Jump to content

Recommended Posts

Hello,

I was hoping an expert could look over my these logs for me. I recently had my credit card info stolen and I'm not really sure how it happened. My computer was formatted clean with a new Windows 8 installation not to long ago so I'm not sure if I have any spyware or what. I haven't noticed any problems, but I did find one .exe that looks suspicious. The program is called ProtectionID. After a quick google search I guess it is some sort of game file scanner that can be downloaded from pid.gamecopyworld.com. I scanned the file with Malwarebytes and it came back clean. Not sure how it got on my system, thinking my brother was using this program.

Anyways, I have ran full scan with Malwarebytes and Windows Defender anti-virus. Nothing has been detected and my system does seem to be stable. I went ahead and did a bunch of scans with the programs recommended by expert Gringo. I followed his instructions and scanned one by one in the order he recommends.

Below are the logs. If someone could give these a quick look, I would really appreciate. Unfortunately, I was not able to run Combofix on Windows 8 so I skipped it.

By the way, I'm really loving the website blocking feature in the Pro version of Malwarebytes. I'm currently running the trial and I will definitely be making a purchase soon.

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16482

Run by PC at 22:29:26 on 2013-02-13

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.8083.6784 [GMT -8:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\dwm.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Windows\system32\taskhostex.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Windows\SysWOW64\HsMgr.exe

C:\Windows\System\HsMgr64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

TCP: NameServer = 192.168.11.1

TCP: Interfaces\{56E75891-438D-424C-8653-04E6DE7AECBD} : DHCPNameServer = 192.168.11.1

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot

x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke

x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-7 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-7 682344]

R3 cmudaxp;ASUS Xonar D1 Audio Interface;C:\Windows\System32\Drivers\cmudaxp.sys [2012-9-25 2733056]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-2 100864]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-2-7 24176]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]

.

=============== Created Last 30 ================

.

2013-02-14 05:50:45 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{74591FF1-3450-4BBD-8D98-69AC9DC15824}\mpengine.dll

2013-02-13 23:40:33 4055552 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 21:48:47 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-02-13 20:45:29 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 19:24:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 02:52:00 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:52:00 1084416 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:36:58 0 ----a-w- C:\Windows\ativpsrm.bin

2013-02-09 04:00:54 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll

2013-02-09 04:00:54 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll

2013-02-09 04:00:54 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll

2013-02-09 04:00:54 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll

2013-02-09 04:00:53 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll

2013-02-09 04:00:53 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll

2013-02-08 10:45:37 -------- d-----w- C:\Users\PC\AppData\Local\Google

2013-02-08 06:55:28 -------- d-----w- C:\Users\PC\AppData\Roaming\Arrowhead

2013-02-08 05:42:43 -------- d--h--w- C:\Windows\msdownld.tmp

2013-02-08 05:42:38 -------- d-----w- C:\Windows\SysWow64\directx

2013-02-08 05:27:25 -------- d-----w- C:\Program Files\Common Files\Intel

2013-02-08 05:27:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2013-02-07 10:33:50 -------- d-----w- C:\Users\PC\AppData\Roaming\Malwarebytes

2013-02-07 10:33:45 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-07 10:33:44 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-07 10:33:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-07 10:33:37 -------- d-----w- C:\Users\PC\AppData\Local\Programs

2013-02-07 08:52:01 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-02-07 08:52:00 -------- d-----w- C:\Program Files (x86)\Steam

2013-02-06 04:15:52 3554304 ----a-w- C:\Windows\System32\tquery.dll

2013-02-06 04:14:59 955904 ----a-w- C:\Windows\System32\WebcamUi.dll

2013-02-06 04:13:32 641536 ----a-w- C:\Windows\System32\WSShared.dll

2013-02-06 04:13:32 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll

2013-02-06 04:13:32 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll

2013-02-06 04:13:32 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-02-06 04:13:32 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-02-06 04:13:32 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-02-06 03:31:04 -------- d-----w- C:\Users\PC\AppData\Roaming\WinPatrol

2013-02-06 03:31:01 -------- d-----w- C:\Program Files (x86)\BillP Studios

2013-02-06 03:17:22 56832 ----a-w- C:\Windows\System32\OpenCL.DLL

2013-02-06 03:17:22 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL

2013-02-06 03:17:22 -------- d-----w- C:\Intel

2013-02-06 03:15:40 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-02-06 03:13:50 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-02-06 03:13:49 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-02-06 03:11:13 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

2013-02-06 03:09:17 -------- d-----r- C:\Users\PC\Searches

2013-02-06 03:09:17 -------- d-----r- C:\Users\PC\Contacts

2013-02-06 03:05:56 -------- d-----w- C:\Windows\Panther

.

