Jump to content

mauno

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by mauno

  1. I ran all the scans again and found nothing, so it looks like everything is fine. Thanks a lot. However, I have a question. I've got an external hard drive on which I've been making backups so it's quite likely there might be infected files on there, too. Do I need to take any special precautions when I connect it or can I just connect it and run ESET on it?
  2. Actually, on a closer look, I see that the directory with some (but not all) of the 5 files was the ComboFix directory.
  3. Thanks, For some reason, that's all there is in the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK However, I had a look at the results before closing the scanner and it found 5 identified files deleting 4 of them including 2 of the same thing as before which had made a new directory on c:\
  4. Here it is: ComboFix 13-04-01.01 - Andres 02.04.2013 19:33:38.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.4355 [GMT 3:00] Running from: c:\users\Andres\Desktop\ComboFix.exe Command switches used :: c:\users\Andres\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01 c:\users\Andres\AppData\Roaming\WinLive c:\users\Andres\AppData\Roaming\WinLive\Interop.SHDocVw.dll c:\users\Andres\AppData\Roaming\WinLive\MSHTMLSubset.dll c:\users\Andres\AppData\Roaming\WinLive\tcookies.dat c:\users\Andres\AppData\Roaming\WinLive\WinLive.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 ))))))))))))))))))))))))))))))) . . 2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-02 00:07 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D6DD51B-A7EF-486A-831F-804CD06D196D}\mpengine.dll 2013-04-01 15:11 . 2013-04-01 15:11 -------- d-----w- c:\programdata\Hewlett-Packard 2013-04-01 15:11 . 2012-09-27 23:11 559616 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp140.DLL 2013-04-01 15:11 . 2012-09-27 23:11 407552 ----a-w- c:\windows\system32\hpcpn140.dll 2013-04-01 15:11 . 2012-09-27 23:05 408576 ----a-w- c:\windows\SysWow64\hpcc3140.DLL 2013-04-01 15:10 . 2012-08-30 16:52 512512 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL 2013-04-01 08:19 . 2013-04-01 08:19 -------- d---a-w- C:\Boot 2013-03-31 10:44 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-24 14:14 . 2012-11-29 22:01 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll 2013-03-17 21:50 . 2013-03-17 21:50 -------- d-----w- C:\VTRoot 2013-03-17 21:16 . 2013-03-17 21:16 -------- d-----w- c:\program files\Estonian ID Card 2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\users\Andres\AppData\Local\Comodo 2013-03-17 21:13 . 2013-03-31 12:57 56072 ----a-w- c:\windows\system32\certsentry.dll 2013-03-17 21:13 . 2013-03-31 12:57 47368 ----a-w- c:\windows\SysWow64\certsentry.dll 2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\programdata\Comodo Downloader 2013-03-17 21:12 . 2013-03-17 21:12 -------- d-----w- c:\program files\COMODO 2013-03-17 20:53 . 2013-03-17 21:13 -------- d-----w- c:\programdata\COMODO 2013-03-17 20:52 . 2013-03-31 12:57 -------- d-----w- c:\program files (x86)\Comodo 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Roaming\Yoono 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Local\Yoono 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\program files (x86)\Yoono Desktop 2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr 2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-15 21:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-12 12:29 . 2013-03-12 12:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-10 12:48 . 2013-03-10 12:48 208216 ----a-w- c:\windows\system32\drivers\94439785.sys 2013-03-10 11:09 . 2013-03-10 11:09 -------- d-----w- c:\program files (x86)\CodeStuff . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-26 18:47 . 2012-04-09 20:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-26 18:47 . 2011-05-16 06:11 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 21:21 . 2010-11-13 00:13 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 07:22 . 2012-09-10 22:18 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-13 07:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 07:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 07:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 07:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 07:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 07:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\opensc-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\onepin-opensc-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\esteid-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1488896 ----a-w- c:\windows\SysWow64\opensc.dll 2013-02-03 02:03 . 2013-02-03 02:03 424720 ----a-w- c:\windows\system32\esteidcm64.dll 2013-02-03 02:02 . 2013-02-03 02:02 349968 ----a-w- c:\windows\SysWow64\esteidcm.dll 2013-01-30 10:53 . 2010-11-12 23:24 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-24 20:43 . 2013-01-24 20:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll 2013-01-24 20:43 . 2013-01-24 20:43 461384 ----a-w- c:\windows\system32\guard64.dll 2013-01-24 20:43 . 2013-01-24 20:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll 2013-01-24 20:42 . 2013-01-24 20:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll 2013-01-24 20:42 . 2013-01-24 20:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll 2013-01-24 20:42 . 2013-01-24 20:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll 2013-01-24 20:42 . 