cmd on startup

[theawesomeguy12]

Every time i boot my computer cmd.exe shows up and closes. I have scanned with Malwarebytes, Trend Micro, Hitman Pro and SuperAntiSpyware, but it all comes up clean. This only happened after i installed WinCDEmu. I have removed it now.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Kit and Fin at 16:47:47 on 2013-04-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2171 [GMT 1:00]

.

AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}

SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\Dwm.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\dldncoms.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\WUDFHost.exe

C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\windows\System32\svchost.exe -k swprv

c:\program files\windows defender\MpCmdRun.exe

C:\Program Files (x86)\Comodo\Dragon\dragon.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Page_URL = hxxp://www.computerplanet.co.uk

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll

BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll

TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{75773531-0016-45E2-A0F0-C2DBADF74210} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : DHCPNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

AppInit_DLLs=

SSODL: WebCheck - <orphaned>

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Cmaudio8788] C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd

x64-Run: [Cmaudio8788GX] C:\windows\syswow64\HsMgr.exe Envoke

x64-Run: [Cmaudio8788GX64] C:\windows\system\HsMgr64.exe Envoke

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll

x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>

x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>

x64-Notify: WB - <no file>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-7-28 82048]

R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-7-28 42624]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2012-12-14 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdguard.sys [2012-12-14 706560]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2012-12-14 48360]

R1 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2012-8-13 77184]

R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-13 275912]

R2 dldn_device;dldn_device;C:\windows\System32\dldncoms.exe -service --> C:\windows\System32\dldncoms.exe -service [?]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-4-19 2074760]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2012-7-28 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2012-7-28 396776]

R3 cmudaxp;ASUS Xonar DG Audio Interface;C:\windows\System32\drivers\cmudaxp.sys [2012-7-31 2725376]

R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech Webcam 500(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-7-28 708200]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 dldnCATSCustConnectService;dldnCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\dldnserv.exe [2009-7-10 33448]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 ahcix64s;ahcix64s;C:\windows\System32\drivers\ahcix64s.sys [2012-7-28 226616]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 198480]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2012-12-14 158928]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-12-21 102368]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\windows\System32\drivers\MRVW24C.sys [2007-10-28 340480]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-12-21 203104]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-8 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-27 1255736]

.

=============== Created Last 30 ================

.

2013-04-20 15:45:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3A1DD36A-7677-4E01-9786-71F105465847}\offreg.dll

2013-04-20 11:54:13 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-04-20 10:47:31 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-04-20 09:38:28 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\SUPERAntiSpyware.com

2013-04-17 18:23:59 108448 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll

2013-04-17 18:17:30 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2013-04-17 17:51:23 -------- d-----w- C:\Users\Kit and Fin\New folder

2013-04-17 17:50:02 -------- d-----w- C:\Program Files (x86)\hpHosts

2013-04-13 16:09:12 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\LOVE

2013-04-13 10:32:36 -------- d-----w- C:\Program Files\Paint.NET

2013-04-13 10:32:13 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Paint.NET

2013-04-13 09:53:23 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Evernote

2013-04-13 09:52:41 -------- d-----w- C:\Program Files (x86)\Evernote

2013-04-11 09:00:31 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\Unity

2013-04-10 18:05:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-10 18:05:59 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-10 18:05:59 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-10 18:05:58 1766912 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-10 18:05:57 2240512 ----a-w- C:\windows\System32\wininet.dll

2013-04-10 15:34:45 3153408 ----a-w- C:\windows\System32\win32k.sys

2013-04-10 15:34:44 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys

2013-04-10 15:34:44 1655656 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-10 15:34:43 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-04-10 15:34:42 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-04-10 15:34:42 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 15:34:42 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-04-10 15:34:42 112640 ----a-w- C:\windows\System32\smss.exe

2013-04-10 15:34:41 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-04-10 14:42:05 -------- d-----w- C:\Program Files (x86)\ESET

2013-04-10 14:41:45 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\.minecraft

2013-04-10 10:47:15 -------- d--h--w- C:\VTRoot

2013-04-07 07:01:27 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2013-04-07 07:01:26 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2013-04-07 07:01:26 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2013-04-07 07:01:26 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2013-04-07 07:01:26 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2013-04-07 07:01:21 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2013-04-07 07:01:19 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2013-04-01 17:15:22 -------- d-----w- C:\ProgramData\dl_Cats

2013-04-01 17:14:30 -------- d-----w- C:\Dell

2013-04-01 16:32:33 -------- d-----w- C:\Users\Kit and Fin\AppData\Roaming\Dell Imaging Toolbox

2013-03-30 18:28:50 -------- d-----w- C:\Users\Kit and Fin\AppData\Local\CrashDumps

.