==================== Find3M ====================

.

2013-02-06 23:06:14 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-06 23:06:14 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll

2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys

2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe

2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe

2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll

2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll

2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll

2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll

2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll

2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll

2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll

2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL

2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll

2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe

2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe

2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll

2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll

2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll

2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll

2013-01-09 23:23:09 274432 ----a-w- C:\Windows\System32\srmstormod.dll

2013-01-09 23:23:08 279040 ----a-w- C:\Windows\System32\srm.dll

2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll

2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll

2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll

2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll

2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll

2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL

2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll

2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll

2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll

2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll

2013-01-09 23:22:25 820736 ----a-w- C:\Windows\System32\gpprefcl.dll

2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll

2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys

2013-01-04 05:32:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:19:53 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2012-12-20 00:37:37 1775616 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-12-20 00:37:04 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-12-20 00:37:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2012-12-20 00:37:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2012-12-20 00:29:16 2246656 ----a-w- C:\Windows\System32\wininet.dll

2012-12-20 00:29:11 907776 ----a-w- C:\Windows\System32\uxtheme.dll

2012-12-20 00:28:29 3966464 ----a-w- C:\Windows\System32\jscript9.dll

2012-12-20 00:28:26 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2012-12-18 01:56:27 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2012-12-16 08:28:20 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 08:20:01 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-16 08:08:33 362496 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 07:57:09 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-14 10:42:22 56832 ----a-w- C:\Windows\System32\Intel_OpenCL_ICD64.dll

2012-12-14 10:42:20 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2932.dll

2012-12-14 10:42:12 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll

2012-12-14 10:42:12 56320 ----a-w- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll

2012-12-06 04:23:00 170496 ----a-w- C:\Windows\System32\TimeBrokerServer.dll

2012-12-06 04:22:59 178176 ----a-w- C:\Windows\System32\SystemEventsBrokerServer.dll

2012-12-04 04:21:42 368640 ----a-w- C:\Windows\System32\sppwinob.dll

2012-11-29 05:05:57 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll

2012-11-29 05:05:57 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll

2012-11-27 06:59:13 329960 ----a-w- C:\Windows\System32\drivers\storport.sys

2012-11-27 06:39:46 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe

2012-11-27 04:49:20 1027152 ----a-w- C:\Windows\SysWow64\Taskmgr.exe

2012-11-27 04:20:50 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-11-27 04:20:42 179200 ----a-w- C:\Windows\SysWow64\wpnapps.dll

2012-11-27 04:20:35 891904 ----a-w- C:\Windows\SysWow64\winmde.dll

2012-11-27 04:20:31 798208 ----a-w- C:\Windows\SysWow64\WebcamUi.dll

2012-11-27 04:20:29 46592 ----a-w- C:\Windows\SysWow64\vds_ps.dll

2012-11-27 04:20:28 560128 ----a-w- C:\Windows\SysWow64\UserLanguagesCpl.dll

2012-11-27 04:20:23 1217536 ----a-w- C:\Windows\SysWow64\storagewmi.dll

2012-11-27 04:20:15 680960 ----a-w- C:\Windows\System32\vds.exe

2012-11-27 04:20:07 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2012-11-27 04:20:07 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-11-27 04:19:52 5088256 ----a-w- C:\Windows\SysWow64\mstscax.dll

2012-11-27 04:19:50 244736 ----a-w- C:\Windows\System32\wpnapps.dll

2012-11-27 04:19:48 1096704 ----a-w- C:\Windows\System32\wmpmde.dll

2012-11-27 04:19:42 1145856 ----a-w- C:\Windows\System32\winmde.dll

2012-11-27 04:19:33 631808 ----a-w- C:\Windows\System32\UserLanguagesCpl.dll

2012-11-27 04:19:32 245248 ----a-w- C:\Windows\System32\usbmon.dll

2012-11-27 04:19:25 173568 ----a-w- C:\Windows\System32\storewuauth.dll

2012-11-27 04:19:25 1536512 ----a-w- C:\Windows\System32\storagewmi.dll

2012-11-27 04:19:22 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2012-11-27 04:19:09 3245568 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-11-27 04:19:02 2033664 ----a-w- C:\Windows\SysWow64\authui.dll

2012-11-27 04:18:59 888832 ----a-w- C:\Windows\System32\nshwfp.dll

2012-11-27 04:18:39 5974528 ----a-w- C:\Windows\System32\mstscax.dll

2012-11-27 04:18:13 1071104 ----a-w- C:\Windows\System32\IKEEXT.DLL

2012-11-27 04:18:06 378880 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2012-11-27 04:17:32 718848 ----a-w- C:\Windows\System32\BFE.DLL

.