2013-01-24 20:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll 2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 13:59 . 2010-10-24 19:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-16 17:51 . 2013-01-16 17:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-01-16 17:51 . 2013-01-16 17:51 699880 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2013-01-16 17:51 . 2013-01-16 17:51 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-01-16 17:51 . 2013-01-16 17:51 23176 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-01-05 05:53 . 2013-02-13 17:59 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 17:59 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 17:59 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 17:58 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 17:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 17:58 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 17:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 17:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 17:58 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 17:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 17:58 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 17:58 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . c:\users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 1207312] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-05-25 349736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-25 39464] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SmartCardRemoval;Smart Card Removal;c:\program files\Estonian ID Card\SmartCardRemoval.exe [2013-02-03 322832] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-08-16 89600] S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-08-15 2280504] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-03-28 2074768] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-04-09 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-10 382272] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376] S3 ALSysIO;ALSysIO;c:\users\Andres\AppData\Local\Temp\ALSysIO64.sys [x] S3 atrfiltr;atrfiltr;c:\windows\system32\drivers\atrfiltr.sys [2012-04-02 16184] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-25 173568] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-25 81408] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ALSYSIO . Contents of the 'Scheduled Tasks' folder . 2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:47] . 2013-03-24 c:\windows\Tasks\fba_baekap.job - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-28 09:58] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000Core.job - c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23] . 2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000UA.job - c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-16 487424] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1694016] "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\6796866796: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B424649423: NameServer = 8.26.56.26,156.154.70.22 DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab FF - ProfilePath - c:\users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; c:\users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . - - - - ORPHANS REMOVED - - - - . AddRemove-don't take it personally, babe, it just ain't your story - d:\games\don't take it personally AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-02 19:43:21 ComboFix-quarantined-files.txt 2013-04-02 16:43 ComboFix2.txt 2013-04-02 00:01 . Pre-Run: 32 146 268 160 bytes free Post-Run: 32 082 178 048 bytes free . - - End Of File - - B909BFCB2B581A592138852E616D5A10
  5. Here it is: ComboFix 13-04-01.01 - Andres 02.04.2013 2:33.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.4231 [GMT 3:00] Running from: c:\users\Andres\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Roaming c:\windows\iun6002.exe c:\windows\SysWow64\SET6468.tmp c:\windows\SysWow64\SET6E2E.tmp . . ((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 ))))))))))))))))))))))))))))))) . . 2013-04-01 23:44 . 2013-04-01 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-04-01 23:44 . 2013-04-01 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-01 15:11 . 2013-04-01 15:11 -------- d-----w- c:\programdata\Hewlett-Packard 2013-04-01 15:11 . 2012-09-27 23:11 559616 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp140.DLL 2013-04-01 15:11 . 2012-09-27 23:11 407552 ----a-w- c:\windows\system32\hpcpn140.dll 2013-04-01 15:11 . 2012-09-27 23:05 408576 ----a-w- c:\windows\SysWow64\hpcc3140.DLL 2013-04-01 15:10 . 2012-08-30 16:52 512512 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL 2013-04-01 14:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{953C14EB-F449-4BC4-91D6-419C4B3FD7C0}\mpengine.dll 2013-04-01 08:19 . 2013-04-01 08:19 -------- d---a-w- C:\Boot 2013-03-31 10:44 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-24 14:14 . 2012-11-29 22:01 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll 2013-03-17 21:50 . 2013-03-17 21:50 -------- d-----w- C:\VTRoot 2013-03-17 21:16 . 2013-03-17 21:16 -------- d-----w- c:\program files\Estonian ID Card 2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\users\Andres\AppData\Local\Comodo 2013-03-17 21:13 . 2013-03-31 12:57 56072 ----a-w- c:\windows\system32\certsentry.dll 2013-03-17 21:13 . 