Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\System32\cmd.exe keeps loading when booting.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Wubing

Wubing

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 February 2014 - 07:58 AM

I don't know how to remove it.

 

Here is the DDS Log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Fierce at 12:45:59 on 2014-02-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.8139.5213 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Fierce\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ttesports\GamingKeyboard\HID.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Ttesports\GamingKeyboard\OSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mspaint.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\slui.exe
C:\Windows\System32\slui.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Fierce\Desktop\autoruns.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3318523&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1745FA35-7A43-4124-98D2-8F38721F97B0&SSPV=
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AVG-Secure-Search-Update_1213b] C:\Users\Fierce\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=096d1b4957d247d39eb8a59d73e54eae-c044b9cf6a2340e54305bedc0147829a2d5a64cc /CMPID=1213b
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\Fierce\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Fierce\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=096d1b4957d247d39eb8a59d73e54eae-c044b9cf6a2340e54305bedc0147829a2d5a64cc /CMPID=0214c
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus SX235"
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX235"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ttesports] C:\Program Files (x86)\Ttesports\GamingKeyboard\HID.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{49DBC1F7-825A-4F66-A659-D0AFA3C5BF8F} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - 
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fierce\AppData\Roaming\Mozilla\Firefox\Profiles\y0kdep4u.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3318523&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1745FA35-7A43-4124-98D2-8F38721F97B0&SSPV=
FF - prefs.js: keyword.URL - 
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Fierce\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-12-5 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-12-5 42664]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-2-9 70256]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-12-6 21584]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-6-4 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-11 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-31 15129376]
R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2014-1-7 2916672]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2013-12-5 108128]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2013-12-5 228448]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2014-2-9 66728]
R3 GUKBFLTR;Gaming Keyboard;C:\Windows\System32\drivers\GUKBFLTR.sys [2013-12-25 29440]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2014-2-3 44928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-11 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-12-6 646248]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-12-6 58536]
S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2013-12-6 21584]
S2 Mongoose;Mongoose;C:\Users\Fierce\Documents\gta\Bypass\Server\mongoose-4.1 (SERVER).exe -- --> C:\Users\Fierce\Documents\gta\Bypass\Server\mongoose-4.1 (SERVER).exe -- [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-12 139592]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-12 418632]
S3 b06diag;Broadcom NetXtreme II Diag Driver;C:\Windows\System32\drivers\bxdiaga.sys [2013-3-14 88104]
S3 BFN7x64;Bigfoot Networks Killer Gaming Service;C:\Windows\System32\drivers\Xeno7x64.sys [2013-3-14 157288]
S3 bxfcoe;bxfcoe;C:\Windows\System32\drivers\bxfcoe.sys [2013-3-14 178216]
S3 bxois;bxois;C:\Windows\System32\drivers\bxois.sys [2013-3-14 539176]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;C:\Windows\System32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2013-3-14 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2013-3-14 42192]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-12 366216]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-12 786056]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-2-27 96768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-2-27 213504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-22 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-9-22 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-22 30208]
S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-22 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2014-02-13 23:28:20 -------- d-sh--w- C:\Windows\BitLockerDiscoveryVolumeContents
2014-02-13 23:28:20 -------- d-----w- C:\Windows\RemotePackages
2014-02-13 23:23:24 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 23:23:24 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 21:14:52 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 17:00:49 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2014-02-09 20:14:02 -------- d-----w- C:\Users\Fierce\AppData\Local\Blizzard
2014-02-09 18:00:18 66728 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys
2014-02-09 18:00:18 -------- d-----w- C:\Program Files\Virtual Audio Cable
2014-02-09 17:57:30 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2014-02-09 17:57:26 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2014-02-09 15:05:44 -------- d-----w- C:\Users\Fierce\AppData\Local\VMware
2014-02-09 15:00:56 70256 ----a-w- C:\Windows\System32\drivers\vsock.sys
2014-02-09 15:00:56 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2014-02-09 15:00:56 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2014-02-09 15:00:54 67224 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2014-02-09 15:00:30 357016 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2014-02-09 15:00:26 435864 ----a-w- C:\Windows\SysWow64\vmnat.exe