============= FINISH: 22:29:31.88 ===============

Attach log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 2/5/2013 7:08:36 PM

System Uptime: 2/13/2013 9:56:57 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z77-DS3H

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | Intel® Core™ i5-3570K CPU @ 3.40GHz | 1600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 890.448 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 2/5/2013 7:14:07 PM - Windows Update

RP2: 2/7/2013 12:51:43 AM - Installed Steam

RP3: 2/8/2013 8:00:14 PM - Installed DirectX

RP4: 2/13/2013 1:49:07 PM - Windows Update

.

==== Installed Programs ======================

.

ASUS Xonar D1 Audio

Counter-Strike: Global Offensive

Dishonored

Google Chrome

Google Update Helper

Intel® Processor Graphics

Intel® SDK for OpenCL - CPU Only Runtime Package

Malwarebytes Anti-Malware version 1.70.0.1100

Mark of the Ninja

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

OpenAL

Steam

WinPatrol

.

==== Event Viewer Messages From Past Week ========

.

2/7/2013 3:44:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/7/2013 3:21:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/7/2013 3:21:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/7/2013 3:21:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/7/2013 3:21:15 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/7/2013 12:52:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

2/7/2013 12:52:46 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/13/2013 9:56:59 PM, Error: volmgr [46] - Crash dump initialization failed!

2/12/2013 1:49:02 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.

.

==== End Of File ===========================

Link to post
Share on other sites

Security Check log:

esults of screen317's Security Check version 0.99.57

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

WinPatrol winpatrol.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Windows Defender MsMpEng.exe

BillP Studios WinPatrol WinPatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

AdwCleaner log:

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 21:10:19

# Updated 10/02/2013 by Xplode

# Operating system : Windows 8 Pro (64 bits)

# User : PC - DC

# Boot Mode : Normal

# Running from : C:\Users\PC\Downloads\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [667 octets] - [13/02/2013 21:10:19]

########## EOF - C:\AdwCleaner[s1].txt - [726 octets] ##########

RogueKiller log:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : PC [Admin rights]

Mode : Remove -- Date : 02/13/2013 21:20:58

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 +++++

--- User ---

[MBR] 9ee4b48ba33351814d5a8380c1cd29b5

[bSP] f67aa2cc0add83816fc333f1f77f555a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 953517 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_02132013_02d2120.txt >>

RKreport[1]_S_02132013_02d2119.txt ; RKreport[2]_D_02132013_02d2120.txt

Link to post
Share on other sites

TDSSKiller log was too long so I attached it.

aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-13 22:06:49

-----------------------------

22:06:49.821 OS Version: Windows x64 6.2.9200

22:06:49.821 Number of processors: 4 586 0x3A09

22:06:49.821 ComputerName: DC UserName: PC

22:06:51.185 Initialize success

22:07:27.997 AVAST engine defs: 13021304

22:08:30.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036

22:08:30.429 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11

22:08:30.439 Disk 0 MBR read successfully

22:08:30.441 Disk 0 MBR scan

22:08:30.443 Disk 0 Windows 7 default MBR code

22:08:30.445 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048

22:08:30.465 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953517 MB offset 718848

22:08:30.505 Disk 0 scanning C:\Windows\system32\drivers

22:08:37.101 Service scanning

22:08:50.944 Modules scanning

22:08:50.950 Disk 0 trace - called modules:

22:08:50.964 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys

22:08:50.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dd1060]

22:08:51.298 3 CLASSPNP.SYS[fffff88001eb08aa] -> nt!IofCallDriver -> [0xfffffa80073b0d20]

22:08:51.302 5 ACPI.sys[fffff88000e09a91] -> nt!IofCallDriver -> \Device\00000036[0xfffffa80073b0060]

22:08:52.417 AVAST engine scan C:\Windows

22:08:54.384 AVAST engine scan C:\Windows\system32

22:10:30.839 AVAST engine scan C:\Windows\system32\drivers

22:10:38.688 AVAST engine scan C:\Users\PC

22:13:52.485 AVAST engine scan C:\ProgramData

22:13:58.931 Scan finished successfully

22:14:05.561 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"

22:14:05.595 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt"

Thanks you for taking time to look at my logs.