2013-03-31 12:57 47368 ----a-w- c:\windows\SysWow64\certsentry.dll 2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\programdata\Comodo Downloader 2013-03-17 21:12 . 2013-03-17 21:12 -------- d-----w- c:\program files\COMODO 2013-03-17 20:53 . 2013-03-17 21:13 -------- d-----w- c:\programdata\COMODO 2013-03-17 20:52 . 2013-03-31 12:57 -------- d-----w- c:\program files (x86)\Comodo 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Roaming\Yoono 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Local\Yoono 2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\program files (x86)\Yoono Desktop 2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr 2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-15 21:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-12 12:29 . 2013-03-12 12:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-10 12:48 . 2013-03-10 12:48 208216 ----a-w- c:\windows\system32\drivers\94439785.sys 2013-03-10 11:09 . 2013-03-10 11:09 -------- d-----w- c:\program files (x86)\CodeStuff . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-26 18:47 . 2012-04-09 20:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-26 18:47 . 2011-05-16 06:11 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 21:21 . 2010-11-13 00:13 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll 2013-02-18 07:22 . 2012-09-10 22:18 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2013-02-12 05:45 . 2013-03-13 07:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 07:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 07:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 07:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 07:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 07:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\opensc-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\onepin-opensc-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\esteid-pkcs11.dll 2013-02-03 22:09 . 2013-02-03 22:09 1488896 ----a-w- c:\windows\SysWow64\opensc.dll 2013-02-03 02:03 . 2013-02-03 02:03 424720 ----a-w- c:\windows\system32\esteidcm64.dll 2013-02-03 02:02 . 2013-02-03 02:02 349968 ----a-w- c:\windows\SysWow64\esteidcm.dll 2013-01-30 10:53 . 2010-11-12 23:24 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-24 20:43 . 2013-01-24 20:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll 2013-01-24 20:43 . 2013-01-24 20:43 461384 ----a-w- c:\windows\system32\guard64.dll 2013-01-24 20:43 . 2013-01-24 20:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll 2013-01-24 20:42 . 2013-01-24 20:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll 2013-01-24 20:42 . 2013-01-24 20:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll 2013-01-24 20:42 . 2013-01-24 20:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll 2013-01-24 20:42 . 2013-01-24 20:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll 2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 13:59 . 2010-10-24 19:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-16 17:51 . 2013-01-16 17:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys 2013-01-16 17:51 . 2013-01-16 17:51 699880 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2013-01-16 17:51 . 2013-01-16 17:51 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2013-01-16 17:51 . 2013-01-16 17:51 23176 ----a-w- c:\windows\system32\drivers\cmderd.sys 2013-01-05 05:53 . 2013-02-13 17:59 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 17:59 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 17:59 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 17:58 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 17:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 17:58 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 17:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 17:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 17:58 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 17:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 17:58 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 17:58 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . c:\users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 1207312] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-05-25 349736] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-25 39464] R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SmartCardRemoval;Smart Card Removal;c:\program files\Estonian ID Card\SmartCardRemoval.exe [2013-02-03 322832] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-08-16 89600] S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-08-15 2280504] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200] S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-03-28 2074768] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336] S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-04-09 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-10 382272] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376] S3 ALSysIO;ALSysIO;c:\users\Andres\AppData\Local\Temp\ALSysIO64.sys [x] S3 atrfiltr;atrfiltr;c:\windows\system32\drivers\atrfiltr.sys [2012-04-02 16184] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-25 173568] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-25 81408] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720] . . Contents of the 'Scheduled Tasks' folder . 2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:47] . 