2014-02-09 15:00:26 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2014-02-09 15:00:22 933528 ----a-w- C:\Windows\System32\vnetlib64.dll
2014-02-09 15:00:16 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2014-02-09 14:59:57 -------- d-----w- C:\Program Files\Common Files\VMware
2014-02-09 14:59:40 -------- d-----w- C:\Program Files (x86)\VMware
2014-02-09 14:59:40 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2014-02-08 13:03:49 -------- d-----w- C:\Users\Fierce\AppData\Roaming\Awesomium
2014-02-08 12:49:49 -------- d-----w- C:\ProgramData\Elder Scrolls Online
2014-02-07 16:50:08 -------- d-----w- C:\Program Files (x86)\Zenimax Online
2014-02-05 18:46:39 -------- d-----w- C:\Users\Fierce\AppData\Local\Octodad Dadliest Catch
2014-02-05 18:44:17 -------- d-----w- C:\Program Files (x86)\Octodad Dadliest Catch
2014-02-05 15:37:54 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-02-04 21:36:15 -------- d-----w- C:\Users\Fierce\AppData\Local\CrashRpt
2014-02-04 21:36:14 -------- d-----w- C:\Users\Fierce\AppData\Roaming\DawngateData
2014-02-04 21:31:13 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-02-04 21:29:36 -------- d-----w- C:\Users\Fierce\AppData\Roaming\Origin
2014-02-04 21:29:35 -------- d-----w- C:\Users\Fierce\AppData\Local\Origin
2014-02-04 21:27:46 -------- d-----w- C:\ProgramData\Origin
2014-02-04 21:27:46 -------- d-----w- C:\ProgramData\Electronic Arts
2014-02-04 21:27:44 -------- d-----w- C:\Program Files (x86)\Origin
2014-02-03 21:24:58 -------- d-----w- C:\Users\Fierce\AppData\Local\mystart_ad
2014-02-03 21:24:45 -------- d-----w- C:\Users\Fierce\AppData\Local\ManyCam
2014-02-03 21:24:44 -------- d-----w- C:\ProgramData\ManyCam
2014-02-03 21:24:41 -------- d-----w- C:\Users\Fierce\AppData\Roaming\ManyCam
2014-02-03 21:24:40 44928 ----a-w- C:\Windows\System32\drivers\mcvidrv_x64.sys
2014-02-03 21:24:39 -------- d-----w- C:\Program Files (x86)\ManyCam
2014-02-03 19:33:09 -------- d-----w- C:\Users\Fierce\AppData\Local\NBTExplorer
2014-02-03 19:30:40 -------- d-----w- C:\Users\Fierce\.SquashOccurrences
2014-02-03 13:36:48 -------- d-----w- C:\Program Files (x86)\NBTExplorer
2014-02-02 18:54:20 -------- d-----w- C:\Users\Fierce\AppData\Roaming\.technic
2014-02-02 12:03:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-31 18:36:23 -------- d-----w- C:\Users\Fierce\AppData\Roaming\pdfforge
2014-01-31 18:36:21 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2014-01-31 18:36:21 65024 ----a-w- C:\Windows\System32\pdfcmon.dll
2014-01-31 18:36:21 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2014-01-31 18:36:21 1081616 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-01-31 18:36:20 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2014-01-31 18:36:20 -------- d-----w- C:\Program Files (x86)\PDFCreator
2014-01-31 18:35:03 -------- d-----w- C:\Users\Fierce\AppData\Local\WebPlayer
2014-01-30 21:01:27 -------- d-----w- C:\Users\Fierce\AppData\Local\Macromedia
2014-01-29 20:35:19 -------- d-----w- C:\Program Files (x86)\MSECache
2014-01-29 18:09:54 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-01-27 15:39:48 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2014-01-25 23:29:47 -------- d-----w- C:\Users\Fierce\AppData\Local\Apple Computer
2014-01-25 23:28:27 -------- d-----w- C:\Users\Fierce\AppData\Local\Apple
2014-01-24 23:27:56 -------- d-----w- C:\Program Files (x86)\Foxy Games
2014-01-24 23:27:56 -------- d-----w- C:\Downloads
2014-01-17 17:41:45 -------- d-----w- C:\Users\Fierce\AppData\Local\Unity
2014-01-16 10:45:21 -------- d-sh--w- C:\found.000
2014-01-15 21:22:57 -------- d-----w- C:\Program Files\Common Files\EPSON
2014-01-15 21:19:45 -------- d-----w- C:\Users\Fierce\AppData\Local\ABBYY
2014-01-15 21:19:32 -------- d-----w- C:\ProgramData\ABBYY
2014-01-15 21:19:32 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2014-01-15 21:19:32 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-01-15 21:18:38 -------- d-----w- C:\ProgramData\UDL
2014-01-15 21:17:40 -------- d-----w- C:\Program Files\Epson Software
2014-01-15 21:17:01 -------- d-----w- C:\Program Files (x86)\Epson Software
2014-01-15 20:57:22 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 20:57:22 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 20:57:22 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 20:57:22 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 20:57:22 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 20:57:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 20:57:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 20:57:21 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-15 20:57:21 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-04 21:33:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 21:33:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-30 15:44:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-12-30 15:44:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-12-30 15:44:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-12-30 15:44:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-12-25 13:13:26 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-12-25 11:58:06 1189329 ----a-w- C:\Windows\unins000.exe
2013-12-25 11:51:50 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 12:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-05 08:42:30 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 19:26:48 1884448 ----a-w- C:\Windows\System32\nvdispco6433193.dll
2013-11-23 19:26:48 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433193.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 17:42:10 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 12:48:21.20 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 14 February 2014 - 09:04 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Wubing

Wubing
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 February 2014 - 08:01 AM

Dont worry fixed it thanks

 

Admin close thread please



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 PM

Posted 17 February 2014 - 06:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users