TDSSKiller.2.8.16.0_13.02.2013_22.04.58_log.txt

Link to post
Share on other sites

Hello Draz,

You have broken several basic principles. 1) You have made more than 1 consecutive posts -before- an authorized expert had replied.

We look for zero (0) reply count to indicate someone who has not been helped !!!

Your making 3 consecutive posts "hid" your thread from obvious sighting.

2) You have taken it on your own to run specialized tools. STOP self-medicating !!!!

Do the following:

To show all files:

  • Press and hold Windows-key & then press R key to get the RUN menu.
  • Type in
    explorer.exe

    and press Enter

  • When in Windows Explorer, press ALT-key then V key to get VIEW menu
  • Look at the top ribbon, right side. {the Show/Hide block}
  • Look at the line Hidden items. IF it has no checkmark, then Click the box one time so that it is checked.

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Step 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Hi Maurice,

Thanks for the quick reply even though I screwed things up. I appreciate it.

Here is the adwcleaner log you asked for.

# AdwCleaner v2.112 - Logfile created 02/14/2013 at 02:10:35

# Updated 10/02/2013 by Xplode

# Operating system : Windows 8 Pro (64 bits)

# User : PC - DC

# Boot Mode : Normal

# Running from : C:\Users\PC\Desktop\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16482

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s2].txt - [620 octets] - [14/02/2013 02:10:35]

########## EOF - C:\AdwCleaner[s2].txt - [679 octets] ##########

I will be doing a full Malwarebytes scan with all the settings checked next.

Link to post
Share on other sites

MB full scan complete and didn't find any infections.

The system feels fine. Other than my credit card info being stolen and finding that ProtectionId.exe I haven't experienced anything off with my system.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.14.03

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16484

PC :: DC [administrator]

Protection: Enabled

2/14/2013 2:23:45 AM

mbam-log-2013-02-14 (02-23-45).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 343910

Time elapsed: 14 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Will be doing step 3 next.

Link to post
Share on other sites

You are encouraged to do the following .....IF you have not already done so.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. Change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Now then, the Dr Web Cure-It scan detected no infection.

The MBAM scan is excellent.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Link to post
Share on other sites

Hey Maurice,

I'm having trouble getting aswMBR to finish scanning. Every time it gets to scanning windowsdefend the program will stop working and Windows will give me a crash report. When I first ran the program, I had downloaded the latest Avast definitions (shouldn't of) so I'm not sure if that is causing the problem. I have tried selecting none for the AV scan option and also disabled the Trace disk IO calls. Anything else I could try?

Thanks

Link to post
Share on other sites

No you did not need to get the Avast definitions.

What you do need to do is..... temporarily turn off Windows Defender. before starting aswMBR or if I (on another occasion) ask you to turn off your antivirus. Windows Defender (in your case) is your a-v on this WIN8 system.

On the Start screen, type in on the keyboard,

windows defender

when you see the rectangle box

Win8-Defender_zpsfe7f7bc8.gif

Do a Right-click on it to get a mini-options menu

Run-AS_zpsb40a3968.gif

Select Run as Administrator with your mouse and click on it.

That will bring up Windows Defender on your Desktop.

Win8-Defender-off_zps983ba4e6.gif

Now click on Settings tab

Look at the line Turn on real-time protection.

UN-check the box so that Windows Defender is not in monitor mode.

Then press Save Changes & exit Windows Defender <<<<-- added note

Then run the tool I asked for.

After you are all done, go back to the Settings tab in Windows Defender (as we did before)

and click on {to put a checkmark) in the checkbox for real-time protection.

Edited by Maurice Naggar
Link to post
Share on other sites

Hey Maurice,

I installed the Avast definitions when I decided to self medicate. I have tried disabling my windows defender and it still won't work. What I don't understand is, I got aswMBR to work when I was doing all those scans on my own. I will following your steps once again.

Link to post
Share on other sites

I understand. What I'm trying to say is, I installed the definitions before you responded to my thread.

I have disabled Defender and tried running the scan and it is still not working. Is there anyway to completely delete the files aswMBR downloaded to my computer?

Link to post
Share on other sites

Scanning: Service WinDefend C:\Program Files sys

That is where aswMBR stops scanning and I get this crash report from Windows:

Problem signature:

Problem Event Name: APPCRASH

Application Name: aswMBR.exe

Application Version: 0.9.9.1707

Application Timestamp: 509be8bf

Fault Module Name: ntdll.dll

Fault Module Version: 6.2.9200.16420

Fault Module Timestamp: 505aaa82

Exception Code: c0000005

Exception Offset: 0004f44d

OS Version: 6.2.9200.2.0.0.256.48

Locale ID: 1033

Additional Information 1: 5861

Additional Information 2: 5861822e1919d7c014bbb064c64908b2

Additional Information 3: f3d5

Additional Information 4: f3d5be0cad2787556264647dc02181c3

Link to post
Share on other sites

Got it to work after a few reboots and redownloads.