2013-03-24 c:\windows\Tasks\fba_baekap.job - c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-28 09:58] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000Core.job - c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23] . 2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000UA.job - c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-16 487424] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1694016] "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 85.253.0.2 85.253.0.130 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}: NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B424649423: NameServer = 8.26.56.26,156.154.70.22 DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab FF - ProfilePath - c:\users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; c:\users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . - - - - ORPHANS REMOVED - - - - . SafeBoot-91710032.sys AddRemove-don't take it personally, babe, it just ain't your story - d:\games\don't take it personally AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-04-02 03:01:50 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-02 00:01 . Pre-Run: 28 282 290 176 bytes free Post-Run: 32 079 888 384 bytes free . - - End Of File - - BBCB7D5720F12E737CBB3446D856A8D3
  6. Thanks, here's the log: aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-03-31 23:46:28 ----------------------------- 23:46:28.467 OS Version: Windows x64 6.1.7601 Service Pack 1 23:46:28.467 Number of processors: 4 586 0x2505 23:46:28.468 ComputerName: MASIN UserName: 23:46:29.553 Initialize success 23:46:38.483 AVAST engine defs: 13033100 23:46:43.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:46:43.209 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3 23:46:43.850 Disk 0 MBR read successfully 23:46:43.853 Disk 0 MBR scan 23:46:43.858 Disk 0 unknown MBR code 23:46:43.887 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:46:43.959 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132000 MB offset 206848 23:46:44.005 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269838 MB offset 270542848 23:46:44.027 Disk 0 Partition - 00 0F Extended LBA 74999 MB offset 823173118 23:46:44.138 Disk 0 Partition 4 00 83 Linux 500 MB offset 823173120 23:46:44.147 Disk 0 Partition - 00 05 Extended 6675 MB offset 824199105 23:46:44.198 Disk 0 Partition 5 00 82 Linux swap 6675 MB offset 824199168 23:46:44.206 Disk 0 Partition - 00 05 Extended 19072 MB offset 838897540 23:46:44.251 Disk 0 Partition 6 00 83 Linux 19072 MB offset 837871616 23:46:44.459 Disk 0 Partition - 00 05 Extended 48749 MB offset 891631492 23:46:44.577 Disk 0 Partition 7 00 83 Linux 48749 MB offset 876933120 23:46:45.265 Disk 0 scanning C:\Windows\system32\drivers 23:47:49.618 Service scanning 23:48:25.958 Modules scanning 23:48:25.975 Disk 0 trace - called modules: 23:48:26.009 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:48:26.016 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b7a060] 23:48:26.022 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa800600c620] 23:48:26.028 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068f4050] 23:48:28.236 AVAST engine scan C:\Windows 23:48:59.772 AVAST engine scan C:\Windows\system32 00:07:10.745 AVAST engine scan C:\Windows\system32\drivers 00:08:54.371 AVAST engine scan C:\Users\Andres 00:36:21.046 File: C:\Users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01 **INFECTED** Win32:Agent-AQXH [Trj] 00:42:29.139 File: C:\Users\Andres\AppData\Local\Temp\MBinder\mpc.exe **INFECTED** Win32:Malware-gen 01:22:50.498 File: C:\Users\Andres\AppData\Roaming\WinLive\WinLive.dll **INFECTED** Win32:Adware-gen [Adw] 01:31:45.816 AVAST engine scan C:\ProgramData 01:35:28.831 Scan finished successfully 01:37:21.246 Verifying 01:37:31.306 Disk 0 Windows 601 MBR fixed successfully 01:37:43.337 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat" 01:37:43.343 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt" Or did you mean I should rescan after fixing and then post the log?
  7. Hi, Thanks a lot for the quick reply. Here are my logs: Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Andres :: MASIN [administrator] Protection: Enabled 31.03.2013 16:26:06 mbam-log-2013-03-31 (16-26-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234868 Time elapsed: 7 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.MSIL) -> Data: C:\Users\Andres\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Andres\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.MSIL) -> Quarantined and deleted successfully. (end) ___________________________________________________ aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-03-31 16:35:01 ----------------------------- 16:35:01.208 OS Version: Windows x64 6.1.7601 Service Pack 1 16:35:01.208 Number of processors: 4 586 0x2505 16:35:01.209 ComputerName: MASIN UserName: 16:35:06.304 Initialize success 16:38:03.734 AVAST engine defs: 13033100 16:38:13.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:38:13.567 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3 16:38:13.671 Disk 0 MBR read successfully 16:38:13.676 Disk 0 MBR scan 16:38:13.683 Disk 0 unknown MBR code 16:38:13.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:38:13.751 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132000 MB offset 206848 16:38:13.