theawesomeguy12
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by theawesomeguy12
-
-
Command Prompt is not popping up on startup anymore.
-
No Log in C:\QooBox
-
Also first time I ran it it warned me that dircmd couldn't be foun
-
Hi,
I ran Combofix and it told me samsrv.dll was infected and it restored it, but it didn't create a log file, it restarted and did not create a combofix.log in C:\ and now, when I run it again, it doesn't even show up, I downloaded a fresh copy but it didn't work.
-
RogueKiller Report
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kit and Fin [Admin rights]
Mode : Scan -- Date : 04/20/2013 17:23:45
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SEAGATE ST3750640NS SATA Disk Device +++++
--- User ---
[MBR] 04c52c34446692282c8b0dc18ee761cf
[bSP] dfa450a4745d4e01175f84de8ecb66fe : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1026048 | Size: 714902 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST350062 0AS SATA Disk Device +++++
--- User ---
[MBR] a3a9c19c1c6f5150ce167b2b7450d4bd
[bSP] 0225ebc2fe0f7f436262ab8569e96b9a : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 426938 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 874371072 | Size: 49999 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04202013_02d1723.txt >>
RKreport[1]_S_04202013_02d1723.txt
-
Every time i boot my computer cmd.exe shows up and closes. I have scanned with Malwarebytes, Trend Micro, Hitman Pro and SuperAntiSpyware, but it all comes up clean. This only happened after i installed WinCDEmu. I have removed it now.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Kit and Fin at 16:47:47 on 2013-04-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2171 [GMT 1:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dldncoms.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\windows\System32\svchost.exe -k swprv
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.computerplanet.co.uk
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{75773531-0016-45E2-A0F0-C2DBADF74210} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [Cmaudio8788] C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\windows\system\HsMgr64.exe Envoke
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Notify: WB - <no file>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-7-28 82048]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-7-28 42624]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2012-12-14 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdguard.sys [2012-12-14 706560]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2012-12-14 48360]
R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-8-13 77184]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-13 275912]
R2 dldn_device;dldn_device;C:\windows\System32\dldncoms.exe -service --> C:\windows\System32\dldncoms.exe -service [?]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-4-19 2074760]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2012-7-28 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2012-7-28 396776]
R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\windows\System32\drivers\cmudaxp.sys [2012-7-31 2725376]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-7-28 708200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dldnCATSCustConnectService;dldnCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\dldnserv.exe [2009-7-10 33448]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ahcix64s;ahcix64s;C:\windows\System32\drivers\ahcix64s.sys [2012-7-28 226616]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-12-21 102368]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\windows\System32\drivers\MRVW24C.sys [2007-10-28 340480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-12-21 203104]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]
.
=============== Created Last 30 ================
.
2013-04-20 15:45:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3A1DD36A-7677-4E01-9786-71F105465847}\offreg.dll
2013-04-20 11:54:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-04-20 10:47:31 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-04-20 09:38:28 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\SUPERAntiSpyware.com
2013-04-17 18:23:59 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-04-17 18:17:30 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2013-04-17 17:51:23 -------- d-----w- C:\Users\Kit and Fin\New folder
2013-04-17 17:50:02 -------- d-----w- C:\Program Files (x86)\hpHosts
2013-04-13 16:09:12 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\LOVE
2013-04-13 10:32:36 -------- d-----w- C:\Program Files\Paint.NET
2013-04-13 10:32:13 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Paint.NET
2013-04-13 09:53:23 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Evernote
2013-04-13 09:52:41 -------- d-----w- C:\Program Files (x86)\Evernote
2013-04-11 09:00:31 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Unity
2013-04-10 18:05:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-10 18:05:59 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-10 18:05:59 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-10 18:05:58 1766912 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-10 18:05:57 2240512 ----a-w- C:\windows\System32\wininet.dll
2013-04-10 15:34:45 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-04-10 15:34:44 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys
2013-04-10 15:34:44 1655656 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-10 15:34:43 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-10 15:34:42 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-04-10 15:34:42 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 15:34:42 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-04-10 15:34:42 112640 ----a-w- C:\windows\System32\smss.exe
2013-04-10 15:34:41 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-04-10 14:42:05 -------- d-----w- C:\Program Files (x86)\ESET
2013-04-10 14:41:45 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\.minecraft
2013-04-10 10:47:15 -------- d--h--w- C:\VTRoot
2013-04-07 07:01:27 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-04-07 07:01:26 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-04-07 07:01:26 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-04-07 07:01:26 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-04-07 07:01:26 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-04-07 07:01:21 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-04-07 07:01:19 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-04-01 17:15:22 -------- d-----w- C:\ProgramData\dl_Cats
2013-04-01 17:14:30 -------- d-----w- C:\Dell
2013-04-01 16:32:33 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\Dell Imaging Toolbox
2013-03-30 18:28:50 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\CrashDumps
.
==================== Find3M ====================
.