==================== Find3M ====================

.

2013-04-20 08:20:40 56072 ----a-w- C:\windows\System32\certsentry.dll

2013-04-20 08:20:40 47368 ----a-w- C:\windows\SysWow64\certsentry.dll

2013-04-17 18:23:47 971680 ----a-w- C:\windows\System32\deployJava1.dll

2013-04-17 18:23:47 1092512 ----a-w- C:\windows\System32\npDeployJava1.dll

2013-04-15 17:38:52 48360 ----a-w- C:\windows\System32\drivers\cmdhlp.sys

2013-04-15 17:38:51 706560 ----a-w- C:\windows\System32\drivers\cmdguard.sys

2013-04-15 17:38:51 23168 ----a-w- C:\windows\System32\drivers\cmderd.sys

2013-04-15 17:38:38 43216 ----a-w- C:\windows\System32\cmdcsr.dll

2013-04-15 17:38:37 348584 ----a-w- C:\windows\SysWow64\guard32.dll

2013-04-15 17:38:36 437176 ----a-w- C:\windows\System32\guard64.dll

2013-04-15 17:38:29 343760 ----a-w- C:\windows\System32\cmdvrt64.dll

2013-04-15 17:38:28 45776 ----a-w- C:\windows\System32\cmdkbd64.dll

2013-04-15 17:38:25 276688 ----a-w- C:\windows\SysWow64\cmdvrt32.dll

2013-04-15 17:38:24 40656 ----a-w- C:\windows\SysWow64\cmdkbd32.dll

2013-04-13 11:25:29 691592 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-04-13 11:25:28 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-04 13:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-03-14 09:23:28 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-03-14 09:23:28 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-03-03 17:56:05 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-01 15:45:17 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2013-02-21 10:29:37 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-02-21 10:14:05 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-02-21 10:14:05 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-02-19 11:42:14 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-02-19 10:51:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys

2013-02-10 01:04:31 6393120 ----a-w- C:\windows\System32\nvcpl.dll

2013-02-10 01:04:31 3472672 ----a-w- C:\windows\System32\nvsvc64.dll

2013-02-10 01:04:29 877856 ----a-w- C:\windows\System32\nvvsvc.exe

2013-02-10 01:04:29 63776 ----a-w- C:\windows\System32\nvshext.dll

2013-02-10 01:04:29 2555680 ----a-w- C:\windows\System32\nvsvcr.dll

2013-02-10 01:04:29 237856 ----a-w- C:\windows\System32\nvmctray.dll

2013-02-09 18:43:52 555808 ----a-w- C:\windows\SysWow64\nvStreaming.exe

2013-02-09 13:25:36 3035306 ----a-w- C:\windows\System32\nvcoproc.bin

.

============= FINISH: 17:02:49.37 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 13/08/2012 20:10:07

System Uptime: 20/04/2013 16:32:19 (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M5A87

Processor: AMD FX-4170 Quad-Core Processor | AM3R2 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 698 GiB total, 613.551 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 417 GiB total, 416.831 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

O: is FIXED (NTFS) - 49 GiB total, 46.876 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP159: 07/04/2013 08:03:01 - Installed WinFast DTV Dongle Gold USB Driver

RP160: 07/04/2013 08:51:46 - Removed WinFast Multimedia Driver Installation

RP161: 07/04/2013 09:00:48 - Installed WinFast Multimedia Driver Installation

RP162: 10/04/2013 19:04:58 - Windows Update

RP163: 13/04/2013 10:51:57 - Installed Evernote v. 4.6.4

RP165: 13/04/2013 11:32:13 - Paint.NET v3.5.10

RP166: 17/04/2013 19:17:46 - Device Driver Package Install: Elaborate Bytes AG Storage controllers

RP167: 17/04/2013 19:20:25 - Removed Java 7 Update 17 (64-bit)

RP168: 17/04/2013 19:21:23 - Removed Java 7 Update 17

RP169: 17/04/2013 19:23:28 - Installed Java 7 Update 21 (64-bit)