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269838 MB offset 270542848 16:38:13.810 Disk 0 Partition - 00 0F Extended LBA 74999 MB offset 823173118 16:38:13.842 Disk 0 Partition 4 00 83 Linux 500 MB offset 823173120 16:38:13.850 Disk 0 Partition - 00 05 Extended 6675 MB offset 824199105 16:38:13.864 Disk 0 Partition 5 00 82 Linux swap 6675 MB offset 824199168 16:38:13.872 Disk 0 Partition - 00 05 Extended 19072 MB offset 838897540 16:38:13.885 Disk 0 Partition 6 00 83 Linux 19072 MB offset 837871616 16:38:13.895 Disk 0 Partition - 00 05 Extended 48749 MB offset 891631492 16:38:13.913 Disk 0 Partition 7 00 83 Linux 48749 MB offset 876933120 16:38:13.998 Disk 0 scanning C:\Windows\system32\drivers 16:38:31.474 Service scanning 16:39:04.866 Modules scanning 16:39:04.879 Disk 0 trace - called modules: 16:39:04.917 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 16:39:04.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b7a060] 16:39:04.932 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa800600c620] 16:39:04.939 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068f4050] 16:39:08.021 AVAST engine scan C:\Windows 16:39:10.399 AVAST engine scan C:\Windows\system32 16:44:00.690 AVAST engine scan C:\Windows\system32\drivers 16:44:22.014 AVAST engine scan C:\Users\Andres 16:59:07.455 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat" 16:59:07.472 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt" 16:59:54.005 File: C:\Users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01 **INFECTED** Win32:Agent-AQXH [Trj] 17:02:44.993 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat" 17:02:44.999 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt" 17:12:16.544 File: C:\Users\Andres\AppData\Local\Temp\MBinder\mpc.exe **INFECTED** Win32:Malware-gen 17:55:09.709 File: C:\Users\Andres\AppData\Roaming\WinLive\WinLive.dll **INFECTED** Win32:Adware-gen [Adw] 18:05:30.693 AVAST engine scan C:\ProgramData 18:10:50.795 Scan finished successfully 18:10:57.076 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat" 18:10:57.088 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt" _____________________________________________ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Andres at 18:13:32 on 2013-03-31 Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.2647 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k SDRSVC D:\Downloads\aswMBR.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: AutorunsDisabled - <orphaned> BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe StartupFolder: C:\Users\Andres\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : DHCPNameServer = 85.253.0.2 85.253.0.130 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\251616D6164757B6F67657 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\3596475636F6D6145463135343 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : DHCPNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B4246494 : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D457C6769602255696379646 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Profiles\e13z0qg2.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nppl3260.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nprpjplug.dll FF - plugin: C:\Users\Andres\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-18 89600] R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-28 2074768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-13 13336] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064] R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-11-13 81920] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-4-9 11576] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-10 382272] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376] R3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-3 16184] R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568] R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-13 301232] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-2-19 245760] S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2011-5-25 349736] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-25 39464] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-15 19032] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-15 12384] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456] S3 SmartCardRemoval;Smart Card Removal;C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [2013-2-4 322832] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2013-03-31 10:44:31 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\mpengine.dll 2013-03-30 22:33:26 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-24 14:14:49 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll 2013-03-17 21:50:26 -------- d--h--w- C:\VTRoot 2013-03-17 21:16:00 -------- d-----w- C:\Program Files\Estonian ID Card 2013-03-17 21:13:14 -------- d-----w- C:\Users\Andres\AppData\Local\Comodo 2013-03-17 21:13:08 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-03-17 21:13:08 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-03-17 21:13:00 -------- d-----w- C:\ProgramData\Comodo Downloader 2013-03-17 21:12:58 -------- d-----w- C:\Program Files\COMODO 2013-03-17 20:53:06 -------- d-----w- C:\ProgramData\COMODO 2013-03-17 20:52:33 -------- d-----w- C:\Program Files (x86)\Comodo 2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Roaming\Yoono 2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Local\Yoono 2013-03-17 13:03:06 -------- d-----w- C:\Program Files (x86)\Yoono Desktop 2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-15 21:17:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-10 12:48:24 208216 ----a-w- C:\Windows\System32\drivers\94439785.sys 2013-03-10 11:09:49 -------- d-----w- C:\Program Files (x86)\CodeStuff 2013-03-01 18:39:07 -------- d-----w- C:\Program Files (x86)\Firaxis Games 2013-03-01 18:23:06 -------- d-----w- C:\Users\Andres\AppData\Roaming\Firaxis Games . ==================== Find3M ==================== . 