2013-04-20 08:20:40 56072 ----a-w- C:\windows\System32\certsentry.dll
2013-04-20 08:20:40 47368 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-04-17 18:23:47 971680 ----a-w- C:\windows\System32\deployJava1.dll
2013-04-17 18:23:47 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-04-15 17:38:52 48360 ----a-w- C:\windows\System32\drivers\cmdhlp.sys
2013-04-15 17:38:51 706560 ----a-w- C:\windows\System32\drivers\cmdguard.sys
2013-04-15 17:38:51 23168 ----a-w- C:\windows\System32\drivers\cmderd.sys
2013-04-15 17:38:38 43216 ----a-w- C:\windows\System32\cmdcsr.dll
2013-04-15 17:38:37 348584 ----a-w- C:\windows\SysWow64\guard32.dll
2013-04-15 17:38:36 437176 ----a-w- C:\windows\System32\guard64.dll
2013-04-15 17:38:29 343760 ----a-w- C:\windows\System32\cmdvrt64.dll
2013-04-15 17:38:28 45776 ----a-w- C:\windows\System32\cmdkbd64.dll
2013-04-15 17:38:25 276688 ----a-w- C:\windows\SysWow64\cmdvrt32.dll
2013-04-15 17:38:24 40656 ----a-w- C:\windows\SysWow64\cmdkbd32.dll
2013-04-13 11:25:29 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-13 11:25:28 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-04 13:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-03-14 09:23:28 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-03-14 09:23:28 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-03-03 17:56:05 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-01 15:45:17 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2013-02-21 10:29:37 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:14:05 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-02-10 01:04:31 6393120 ----a-w- C:\windows\System32\nvcpl.dll
2013-02-10 01:04:31 3472672 ----a-w- C:\windows\System32\nvsvc64.dll
2013-02-10 01:04:29 877856 ----a-w- C:\windows\System32\nvvsvc.exe
2013-02-10 01:04:29 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-02-10 01:04:29 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-02-10 01:04:29 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-02-09 18:43:52 555808 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2013-02-09 13:25:36 3035306 ----a-w- C:\windows\System32\nvcoproc.bin
.
============= FINISH: 17:02:49.37 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/08/2012 20:10:07
System Uptime: 20/04/2013 16:32:19 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M5A87
Processor: AMD FX-4170 Quad-Core Processor | AM3R2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 698 GiB total, 613.551 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 417 GiB total, 416.831 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
O: is FIXED (NTFS) - 49 GiB total, 46.876 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP159: 07/04/2013 08:03:01 - Installed WinFast DTV Dongle Gold USB Driver
RP160: 07/04/2013 08:51:46 - Removed WinFast Multimedia Driver Installation
RP161: 07/04/2013 09:00:48 - Installed WinFast Multimedia Driver Installation
RP162: 10/04/2013 19:04:58 - Windows Update
RP163: 13/04/2013 10:51:57 - Installed Evernote v. 4.6.4
RP165: 13/04/2013 11:32:13 - Paint.NET v3.5.10
RP166: 17/04/2013 19:17:46 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
RP167: 17/04/2013 19:20:25 - Removed Java 7 Update 17 (64-bit)
RP168: 17/04/2013 19:21:23 - Removed Java 7 Update 17
RP169: 17/04/2013 19:23:28 - Installed Java 7 Update 21 (64-bit)
RP170: 18/04/2013 18:55:05 - Device Driver Package Install: SysProgs.org Storage controllers
RP171: 20/04/2013 09:29:14 - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Xonar DG Audio Driver
BlackBerry Desktop Software 7.1
Bonjour
CameraHelperMsi
CCleaner
Comodo Dragon
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Creation Kit
Defraggler
erLT
ESET Online Scanner v3
Evernote v. 4.6.4
Fallout 3
FINAL FANTASY VII
Garry's Mod
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iTunes
Java 7 Update 21 (64-bit)
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
NVIDIA 3D Vision Controller Driver 314.07
NVIDIA 3D Vision Driver 314.07
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
Paint.NET v3.5.10
PlayReady PC Runtime amd64
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 5.10
Steam
swMSM
The Elder Scrolls V: Skyrim
tools-windows
Trend Micro Titanium
Trend Micro Titanium Maximum Security 2012
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.6
Windows Live ID Sign-in Assistant
WinFast DTV Dongle Gold USB Driver
WinFast Multimedia Driver Installation
.
==== Event Viewer Messages From Past Week ========
.
20/04/2013 16:35:31, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
20/04/2013 16:35:31, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
20/04/2013 16:32:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldnCATSCustConnectService service to connect.
20/04/2013 16:32:55, Error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
20/04/2013 09:30:30, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
18/04/2013 17:59:01, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
18/04/2013 17:59:01, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
18/04/2013 17:37:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2013 17:37:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/04/2013 17:37:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/04/2013 17:37:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/04/2013 17:37:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
18/04/2013 17:37:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard discache ElbyCDIO spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6
14/04/2013 19:36:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
14/04/2013 19:36:07, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/04/2013 19:35:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================
cmd on startup
in Resolved Malware Removal Logs
Posted
Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Trend Micro Titanium Maximum Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.7.700.169
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````