It really is giving me confidence to use my system again. I will definitely look into some of the programs you have recommended.I have a couple of final questions for you if that is ok. First, I was looking into buying Malwarebytes Pro. Is it safe for me to run the real time system protection at the same time as Windows Defender? I'm just worried there might be some conflicts.Also, do you guys have any info on this file I found on my system, ProtectionID? I'm just a little paranoid I guess, and I hate having unknown exe files on my system! Like you said never download free tools unless you can be absolutely sure it is safe. The file can be downloaded at pid.gamecopyworld.com if someone could check that out for me, that would be great.Thanks again, I really appreciate all the help. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 15, 2013 ID:647577 Share Posted February 15, 2013 I have used MBAM PRO on my Windows 8 PRO system and have been quite pleased. It does run in WIN8 ( as well as in Windows 7, etc).What you would want to do once you did install it, is to set "trust" settings in both applications so that you would insure they treat each other well.You would start Windows Defender. Go to the Settings tabthen click on Excluded files and locationsthen ADD each 1 of the entries shown above into yours and then apply/save/exit.Note I have put 4 exclusions for MBAM.And also the last line to cover the MVP-Hosts file (WIN8 Windows Defender "barks" at non-MS Hosts file)Then you would go to MBAM appNote the line I have added within the Ignore List tab for msmpeng.exeThat line as shown, is for 64-bit Windows 8.IF your system is the 32-bit Windows 8, you would specifyC:\Program Files (x86)\Windows Defender\msmpeng.exeNow then, as regards your "suspect file" .....upload it for analysis to 1 or 2 websites.Use your Internet Explorer browser to go here at Virustotal websiteUpload the file .... then see what the result is& again toUse your Internet Explorer browser to go here at VirSCAN.org website Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647591 Share Posted February 15, 2013 Perfect, I will follow those steps. Link to post Share on other sites More sharing options...
Draz Posted February 15, 2013 Author ID:647592 Share Posted February 15, 2013 As for the suspicious file, it looks like someone has already uploaded it to Virustotal. I believe this is the version I had on my system: https://www.virustotal.com/en/file/dd3ad6a5164e7b66d95ea18604002e87329ed1942299fba7a82c9caaa5b7909f/analysis/ and the latest version has also been uploaded which looks cleaner: https://www.virustotal.com/en/file/bbe5b97c8d01b94c6f54d857703db7a25bd82b429171e4ff0db3ebf726e12bfe/analysis/ Lots of info in the behavior tab. Does the file look legit to you? Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 16, 2013 ID:647761 Share Posted February 16, 2013 It's only a minority of vendors that flag "it". What is the full name and folder location of "this"?You may want to consider uninstalling it . Link to post Share on other sites More sharing options...
Draz Posted February 16, 2013 Author ID:647881 Share Posted February 16, 2013 It was just in my download folder as a single exe file. I have already gone ahead and deleted the file.Thanks again Link to post Share on other sites More sharing options...
Draz Posted February 16, 2013 Author ID:647882 Share Posted February 16, 2013 Almost forgot, I also found the Mcafee Siteadvisor results:http://www.siteadvisor.com/sites/gamecopyworld.com/downloads/32998227/It looks to be clean and my system is clean as well so I guess my credit card info was stolen some other way. Thanks for all the help, Maurice. Link to post Share on other sites More sharing options...
Recommended Posts