2013-03-26 18:47:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-26 18:47:31 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-18 07:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll 2013-02-18 07:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2013-02-18 07:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\opensc-pkcs11.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\esteid-pkcs11.dll 2013-02-03 22:09:22 1488896 ----a-w- C:\Windows\SysWow64\opensc.dll 2013-02-03 02:03:22 424720 ----a-w- C:\Windows\System32\esteidcm64.dll 2013-02-03 02:02:46 349968 ----a-w- C:\Windows\SysWow64\esteidcm.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-24 20:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll 2013-01-24 20:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll 2013-01-24 20:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll 2013-01-24 20:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll 2013-01-24 20:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll 2013-01-24 20:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll 2013-01-24 20:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll 2013-01-20 13:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 13:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-16 17:51:46 699880 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-01-16 17:51:46 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2013-01-16 17:51:44 23176 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 18:13:52,96 =============== _____________________________________________ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 13.11.2010 0:14:08 System Uptime: 31.03.2013 16:21:06 (2 hours ago) . Motherboard: Dell Inc. | | 0N5KHN Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 129 GiB total, 27,46 GiB free. D: is FIXED (NTFS) - 264 GiB total, 3,848 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\SMO8800\1 Manufacturer: Name: PNP Device ID: ACPI\SMO8800\1 Service: . Class GUID: Description: Broadcom USH Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000 Manufacturer: Name: Broadcom USH PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000 Service: . ==== System Restore Points =================== . RP490: 28.03.2013 16:21:30 - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) ActiveState Komodo Edit 6.0.3 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin BioShock Braid calibre 64bit Canon G.726 WMP-Decoder Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX CDDRV_Installer CodeStuff Starter Comodo Dragon COMODO Internet Security ConvertHelper 2.2 Core Temp version 0.99.7 Crystal Reports for Visual Studio Dell Client System Update Dell Driver Download Manager Dell Feature Enhancement Pack Dell Touchpad Democracy 2 Demo don't take it personally, babe, it just ain't your story 1.1 Eesti ID-kaardi tarkvara 3.7.0.1124 (64 bit) erLT FBackup 4 FeedDemon Festart Dictionary: English-Estonian v2010.03 Professional Football Manager 2013 GIMP 2.8.0 Google Chrome HL-2130 IDT Audio ImgBurn Intel PROSet Wireless Intel® Network Connections 14.8.43.0 Intel® Rapid Storage Technology Intel® PROSet/Wireless WiFi Software Intel® PROSet/Wireless WiMAX Software K-Lite Codec Pack (64-bit) v4.2.0 K-Lite Codec Pack 6.7.4 (Standard) KhalInstallWrapper King's Quest I: Quest for the Crown (4.1c) LibreOffice 3.6 LiveUSB Creator (remove only) Logitech SetPoint Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Help Viewer 1.0 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio Macro Tools MiKTeX 2.9 MiniTool Partition Wizard Home Edition 7.6 MozBackup 1.5.1 Mozilla Firefox 19.0.2 (x86 et) Mozilla Maintenance Service Mozilla Thunderbird 17.0.4 (x86 et) Notepad++ Nous Ver: 1.04 NVIDIA 3D Vision Driver 296.79 NVIDIA Control Panel 296.79 NVIDIA Graphics Driver 296.79 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA nView 136.28 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NX Client for Windows 3.4.0-10 OpenVPN Client PDF-Viewer PDF-XChange Viewer PDF Password Remover PeerBlock 1.1 (r518) Picasa 3 Pidgin PVSonyDll Python 2.7.3 (64-bit) Python 3.1.3 (64-bit) Quadrax IV Quadrax VI Real Alternative 2.0.2 RICOH Media Driver ver.2.11.01.02 Secunia PSI (2.0.0.1003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Sid Meier's Civilization IV Complete Sid Meier's Civilization V Skype™ 6.1 Steam Strawberry Perl SyncToy 2.1 (x64) The Cat and the Coup The Elder Scrolls IV: Oblivion The KMPlayer (remove only) The Longest Journey TightVNC 2.0.2 Trine TrueCrypt Ultra Defragmenter Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WIDCOMM Bluetooth Software WinDjView 1.0.3 WinSCP 4.3.2 WinUtilities 10.53 Free Edition VirtualCloneDrive Wise Registry Cleaner 7.45 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU World of Goo Yoono Desktop 1.8.37 . ==== Event Viewer Messages From Past Week ======== . 31.03.2013 16:24:47, Error: WudfUsbccidDriver [6] - Invalid data. Name: VendorIoctl Value: 0x313520 31.03.2013 16:24:47, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL 0x313520: Incorrect function. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 31.03.2013 0:32:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 31.03.2013 0:32:44, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
  8. Hello, MBAM has detected a Trojan.MSIL in AppData\Roaming\MCommon\WindowsLiveUpdate.exe I delete it but it reappears after restarting the computer. Comodo Internet security has also detected the same file and also in AppData\Local\Temp a file with the same name as Unclassified Malware. Can you help me? Here's the output of DDS: ________DDS.txt_____________ DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Andres at 14:19:52 on 2013-03-31 Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.3569 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\COMODO\COMODO Internet Security\cis.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: AutorunsDisabled - <orphaned> BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe StartupFolder: C:\Users\Andres\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : DHCPNameServer = 85.253.0.2 85.253.0.130 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\251616D6164757B6F67657 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\3596475636F6D6145463135343 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : DHCPNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B4246494 : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D457C6769602255696379646 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : NameServer = 8.26.56.26,156.154.70.22 TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : DHCPNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\ FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - component: C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Profiles\e13z0qg2.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nppl3260.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nprpjplug.dll FF - plugin: C:\Users\Andres\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-18 89600] R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200] R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-12 2074768] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-13 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 682344] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-11-13 81920] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-4-9 11576] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-10 382272] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840] R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376] R3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-3 16184] R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568] R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-13 301232] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 24176] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064] S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-2-19 245760] S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2011-5-25 349736] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-25 39464] S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-15 19032] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-15 12384] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456] S3 SmartCardRemoval;Smart Card Removal;C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [2013-2-4 322832] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2013-03-31 10:45:50 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\offreg.dll 2013-03-31 10:44:31 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\mpengine.dll 2013-03-30 22:33:26 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-03-24 14:14:49 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll 2013-03-17 21:50:26 -------- d--h--w- C:\VTRoot 2013-03-17 21:16:00 -------- d-----w- C:\Program Files\Estonian ID Card 2013-03-17 21:13:14 -------- d-----w- C:\Users\Andres\AppData\Local\Comodo 2013-03-17 21:13:08 56072 ----a-w- C:\Windows\System32\certsentry.dll 2013-03-17 21:13:08 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll 2013-03-17 21:13:00 -------- d-----w- C:\ProgramData\Comodo Downloader 2013-03-17 21:12:58 -------- d-----w- C:\Program Files\COMODO 2013-03-17 20:53:06 -------- d-----w- C:\ProgramData\COMODO 2013-03-17 20:52:33 -------- d-----w- C:\Program Files (x86)\Comodo 2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Roaming\Yoono 2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Local\Yoono 2013-03-17 13:03:06 -------- d-----w- C:\Program Files (x86)\Yoono Desktop 2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-15 21:17:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-10 12:48:24 208216 ----a-w- C:\Windows\System32\drivers\94439785.sys 2013-03-10 11:09:49 -------- d-----w- C:\Program Files (x86)\CodeStuff 2013-03-01 18:39:07 -------- d-----w- C:\Program Files (x86)\Firaxis Games 2013-03-01 18:23:06 -------- d-----w- C:\Users\Andres\AppData\Roaming\Firaxis Games . ==================== Find3M ==================== . 2013-03-26 18:47:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-26 18:47:31 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-18 07:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll 2013-02-18 07:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2013-02-18 07:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\opensc-pkcs11.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll 2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\esteid-pkcs11.dll 2013-02-03 22:09:22 1488896 ----a-w- C:\Windows\SysWow64\opensc.dll 2013-02-03 02:03:22 424720 ----a-w- C:\Windows\System32\esteidcm64.dll 2013-02-03 02:02:46 349968 ----a-w- C:\Windows\SysWow64\esteidcm.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-24 20:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll 2013-01-24 20:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll 2013-01-24 20:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll 2013-01-24 20:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll 2013-01-24 20:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll 2013-01-24 20:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll 2013-01-24 20:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll 2013-01-20 13:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-01-20 13:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2013-01-16 17:51:46 699880 ----a-w- C:\Windows\System32\drivers\cmdguard.sys 2013-01-16 17:51:46 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2013-01-16 17:51:44 23176 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ============= FINISH: 14:20:40,51 =============== ___________ Attach.txt ____________________________ . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 13.11.2010 0:14:08 System Uptime: 31.03.2013 11:54:27 (3 hours ago) . Motherboard: Dell Inc. | | 0N5KHN Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | CPU 1 | 2373/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 129 GiB total, 27,886 GiB free. D: is FIXED (NTFS) - 264 GiB total, 3,853 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ACPI\SMO8800\1 Manufacturer: Name: PNP Device ID: ACPI\SMO8800\1 Service: . Class GUID: Description: Broadcom USH Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000 Manufacturer: Name: Broadcom USH PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000 Service: . ==== System Restore Points =================== . RP490: 28.03.2013 16:21:30 - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) ActiveState Komodo Edit 6.0.3 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin µTorrent BioShock Braid calibre 64bit Canon G.726 WMP-Decoder Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon RAW Image Task for ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Canon Utilities CameraWindow Canon Utilities CameraWindow DC Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities MyCamera Canon Utilities MyCamera DC Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX CDDRV_Installer CodeStuff Starter Comodo Dragon COMODO Internet Security ConvertHelper 2.2 Core Temp version 0.99.7 Crystal Reports for Visual Studio Dell Client System Update Dell Driver Download Manager Dell Feature Enhancement Pack Dell Touchpad Democracy 2 Demo don't take it personally, babe, it just ain't your story 1.1 Eesti ID-kaardi tarkvara 3.7.0.1124 (64 bit) erLT FBackup 4 FeedDemon Festart Dictionary: English-Estonian v2010.03 Professional Football Manager 2013 GIMP 2.8.0 Google Chrome HL-2130 IDT Audio ImgBurn Intel PROSet Wireless Intel® Network Connections 14.8.43.0 Intel® Rapid Storage Technology Intel® PROSet/Wireless WiFi Software Intel® PROSet/Wireless WiMAX Software K-Lite Codec Pack (64-bit) v4.2.0 K-Lite Codec Pack 6.7.4 (Standard) KhalInstallWrapper King's Quest I: Quest for the Crown (4.1c) LibreOffice 3.6 LiveUSB Creator (remove only) Logitech SetPoint Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Help Viewer 1.0 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Sync Framework Runtime v1.0 SP1 (x64) Microsoft Sync Framework SDK v1.0 SP1 Microsoft Sync Framework Services v1.0 SP1 (x64) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) Microsoft Team Foundation Server 2010 Object Model - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio Macro Tools MiKTeX 2.9 MiniTool Partition Wizard Home Edition 7.6 MozBackup 1.5.1 Mozilla Firefox 19.0.2 (x86 et) Mozilla Maintenance Service Mozilla Thunderbird 17.0.4 (x86 et) Notepad++ Nous Ver: 1.04 NVIDIA 3D Vision Driver 296.79 NVIDIA Control Panel 296.79 NVIDIA Graphics Driver 296.79 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA nView 136.28 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA Stereoscopic 3D Driver NX Client for Windows 3.4.0-10 OpenVPN Client PDF-Viewer PDF-XChange Viewer PDF Password Remover Picasa 3 Pidgin PVSonyDll Python 2.7.3 (64-bit) Python 3.1.3 (64-bit) Quadrax IV Quadrax VI Real Alternative 2.0.2 RICOH Media Driver ver.2.11.01.02 Secunia PSI (2.0.0.1003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Sid Meier's Civilization IV Complete Sid Meier's Civilization V Skype™ 6.1 Steam Strawberry Perl SyncToy 2.1 (x64) The Cat and the Coup The Elder Scrolls IV: Oblivion The KMPlayer (remove only) The Longest Journey TightVNC 2.0.2 Trine TrueCrypt Ultra Defragmenter Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WIDCOMM Bluetooth Software WinDjView 1.0.3 WinSCP 4.3.2 WinUtilities 10.53 Free Edition VirtualCloneDrive Wise Registry Cleaner 7.45 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU World of Goo Yoono Desktop 1.8.37 . ==== Event Viewer Messages From Past Week ======== . 31.03.2013 12:13:47, Error: WudfUsbccidDriver [6] - Invalid data. Name: VendorIoctl Value: 0x313520 31.03.2013 12:13:47, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL 0x313520: Incorrect function. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 31.03.2013 0:32:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 31.03.2013 0:32:44, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.