RP170: 18/04/2013 18:55:05 - Device Driver Package Install: SysProgs.org Storage controllers

RP171: 20/04/2013 09:29:14 - Installed Microsoft Fix it 50267

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Xonar DG Audio Driver

BlackBerry Desktop Software 7.1

Bonjour

CameraHelperMsi

CCleaner

Comodo Dragon

COMODO Internet Security

Compatibility Pack for the 2007 Office system

Creation Kit

Defraggler

erLT

ESET Online Scanner v3

Evernote v. 4.6.4

Fallout 3

FINAL FANTASY VII

Garry's Mod

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

iTunes

Java 7 Update 21 (64-bit)

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Help Viewer 1.0

Microsoft Office File Validation Add-In

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

NVIDIA 3D Vision Controller Driver 314.07

NVIDIA 3D Vision Driver 314.07

NVIDIA Control Panel 314.07

NVIDIA Graphics Driver 314.07

NVIDIA HD Audio Driver 1.3.23.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Paint.NET v3.5.10

PlayReady PC Runtime amd64

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype™ 5.10

Steam

swMSM

The Elder Scrolls V: Skyrim

tools-windows

Trend Micro Titanium

Trend Micro Titanium Maximum Security 2012

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 2.0.6

Windows Live ID Sign-in Assistant

WinFast DTV Dongle Gold USB Driver

WinFast Multimedia Driver Installation

.

==== Event Viewer Messages From Past Week ========

.

20/04/2013 16:35:31, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

20/04/2013 16:35:31, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

20/04/2013 16:32:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldnCATSCustConnectService service to connect.

20/04/2013 16:32:55, Error: Service Control Manager [7000] - The dldnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20/04/2013 09:30:30, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

18/04/2013 17:59:01, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18/04/2013 17:59:01, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

18/04/2013 17:37:37, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

18/04/2013 17:37:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

18/04/2013 17:37:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

18/04/2013 17:37:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

18/04/2013 17:37:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

18/04/2013 17:37:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard discache ElbyCDIO spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6

14/04/2013 19:36:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

14/04/2013 19:36:07, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

14/04/2013 19:35:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:

Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[theawesomeguy12]

RogueKiller Report

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Kit and Fin [Admin rights]

Mode : Scan -- Date : 04/20/2013 17:23:45

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : Cmaudio8788 (C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{85F6DD47-5685-47ED-9115-AC77498CACF3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{CD58BE2E-94A2-4C99-A4FD-64D606B70E43} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SEAGATE ST3750640NS SATA Disk Device +++++

--- User ---

[MBR] 04c52c34446692282c8b0dc18ee761cf

[bSP] dfa450a4745d4e01175f84de8ecb66fe : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1026048 | Size: 714902 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST350062 0AS SATA Disk Device +++++

--- User ---

[MBR] a3a9c19c1c6f5150ce167b2b7450d4bd

[bSP] 0225ebc2fe0f7f436262ab8569e96b9a : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 426938 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 874371072 | Size: 49999 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04202013_02d1723.txt >>

RKreport[1]_S_04202013_02d1723.txt

[MrCharlie]

Not much showing...please do this:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[theawesomeguy12]

Hi,

I ran Combofix and it told me samsrv.dll was infected and it restored it, but it didn't create a log file, it restarted and did not create a combofix.log in C:\ and now, when I run it again, it doesn't even show up, I downloaded a fresh copy but it didn't work.

[theawesomeguy12]

Also first time I ran it it warned me that dircmd couldn't be foun

[MrCharlie]

See what's in this folder created by ComboFix: C:\Qoobox

MrC

[theawesomeguy12]

No Log in C:\QooBox

[MrCharlie]

Are you still getting the message at startup??

MrC

[theawesomeguy12]

Command Prompt is not popping up on startup anymore.

[MrCharlie]

OK, do you want to leave well enough alone???

If so...download and run the uninstaller for ComboFix:

http://download.blee...s/CF_UNINST.EXE

------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[theawesomeguy12]

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Trend Micro Titanium Maximum Security 2012

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 11.7.700.169

Adobe Reader XI

````````Process Check: objlist.exe by Laurent````````

Comodo Firewall cmdagent.exe

Trend Micro UniClient UiFrmWrk uiWatchDog.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[MrCharlie]

Looks Good

You can just delete DDS and RogueKiller.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!