I disabled the trace disk IO calls and set AV scan to none. The fix button did not enable.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-14 21:27:11

-----------------------------

21:27:11.059 OS Version: Windows x64 6.2.9200

21:27:11.059 Number of processors: 4 586 0x3A09

21:27:11.059 ComputerName: DC UserName: PC

21:27:12.364 Initialize success

21:27:16.320 AVAST engine defs: 13021304

21:27:21.822 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036

21:27:21.822 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11

21:27:21.836 Disk 0 MBR read successfully

21:27:21.838 Disk 0 MBR scan

21:27:21.840 Disk 0 Windows 7 default MBR code

21:27:21.842 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048

21:27:21.854 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953517 MB offset 718848

21:27:21.884 Disk 0 scanning C:\Windows\system32\drivers

21:27:26.303 Service scanning

21:27:37.632 Modules scanning

21:27:37.636 Scan finished successfully

21:27:58.324 Disk 0 MBR has been saved successfully to "C:\Users\PC\Desktop\MBR.dat"

21:27:58.324 The log file has been saved successfully to "C:\Users\PC\Desktop\aswMBR.txt"

Link to post
Share on other sites

There you go; good result.

Now then, start [color-darkblue]Windows Defender.

Click on the Settings Tab. And make sure that real-time protection is Enabled (checkmarked).

Click on the Update tab. Click on Update button.

Click the Home button. Do a Quick scan.

Tell me the result. And tell me, How is your system now?

Link to post
Share on other sites

Very good. Bravo. You are good to go after the following.

Delete the following if still present:

Dr Web Cure-It

adwcleaner.exe

aswmbr.exe

roguekiller.exe

DDS

securitycheck.exe

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Awesome, thanks for all the help Maurice. It really is giving me confidence to use my system again. I will definitely look into some of the programs you have recommended.

I have a couple of final questions for you if that is ok. First, I was looking into buying Malwarebytes Pro. Is it safe for me to run the real time system protection at the same time as Windows Defender? I'm just worried there might be some conflicts.

Also, do you guys have any info on this file I found on my system, ProtectionID? I'm just a little paranoid I guess, and I hate having unknown exe files on my system! Like you said never download free tools unless you can be absolutely sure it is safe. The file can be downloaded at pid.gamecopyworld.com if someone could check that out for me, that would be great.

Thanks again, I really appreciate all the help.

Link to post
Share on other sites

I have used MBAM PRO on my Windows 8 PRO system and have been quite pleased. :D:):wub:

It does run in WIN8 ( as well as in Windows 7, etc).

What you would want to do once you did install it, is to set "trust" settings in both applications so that you would insure they treat each other well.

MBAM-WIN8_zps07390804.gif

You would start Windows Defender. Go to the Settings tab

then click on Excluded files and locations

then ADD each 1 of the entries shown above into yours and then apply/save/exit.

Note I have put 4 exclusions for MBAM.

And also the last line to cover the MVP-Hosts file (WIN8 Windows Defender "barks" at non-MS Hosts file)

Then you would go to MBAM app

MBAM-WinDefend-Win8_zpsa636863d.gif

Note the line I have added within the Ignore List tab for msmpeng.exe

That line as shown, is for 64-bit Windows 8.

IF your system is the 32-bit Windows 8, you would specify

C:\Program Files (x86)\Windows Defender\msmpeng.exe

Now then, as regards your "suspect file" .....upload it for analysis to 1 or 2 websites.

Use your Internet Explorer browser to go here at Virustotal website

Upload the file .... then see what the result is

& again to

Use your Internet Explorer browser to go here at VirSCAN.org website

Link to post
Share on other sites

As for the suspicious file, it looks like someone has already uploaded it to Virustotal. I believe this is the version I had on my system: https://www.virustotal.com/en/file/dd3ad6a5164e7b66d95ea18604002e87329ed1942299fba7a82c9caaa5b7909f/analysis/ and the latest version has also been uploaded which looks cleaner: https://www.virustotal.com/en/file/bbe5b97c8d01b94c6f54d857703db7a25bd82b429171e4ff0db3ebf726e12bfe/analysis/ Lots of info in the behavior tab. Does the file look legit to you?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.