Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

i feel like i blew up my computer this morning :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

i feel like i blew up my computer this morning :(

Unread postby konagold » May 2nd, 2014, 5:55 pm

Hello, and thanks for the help. This morning my computer started acting up. I had a cell phone that I needed to recover some lost data from and downloaded a few programs that were supposed to help. I realized that I couldnt use them because they required root access to my phone and my phone isnt rooted. That being said I uninstalled those programs but I believe there was some malware attached that was not uninstalled. Problems included an inability to reach many websites as I would get SSL certificate warnings, my anti virus (Comodo) stopped. I tried system restore but it did not work and the reason given was a failure to extract files pertaining to my Comodo anti virus software.

I ran Malwarebytes and Comodo and found nothing (quick scans only)
I ran hijack this and have a log. See multiple "file missing" notations.
-----------


DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2009 8:21:38 AM
System Uptime: 5/2/2014 4:48:49 PM (0 hours ago)
.
Motherboard: LENOVO | | KL1
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 1.852 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 4.65 (x64 edition)
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.5.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T U-verse Media Share Wizard
BitTorrent
Bonjour
Canon MX410 series MP Drivers
CCleaner
COMODO Internet Security
D3DX10
Dolby Control Center
Dropbox
EasyCapture
Energy Management
Google Chrome
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Solid-State Drive Toolbox
iTunes
JMicron Flash Media Controller Driver
Lenovo EasyCamera
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PdaNet+ for Android 4.12
Plex Media Server
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Skype™ 5.10
StarBurn Version 13 (Build 0x20110818)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Synaptics Pointing Device Driver
TeamViewer 9
VCRedistSetup
VLC media player 1.1.11
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
5/2/2014 4:50:18 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/2/2014 4:49:12 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
5/2/2014 4:21:29 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
5/2/2014 4:20:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/2/2014 4:19:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/2/2014 4:19:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/2/2014 4:19:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/2/2014 4:19:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/2/2014 4:19:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/2/2014 4:19:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cmdGuard discache spldr Wanarpv6
5/2/2014 12:15:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
5/2/2014 10:11:48 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
5/1/2014 10:27:55 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
4/28/2014 9:25:13 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
4/27/2014 5:33:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NOEMI-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{43329EFB-A7E5-43D3-9240-D2590AC1EEC4}. The master browser is stopping or an election is being forced.
4/25/2014 10:56:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Marie at 16:50:09 on 2014-05-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3933.2152 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:51483;https=127.0.0.1:51483
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [Google Update] "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [kbdsprt] <no file>
mExplorerRun: [localSPM] C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exe
StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{43329EFB-A7E5-43D3-9240-D2590AC1EEC4} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{43329EFB-A7E5-43D3-9240-D2590AC1EEC4}\14B444946427F6E647F46666963656D275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{43329EFB-A7E5-43D3-9240-D2590AC1EEC4}\2375942554035323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{43329EFB-A7E5-43D3-9240-D2590AC1EEC4}\2456C6B696E6E243346434 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{43329EFB-A7E5-43D3-9240-D2590AC1EEC4}\D696461637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C2606288-A405-4293-A517-2ECAEE439609} : NameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2010-4-9 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 48360]
R1 funfrm;funfrm;C:\Windows\System32\drivers\funfrm.sys [2010-1-12 73744]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-4-25 5024576]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2009-12-2 26128]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-3-15 145408]
R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\System32\drivers\ITECIRfilter.sys [2011-3-22 28264]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-5-18 143320]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-11-4 15360]
R3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2013-8-5 17920]
R3 vm331avs;Lenovo EasyCamera;C:\Windows\System32\drivers\vm331avs.sys [2009-11-30 1037824]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-4-26 2264280]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-7 5435904]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2013-8-5 157160]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-05-02 15:43:19 -------- d-----w- C:\potatoshare
2014-05-02 15:22:40 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-05-02 15:22:40 170960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2014-05-02 15:22:39 46704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-05-02 15:22:39 411368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2014-05-02 15:22:39 28272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-05-02 15:22:39 16192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
2014-05-02 15:22:39 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2014-05-02 15:22:39 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-05-02 14:51:17 -------- d-----w- C:\Myjad
2014-05-02 14:43:37 -------- d-----w- C:\Coolmuster
2014-05-02 14:43:16 -------- d-----w- C:\Program Files (x86)\Coolmuster
2014-05-02 13:12:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-02 13:12:42 -------- d-----w- C:\Program Files\iTunes
2014-05-02 13:12:42 -------- d-----w- C:\Program Files\iPod
2014-05-02 13:12:42 -------- d-----w- C:\Program Files (x86)\iTunes
2014-04-29 13:01:26 -------- d-----w- C:\Users\Marie\AppData\Local\Wondershare
2014-04-29 13:00:38 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2014-04-29 13:00:09 -------- d-----w- C:\ProgramData\Wondershare
2014-04-29 13:00:09 -------- d-----w- C:\Program Files (x86)\Wondershare
2014-04-26 17:44:08 -------- d-----w- C:\Users\Marie\AppData\Roaming\Comodo
2014-04-26 17:42:29 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-04-26 17:20:29 -------- d-----w- C:\ProgramData\Shared Space
2014-04-26 17:20:17 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-04-26 17:20:17 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2014-04-26 17:20:17 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-04-26 17:20:17 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-04-25 16:50:28 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EF9E397-AF3A-4BE3-B381-192654191647}\offreg.dll
.
==================== Find3M ====================
.
2014-04-29 02:48:24 17293704 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-04-16 21:12:56 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-04-16 21:12:55 738472 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2014-04-16 21:12:55 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-03-25 19:22:37 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-03-25 19:22:36 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-03-25 19:22:35 453680 ----a-w- C:\Windows\System32\guard64.dll
2014-03-12 00:48:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:48:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 16:51:19.01 ===============
konagold
Active Member
 
Posts: 1
Joined: May 2nd, 2014, 5:37 pm
Advertisement
Register to Remove

Re: i feel like i blew up my computer this morning :(

Unread postby wannabeageek » May 4th, 2014, 1:00 pm

Hi konagold,

You should be aware that there are signs of a commercial keylogging program on your computer

Because it is impossible for us to establish ownership of the computer whose log you have posted, we are also unable to establish whether the program was installed with the owners permission. There may be legal ramifications with its removal which we are not equipped or trained to deal with. Because of this, we are unable to give directions to remove it from the computer.
  • If this is a Company machine, and you feel the program was not installed by your company, notify your company's IT department or those responsible for computer security.
  • If this is a private machine you may wish to take legal advice. Removal, also may need to be done by a suitably qualified professional.


wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: i feel like i blew up my computer this morning :(

Unread postby Gary R » May 7th, 2014, 1:26 am

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware