Jump to content

Trojan.MSIL keeps coming back


Recommended Posts

Hello,

MBAM has detected a Trojan.MSIL in AppData\Roaming\MCommon\WindowsLiveUpdate.exe I delete it but it reappears after restarting the computer.

Comodo Internet security has also detected the same file and also in AppData\Local\Temp a file with the same name as Unclassified Malware.

Can you help me?

Here's the output of DDS:

________DDS.txt_____________

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by Andres at 14:19:52 on 2013-03-31

Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.3569 [GMT 3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: AutorunsDisabled - <orphaned>

BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

StartupFolder: C:\Users\Andres\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : DHCPNameServer = 85.253.0.2 85.253.0.130

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\251616D6164757B6F67657 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\3596475636F6D6145463135343 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : DHCPNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B4246494 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D457C6769602255696379646 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless

x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Profiles\e13z0qg2.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nppl3260.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nprpjplug.dll

FF - plugin: C:\Users\Andres\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-18 89600]

R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-12 2074768]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-13 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 682344]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]

R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-11-13 81920]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-4-9 11576]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-10 382272]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]

R3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-3 16184]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-13 301232]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 24176]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]

S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-2-19 245760]

S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2011-5-25 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-25 39464]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-15 19032]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-15 12384]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]

S3 SmartCardRemoval;Smart Card Removal;C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [2013-2-4 322832]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-03-31 10:45:50 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\offreg.dll

2013-03-31 10:44:31 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\mpengine.dll

2013-03-30 22:33:26 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-24 14:14:49 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll

2013-03-17 21:50:26 -------- d--h--w- C:\VTRoot

2013-03-17 21:16:00 -------- d-----w- C:\Program Files\Estonian ID Card

2013-03-17 21:13:14 -------- d-----w- C:\Users\Andres\AppData\Local\Comodo

2013-03-17 21:13:08 56072 ----a-w- C:\Windows\System32\certsentry.dll

2013-03-17 21:13:08 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll

2013-03-17 21:13:00 -------- d-----w- C:\ProgramData\Comodo Downloader

2013-03-17 21:12:58 -------- d-----w- C:\Program Files\COMODO

2013-03-17 20:53:06 -------- d-----w- C:\ProgramData\COMODO

2013-03-17 20:52:33 -------- d-----w- C:\Program Files (x86)\Comodo

2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Roaming\Yoono

2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Local\Yoono

2013-03-17 13:03:06 -------- d-----w- C:\Program Files (x86)\Yoono Desktop

2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-15 21:17:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-10 12:48:24 208216 ----a-w- C:\Windows\System32\drivers\94439785.sys

2013-03-10 11:09:49 -------- d-----w- C:\Program Files (x86)\CodeStuff

2013-03-01 18:39:07 -------- d-----w- C:\Program Files (x86)\Firaxis Games

2013-03-01 18:23:06 -------- d-----w- C:\Users\Andres\AppData\Roaming\Firaxis Games

.

==================== Find3M ====================

.

2013-03-26 18:47:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-26 18:47:31 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-18 07:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-02-18 07:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2013-02-18 07:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\opensc-pkcs11.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\esteid-pkcs11.dll

2013-02-03 22:09:22 1488896 ----a-w- C:\Windows\SysWow64\opensc.dll

2013-02-03 02:03:22 424720 ----a-w- C:\Windows\System32\esteidcm64.dll

2013-02-03 02:02:46 349968 ----a-w- C:\Windows\SysWow64\esteidcm.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-24 20:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-01-24 20:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll

2013-01-24 20:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-01-24 20:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-01-24 20:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-01-24 20:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-01-24 20:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-01-20 13:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 13:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-16 17:51:46 699880 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-01-16 17:51:46 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-01-16 17:51:44 23176 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 14:20:40,51 ===============

___________ Attach.txt ____________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 13.11.2010 0:14:08

System Uptime: 31.03.2013 11:54:27 (3 hours ago)

.

Motherboard: Dell Inc. | | 0N5KHN

Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | CPU 1 | 2373/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 129 GiB total, 27,886 GiB free.

D: is FIXED (NTFS) - 264 GiB total, 3,853 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SMO8800\1

Manufacturer:

Name:

PNP Device ID: ACPI\SMO8800\1

Service:

.

Class GUID:

Description: Broadcom USH

Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Manufacturer:

Name: Broadcom USH

PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Service:

.

==== System Restore Points ===================

.

RP490: 28.03.2013 16:21:30 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ActiveState Komodo Edit 6.0.3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

µTorrent

BioShock

Braid

calibre 64bit

Canon G.726 WMP-Decoder

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

CDDRV_Installer

CodeStuff Starter

Comodo Dragon

COMODO Internet Security

ConvertHelper 2.2

Core Temp version 0.99.7

Crystal Reports for Visual Studio

Dell Client System Update

Dell Driver Download Manager

Dell Feature Enhancement Pack

Dell Touchpad

Democracy 2 Demo

don't take it personally, babe, it just ain't your story 1.1

Eesti ID-kaardi tarkvara 3.7.0.1124 (64 bit)

erLT

FBackup 4

FeedDemon

Festart Dictionary: English-Estonian v2010.03 Professional

Football Manager 2013

GIMP 2.8.0

Google Chrome

HL-2130

IDT Audio

ImgBurn

Intel PROSet Wireless

Intel® Network Connections 14.8.43.0

Intel® Rapid Storage Technology

Intel® PROSet/Wireless WiFi Software

Intel® PROSet/Wireless WiMAX Software

K-Lite Codec Pack (64-bit) v4.2.0

K-Lite Codec Pack 6.7.4 (Standard)

KhalInstallWrapper

King's Quest I: Quest for the Crown (4.1c)

LibreOffice 3.6

LiveUSB Creator (remove only)

Logitech SetPoint

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.0

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft Sync Framework 2.0 Core Components (x64) ENU

Microsoft Sync Framework 2.0 Provider Services (x64) ENU

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio Macro Tools

MiKTeX 2.9

MiniTool Partition Wizard Home Edition 7.6

MozBackup 1.5.1

Mozilla Firefox 19.0.2 (x86 et)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 et)

Notepad++

Nous Ver: 1.04

NVIDIA 3D Vision Driver 296.79

NVIDIA Control Panel 296.79

NVIDIA Graphics Driver 296.79

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA nView 136.28

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NX Client for Windows 3.4.0-10

OpenVPN Client

PDF-Viewer

PDF-XChange Viewer

PDF Password Remover

Picasa 3

Pidgin

PVSonyDll

Python 2.7.3 (64-bit)

Python 3.1.3 (64-bit)

Quadrax IV

Quadrax VI

Real Alternative 2.0.2

RICOH Media Driver ver.2.11.01.02

Secunia PSI (2.0.0.1003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Sid Meier's Civilization IV Complete

Sid Meier's Civilization V

Skype™ 6.1

Steam

Strawberry Perl

SyncToy 2.1 (x64)

The Cat and the Coup

The Elder Scrolls IV: Oblivion

The KMPlayer (remove only)

The Longest Journey

TightVNC 2.0.2

Trine

TrueCrypt

Ultra Defragmenter

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WIDCOMM Bluetooth Software

WinDjView 1.0.3

WinSCP 4.3.2

WinUtilities 10.53 Free Edition

VirtualCloneDrive

Wise Registry Cleaner 7.45

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

World of Goo

Yoono Desktop 1.8.37

.

==== Event Viewer Messages From Past Week ========

.

31.03.2013 12:13:47, Error: WudfUsbccidDriver [6] - Invalid data. Name: VendorIoctl Value: 0x313520

31.03.2013 12:13:47, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL 0x313520: Incorrect function. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX

31.03.2013 0:32:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

31.03.2013 0:32:44, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello mauno and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: µTorrent

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Hi,

Thanks a lot for the quick reply.

Here are my logs:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.31.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Andres :: MASIN [administrator]

Protection: Enabled

31.03.2013 16:26:06

mbam-log-2013-03-31 (16-26-06).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234868

Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.MSIL) -> Data: C:\Users\Andres\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Andres\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.MSIL) -> Quarantined and deleted successfully.

(end)

___________________________________________________

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-03-31 16:35:01

-----------------------------

16:35:01.208 OS Version: Windows x64 6.1.7601 Service Pack 1

16:35:01.208 Number of processors: 4 586 0x2505

16:35:01.209 ComputerName: MASIN UserName:

16:35:06.304 Initialize success

16:38:03.734 AVAST engine defs: 13033100

16:38:13.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

16:38:13.567 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3

16:38:13.671 Disk 0 MBR read successfully

16:38:13.676 Disk 0 MBR scan

16:38:13.683 Disk 0 unknown MBR code

16:38:13.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

16:38:13.751 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132000 MB offset 206848

16:38:13.789 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269838 MB offset 270542848

16:38:13.810 Disk 0 Partition - 00 0F Extended LBA 74999 MB offset 823173118

16:38:13.842 Disk 0 Partition 4 00 83 Linux 500 MB offset 823173120

16:38:13.850 Disk 0 Partition - 00 05 Extended 6675 MB offset 824199105

16:38:13.864 Disk 0 Partition 5 00 82 Linux swap 6675 MB offset 824199168

16:38:13.872 Disk 0 Partition - 00 05 Extended 19072 MB offset 838897540

16:38:13.885 Disk 0 Partition 6 00 83 Linux 19072 MB offset 837871616

16:38:13.895 Disk 0 Partition - 00 05 Extended 48749 MB offset 891631492

16:38:13.913 Disk 0 Partition 7 00 83 Linux 48749 MB offset 876933120

16:38:13.998 Disk 0 scanning C:\Windows\system32\drivers

16:38:31.474 Service scanning

16:39:04.866 Modules scanning

16:39:04.879 Disk 0 trace - called modules:

16:39:04.917 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

16:39:04.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b7a060]

16:39:04.932 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa800600c620]

16:39:04.939 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068f4050]

16:39:08.021 AVAST engine scan C:\Windows

16:39:10.399 AVAST engine scan C:\Windows\system32

16:44:00.690 AVAST engine scan C:\Windows\system32\drivers

16:44:22.014 AVAST engine scan C:\Users\Andres

16:59:07.455 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat"

16:59:07.472 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt"

16:59:54.005 File: C:\Users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01 **INFECTED** Win32:Agent-AQXH [Trj]

17:02:44.993 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat"

17:02:44.999 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt"

17:12:16.544 File: C:\Users\Andres\AppData\Local\Temp\MBinder\mpc.exe **INFECTED** Win32:Malware-gen

17:55:09.709 File: C:\Users\Andres\AppData\Roaming\WinLive\WinLive.dll **INFECTED** Win32:Adware-gen [Adw]

18:05:30.693 AVAST engine scan C:\ProgramData

18:10:50.795 Scan finished successfully

18:10:57.076 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat"

18:10:57.088 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt"

_____________________________________________

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by Andres at 18:13:32 on 2013-03-31

Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.2647 [GMT 3:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k SDRSVC

D:\Downloads\aswMBR.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: AutorunsDisabled - <orphaned>

BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

StartupFolder: C:\Users\Andres\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4} : DHCPNameServer = 85.253.0.2 85.253.0.130

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\251616D6164757B6F67657 : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\33C2134313539323635333538393739333233383436323634333338333238303 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\3596475636F6D6145463135343 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\55053403034313731303 : DHCPNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B4246494 : DHCPNameServer = 10.0.1.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D457C6769602255696379646 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\D4B402145747F626573737021435 : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless

x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - component: C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Profiles\e13z0qg2.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll

FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nppl3260.dll

FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\nprpjplug.dll

FF - plugin: C:\Users\Andres\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; C:\Users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-18 89600]

R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-8-15 2280504]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-28 2074768]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-13 13336]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]

R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]

R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-11-13 81920]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2007-4-9 11576]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-10 382272]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]

R3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-3 16184]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-10-25 173568]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2010-10-25 81408]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-13 301232]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-2-19 245760]

S3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2011-5-25 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-5-25 39464]

S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-15 19032]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-15 12384]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]

S3 SmartCardRemoval;Smart Card Removal;C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [2013-2-4 322832]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-03-31 10:44:31 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A618E5-180C-41D9-B475-CC54269B30C6}\mpengine.dll

2013-03-30 22:33:26 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-24 14:14:49 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll

2013-03-17 21:50:26 -------- d--h--w- C:\VTRoot

2013-03-17 21:16:00 -------- d-----w- C:\Program Files\Estonian ID Card

2013-03-17 21:13:14 -------- d-----w- C:\Users\Andres\AppData\Local\Comodo

2013-03-17 21:13:08 56072 ----a-w- C:\Windows\System32\certsentry.dll

2013-03-17 21:13:08 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll

2013-03-17 21:13:00 -------- d-----w- C:\ProgramData\Comodo Downloader

2013-03-17 21:12:58 -------- d-----w- C:\Program Files\COMODO

2013-03-17 20:53:06 -------- d-----w- C:\ProgramData\COMODO

2013-03-17 20:52:33 -------- d-----w- C:\Program Files (x86)\Comodo

2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Roaming\Yoono

2013-03-17 13:03:21 -------- d-----w- C:\Users\Andres\AppData\Local\Yoono

2013-03-17 13:03:06 -------- d-----w- C:\Program Files (x86)\Yoono Desktop

2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-15 21:17:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-10 12:48:24 208216 ----a-w- C:\Windows\System32\drivers\94439785.sys

2013-03-10 11:09:49 -------- d-----w- C:\Program Files (x86)\CodeStuff

2013-03-01 18:39:07 -------- d-----w- C:\Program Files (x86)\Firaxis Games

2013-03-01 18:23:06 -------- d-----w- C:\Users\Andres\AppData\Roaming\Firaxis Games

.

==================== Find3M ====================

.

2013-03-26 18:47:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-26 18:47:31 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-18 07:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2013-02-18 07:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2013-02-18 07:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\opensc-pkcs11.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll

2013-02-03 22:09:22 1598976 ----a-w- C:\Windows\SysWow64\esteid-pkcs11.dll

2013-02-03 22:09:22 1488896 ----a-w- C:\Windows\SysWow64\opensc.dll

2013-02-03 02:03:22 424720 ----a-w- C:\Windows\System32\esteidcm64.dll

2013-02-03 02:02:46 349968 ----a-w- C:\Windows\SysWow64\esteidcm.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-24 20:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-01-24 20:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll

2013-01-24 20:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-01-24 20:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-01-24 20:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-01-24 20:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-01-24 20:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

2013-01-20 13:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 13:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-16 17:51:46 699880 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-01-16 17:51:46 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-01-16 17:51:44 23176 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 18:13:52,96 ===============

_____________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 13.11.2010 0:14:08

System Uptime: 31.03.2013 16:21:06 (2 hours ago)

.

Motherboard: Dell Inc. | | 0N5KHN

Processor: Intel® Core i7 CPU M 620 @ 2.67GHz | CPU 1 | 2667/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 129 GiB total, 27,46 GiB free.

D: is FIXED (NTFS) - 264 GiB total, 3,848 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\SMO8800\1

Manufacturer:

Name:

PNP Device ID: ACPI\SMO8800\1

Service:

.

Class GUID:

Description: Broadcom USH

Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Manufacturer:

Name: Broadcom USH

PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000

Service:

.

==== System Restore Points ===================

.

RP490: 28.03.2013 16:21:30 - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

ActiveState Komodo Edit 6.0.3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

BioShock

Braid

calibre 64bit

Canon G.726 WMP-Decoder

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities RemoteCapture DC

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

CDDRV_Installer

CodeStuff Starter

Comodo Dragon

COMODO Internet Security

ConvertHelper 2.2

Core Temp version 0.99.7

Crystal Reports for Visual Studio

Dell Client System Update

Dell Driver Download Manager

Dell Feature Enhancement Pack

Dell Touchpad

Democracy 2 Demo

don't take it personally, babe, it just ain't your story 1.1

Eesti ID-kaardi tarkvara 3.7.0.1124 (64 bit)

erLT

FBackup 4

FeedDemon

Festart Dictionary: English-Estonian v2010.03 Professional

Football Manager 2013

GIMP 2.8.0

Google Chrome

HL-2130

IDT Audio

ImgBurn

Intel PROSet Wireless

Intel® Network Connections 14.8.43.0

Intel® Rapid Storage Technology

Intel® PROSet/Wireless WiFi Software

Intel® PROSet/Wireless WiMAX Software

K-Lite Codec Pack (64-bit) v4.2.0

K-Lite Codec Pack 6.7.4 (Standard)

KhalInstallWrapper

King's Quest I: Quest for the Crown (4.1c)

LibreOffice 3.6

LiveUSB Creator (remove only)

Logitech SetPoint

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Help Viewer 1.0

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Data-Tier Application Framework

Microsoft SQL Server 2008 R2 Data-Tier Application Project

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 R2 Management Objects (x64)

Microsoft SQL Server 2008 R2 Transact-SQL Language Service

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Database Publishing Wizard 1.4

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft Sync Framework 2.0 Core Components (x64) ENU

Microsoft Sync Framework 2.0 Provider Services (x64) ENU

Microsoft Sync Framework Runtime v1.0 SP1 (x64)

Microsoft Sync Framework SDK v1.0 SP1

Microsoft Sync Framework Services v1.0 SP1 (x64)

Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

Microsoft Team Foundation Server 2010 Object Model - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319

Microsoft Visual F# 2.0 Runtime

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio Macro Tools

MiKTeX 2.9

MiniTool Partition Wizard Home Edition 7.6

MozBackup 1.5.1

Mozilla Firefox 19.0.2 (x86 et)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 et)

Notepad++

Nous Ver: 1.04

NVIDIA 3D Vision Driver 296.79

NVIDIA Control Panel 296.79

NVIDIA Graphics Driver 296.79

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA nView 136.28

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NX Client for Windows 3.4.0-10

OpenVPN Client

PDF-Viewer

PDF-XChange Viewer

PDF Password Remover

PeerBlock 1.1 (r518)

Picasa 3

Pidgin

PVSonyDll

Python 2.7.3 (64-bit)

Python 3.1.3 (64-bit)

Quadrax IV

Quadrax VI

Real Alternative 2.0.2

RICOH Media Driver ver.2.11.01.02

Secunia PSI (2.0.0.1003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Visual Studio Macro Tools (KB2669970)

Sid Meier's Civilization IV Complete

Sid Meier's Civilization V

Skype™ 6.1

Steam

Strawberry Perl

SyncToy 2.1 (x64)

The Cat and the Coup

The Elder Scrolls IV: Oblivion

The KMPlayer (remove only)

The Longest Journey

TightVNC 2.0.2

Trine

TrueCrypt

Ultra Defragmenter

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WIDCOMM Bluetooth Software

WinDjView 1.0.3

WinSCP 4.3.2

WinUtilities 10.53 Free Edition

VirtualCloneDrive

Wise Registry Cleaner 7.45

Visual Studio 2010 Prerequisites - English

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

World of Goo

Yoono Desktop 1.8.37

.

==== Event Viewer Messages From Past Week ========

.

31.03.2013 16:24:47, Error: WudfUsbccidDriver [6] - Invalid data. Name: VendorIoctl Value: 0x313520

31.03.2013 16:24:47, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL 0x313520: Incorrect function. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX

31.03.2013 0:32:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

31.03.2013 0:32:44, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks,

here's the log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-03-31 23:46:28

-----------------------------

23:46:28.467 OS Version: Windows x64 6.1.7601 Service Pack 1

23:46:28.467 Number of processors: 4 586 0x2505

23:46:28.468 ComputerName: MASIN UserName:

23:46:29.553 Initialize success

23:46:38.483 AVAST engine defs: 13033100

23:46:43.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

23:46:43.209 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3

23:46:43.850 Disk 0 MBR read successfully

23:46:43.853 Disk 0 MBR scan

23:46:43.858 Disk 0 unknown MBR code

23:46:43.887 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

23:46:43.959 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 132000 MB offset 206848

23:46:44.005 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269838 MB offset 270542848

23:46:44.027 Disk 0 Partition - 00 0F Extended LBA 74999 MB offset 823173118

23:46:44.138 Disk 0 Partition 4 00 83 Linux 500 MB offset 823173120

23:46:44.147 Disk 0 Partition - 00 05 Extended 6675 MB offset 824199105

23:46:44.198 Disk 0 Partition 5 00 82 Linux swap 6675 MB offset 824199168

23:46:44.206 Disk 0 Partition - 00 05 Extended 19072 MB offset 838897540

23:46:44.251 Disk 0 Partition 6 00 83 Linux 19072 MB offset 837871616

23:46:44.459 Disk 0 Partition - 00 05 Extended 48749 MB offset 891631492

23:46:44.577 Disk 0 Partition 7 00 83 Linux 48749 MB offset 876933120

23:46:45.265 Disk 0 scanning C:\Windows\system32\drivers

23:47:49.618 Service scanning

23:48:25.958 Modules scanning

23:48:25.975 Disk 0 trace - called modules:

23:48:26.009 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

23:48:26.016 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b7a060]

23:48:26.022 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa800600c620]

23:48:26.028 5 ACPI.sys[fffff88000f1e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80068f4050]

23:48:28.236 AVAST engine scan C:\Windows

23:48:59.772 AVAST engine scan C:\Windows\system32

00:07:10.745 AVAST engine scan C:\Windows\system32\drivers

00:08:54.371 AVAST engine scan C:\Users\Andres

00:36:21.046 File: C:\Users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01 **INFECTED** Win32:Agent-AQXH [Trj]

00:42:29.139 File: C:\Users\Andres\AppData\Local\Temp\MBinder\mpc.exe **INFECTED** Win32:Malware-gen

01:22:50.498 File: C:\Users\Andres\AppData\Roaming\WinLive\WinLive.dll **INFECTED** Win32:Adware-gen [Adw]

01:31:45.816 AVAST engine scan C:\ProgramData

01:35:28.831 Scan finished successfully

01:37:21.246 Verifying

01:37:31.306 Disk 0 Windows 601 MBR fixed successfully

01:37:43.337 Disk 0 MBR has been saved successfully to "C:\Users\Andres\Desktop\MBR.dat"

01:37:43.343 The log file has been saved successfully to "C:\Users\Andres\Desktop\aswMBR.txt"

Or did you mean I should rescan after fixing and then post the log?

Link to post
Share on other sites

No, that's enough.

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here it is:

ComboFix 13-04-01.01 - Andres 02.04.2013 2:33.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.4231 [GMT 3:00]

Running from: c:\users\Andres\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Roaming

c:\windows\iun6002.exe

c:\windows\SysWow64\SET6468.tmp

c:\windows\SysWow64\SET6E2E.tmp

.

.

((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))

.

.

2013-04-01 23:44 . 2013-04-01 23:44 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-04-01 23:44 . 2013-04-01 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-01 15:11 . 2013-04-01 15:11 -------- d-----w- c:\programdata\Hewlett-Packard

2013-04-01 15:11 . 2012-09-27 23:11 559616 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp140.DLL

2013-04-01 15:11 . 2012-09-27 23:11 407552 ----a-w- c:\windows\system32\hpcpn140.dll

2013-04-01 15:11 . 2012-09-27 23:05 408576 ----a-w- c:\windows\SysWow64\hpcc3140.DLL

2013-04-01 15:10 . 2012-08-30 16:52 512512 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL

2013-04-01 14:57 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{953C14EB-F449-4BC4-91D6-419C4B3FD7C0}\mpengine.dll

2013-04-01 08:19 . 2013-04-01 08:19 -------- d---a-w- C:\Boot

2013-03-31 10:44 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-24 14:14 . 2012-11-29 22:01 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll

2013-03-17 21:50 . 2013-03-17 21:50 -------- d-----w- C:\VTRoot

2013-03-17 21:16 . 2013-03-17 21:16 -------- d-----w- c:\program files\Estonian ID Card

2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\users\Andres\AppData\Local\Comodo

2013-03-17 21:13 . 2013-03-31 12:57 56072 ----a-w- c:\windows\system32\certsentry.dll

2013-03-17 21:13 . 2013-03-31 12:57 47368 ----a-w- c:\windows\SysWow64\certsentry.dll

2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\programdata\Comodo Downloader

2013-03-17 21:12 . 2013-03-17 21:12 -------- d-----w- c:\program files\COMODO

2013-03-17 20:53 . 2013-03-17 21:13 -------- d-----w- c:\programdata\COMODO

2013-03-17 20:52 . 2013-03-31 12:57 -------- d-----w- c:\program files (x86)\Comodo

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Roaming\Yoono

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Local\Yoono

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\program files (x86)\Yoono Desktop

2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr

2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files\Microsoft Silverlight

2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-03-15 21:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-12 12:29 . 2013-03-12 12:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-03-10 12:48 . 2013-03-10 12:48 208216 ----a-w- c:\windows\system32\drivers\94439785.sys

2013-03-10 11:09 . 2013-03-10 11:09 -------- d-----w- c:\program files (x86)\CodeStuff

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-26 18:47 . 2012-04-09 20:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-26 18:47 . 2011-05-16 06:11 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 21:21 . 2010-11-13 00:13 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2013-02-18 07:22 . 2012-09-10 22:18 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-02-12 05:45 . 2013-03-13 07:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 07:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 07:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 07:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 07:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 07:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\opensc-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\onepin-opensc-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\esteid-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1488896 ----a-w- c:\windows\SysWow64\opensc.dll

2013-02-03 02:03 . 2013-02-03 02:03 424720 ----a-w- c:\windows\system32\esteidcm64.dll

2013-02-03 02:02 . 2013-02-03 02:02 349968 ----a-w- c:\windows\SysWow64\esteidcm.dll

2013-01-30 10:53 . 2010-11-12 23:24 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-24 20:43 . 2013-01-24 20:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll

2013-01-24 20:43 . 2013-01-24 20:43 461384 ----a-w- c:\windows\system32\guard64.dll

2013-01-24 20:43 . 2013-01-24 20:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll

2013-01-24 20:42 . 2013-01-24 20:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll

2013-01-24 20:42 . 2013-01-24 20:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll

2013-01-24 20:42 . 2013-01-24 20:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll

2013-01-24 20:42 . 2013-01-24 20:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll

2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 13:59 . 2010-10-24 19:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-16 17:51 . 2013-01-16 17:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys

2013-01-16 17:51 . 2013-01-16 17:51 699880 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-01-16 17:51 . 2013-01-16 17:51 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-01-16 17:51 . 2013-01-16 17:51 23176 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-01-05 05:53 . 2013-02-13 17:59 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 17:59 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 17:59 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 17:58 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 17:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 17:58 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 17:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 17:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 17:58 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 17:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 17:58 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 17:58 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

c:\users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 1207312]

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-05-25 349736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-25 39464]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SmartCardRemoval;Smart Card Removal;c:\program files\Estonian ID Card\SmartCardRemoval.exe [2013-02-03 322832]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-08-16 89600]

S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-08-15 2280504]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-03-28 2074768]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-04-09 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-10 382272]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]

S3 ALSysIO;ALSysIO;c:\users\Andres\AppData\Local\Temp\ALSysIO64.sys [x]

S3 atrfiltr;atrfiltr;c:\windows\system32\drivers\atrfiltr.sys [2012-04-02 16184]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-25 173568]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-25 81408]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:47]

.

2013-03-24 c:\windows\Tasks\fba_baekap.job

- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-28 09:58]

.

2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000Core.job

- c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23]

.

2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000UA.job

- c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-16 487424]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1694016]

"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 85.253.0.2 85.253.0.130

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B424649423: NameServer = 8.26.56.26,156.154.70.22

DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab

FF - ProfilePath - c:\users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; c:\users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-91710032.sys

AddRemove-don't take it personally, babe, it just ain't your story - d:\games\don't take it personally

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-02 03:01:50 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-02 00:01

.

Pre-Run: 28 282 290 176 bytes free

Post-Run: 32 079 888 384 bytes free

.

- - End Of File - - BBCB7D5720F12E737CBB3446D856A8D3

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

C:\Users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01

Folder::

C:\Users\Andres\AppData\Roaming\WinLive

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}]

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here it is:

ComboFix 13-04-01.01 - Andres 02.04.2013 19:33:38.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1257.372.1033.18.6134.4355 [GMT 3:00]

Running from: c:\users\Andres\Desktop\ComboFix.exe

Command switches used :: c:\users\Andres\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andres\AppData\Local\Mozilla\Firefox\PROFILES\e13z0qg2.default\Cache\6\CD\703B0d01

c:\users\Andres\AppData\Roaming\WinLive

c:\users\Andres\AppData\Roaming\WinLive\Interop.SHDocVw.dll

c:\users\Andres\AppData\Roaming\WinLive\MSHTMLSubset.dll

c:\users\Andres\AppData\Roaming\WinLive\tcookies.dat

c:\users\Andres\AppData\Roaming\WinLive\WinLive.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-03-02 to 2013-04-02 )))))))))))))))))))))))))))))))

.

.

2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-02 00:07 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D6DD51B-A7EF-486A-831F-804CD06D196D}\mpengine.dll

2013-04-01 15:11 . 2013-04-01 15:11 -------- d-----w- c:\programdata\Hewlett-Packard

2013-04-01 15:11 . 2012-09-27 23:11 559616 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp140.DLL

2013-04-01 15:11 . 2012-09-27 23:11 407552 ----a-w- c:\windows\system32\hpcpn140.dll

2013-04-01 15:11 . 2012-09-27 23:05 408576 ----a-w- c:\windows\SysWow64\hpcc3140.DLL

2013-04-01 15:10 . 2012-08-30 16:52 512512 ----a-w- c:\windows\SysWow64\hpcdmc32.DLL

2013-04-01 08:19 . 2013-04-01 08:19 -------- d---a-w- C:\Boot

2013-03-31 10:44 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-03-24 14:14 . 2012-11-29 22:01 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9DC1456-9F9A-4A69-BA03-DD25A17EF528}\gapaengine.dll

2013-03-17 21:50 . 2013-03-17 21:50 -------- d-----w- C:\VTRoot

2013-03-17 21:16 . 2013-03-17 21:16 -------- d-----w- c:\program files\Estonian ID Card

2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\users\Andres\AppData\Local\Comodo

2013-03-17 21:13 . 2013-03-31 12:57 56072 ----a-w- c:\windows\system32\certsentry.dll

2013-03-17 21:13 . 2013-03-31 12:57 47368 ----a-w- c:\windows\SysWow64\certsentry.dll

2013-03-17 21:13 . 2013-03-17 21:13 -------- d-----w- c:\programdata\Comodo Downloader

2013-03-17 21:12 . 2013-03-17 21:12 -------- d-----w- c:\program files\COMODO

2013-03-17 20:53 . 2013-03-17 21:13 -------- d-----w- c:\programdata\COMODO

2013-03-17 20:52 . 2013-03-31 12:57 -------- d-----w- c:\program files (x86)\Comodo

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Roaming\Yoono

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\users\Andres\AppData\Local\Yoono

2013-03-17 13:03 . 2013-03-17 13:03 -------- d-----w- c:\program files (x86)\Yoono Desktop

2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr

2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files\Microsoft Silverlight

2013-03-15 21:18 . 2013-03-15 21:18 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-03-15 21:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-12 12:29 . 2013-03-12 12:31 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-03-10 12:48 . 2013-03-10 12:48 208216 ----a-w- c:\windows\system32\drivers\94439785.sys

2013-03-10 11:09 . 2013-03-10 11:09 -------- d-----w- c:\program files (x86)\CodeStuff

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-26 18:47 . 2012-04-09 20:04 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-26 18:47 . 2011-05-16 06:11 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 21:21 . 2010-11-13 00:13 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-02-18 07:22 . 2013-02-18 07:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2013-02-18 07:22 . 2012-09-10 22:18 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2013-02-18 07:22 . 2013-02-18 07:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2013-02-12 05:45 . 2013-03-13 07:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 07:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 07:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 07:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 07:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 07:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\opensc-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\onepin-opensc-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1598976 ----a-w- c:\windows\SysWow64\esteid-pkcs11.dll

2013-02-03 22:09 . 2013-02-03 22:09 1488896 ----a-w- c:\windows\SysWow64\opensc.dll

2013-02-03 02:03 . 2013-02-03 02:03 424720 ----a-w- c:\windows\system32\esteidcm64.dll

2013-02-03 02:02 . 2013-02-03 02:02 349968 ----a-w- c:\windows\SysWow64\esteidcm.dll

2013-01-30 10:53 . 2010-11-12 23:24 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-24 20:43 . 2013-01-24 20:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll

2013-01-24 20:43 . 2013-01-24 20:43 461384 ----a-w- c:\windows\system32\guard64.dll

2013-01-24 20:43 . 2013-01-24 20:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll

2013-01-24 20:42 . 2013-01-24 20:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll

2013-01-24 20:42 . 2013-01-24 20:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll

2013-01-24 20:42 . 2013-01-24 20:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll

2013-01-24 20:42 . 2013-01-24 20:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll

2013-01-20 13:59 . 2013-01-20 13:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 13:59 . 2010-10-24 19:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-16 17:51 . 2013-01-16 17:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys

2013-01-16 17:51 . 2013-01-16 17:51 699880 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-01-16 17:51 . 2013-01-16 17:51 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-01-16 17:51 . 2013-01-16 17:51 23176 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-01-05 05:53 . 2013-02-13 17:59 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 17:59 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 17:59 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 17:58 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 17:58 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 17:58 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 17:58 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 17:58 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 17:58 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 17:58 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 17:58 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 17:58 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-26 1631144]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

c:\users\Andres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 1207312]

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-15 507448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2011-05-25 349736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-25 39464]

R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SmartCardRemoval;Smart Card Removal;c:\program files\Estonian ID Card\SmartCardRemoval.exe [2013-02-03 322832]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-08-16 89600]

S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-08-15 2280504]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-03-28 2074768]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-04-09 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-10 382272]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]

S3 ALSysIO;ALSysIO;c:\users\Andres\AppData\Local\Temp\ALSysIO64.sys [x]

S3 atrfiltr;atrfiltr;c:\windows\system32\drivers\atrfiltr.sys [2012-04-02 16184]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-25 173568]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-25 81408]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:47]

.

2013-03-24 c:\windows\Tasks\fba_baekap.job

- c:\program files (x86)\Softland\FBackup 4\fbaSchedStarter.exe [2011-06-28 09:58]

.

2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000Core.job

- c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23]

.

2013-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2292079599-2847406473-1470405368-1000UA.job

- c:\users\Andres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 12:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 611192]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-08-16 487424]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-11 1694016]

"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{262FC52D-5EF4-42EA-82CD-3B60917CC5A4}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\6796866796: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{5148E935-D393-4FFB-BDE1-1BF798C3C3AD}\B424649423: NameServer = 8.26.56.26,156.154.70.22

DPF: {E8EB147D-ABEF-4228-A603-AAA845D1B2C1} - hxxp://www.sk.ee/id-kontroll/idTools.cab

FF - ProfilePath - c:\users\Andres\AppData\Roaming\Mozilla\Firefox\PROFILES\e13z0qg2.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2013-02-14 21:55; hotfix@mozilla.org; c:\users\Andres\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-don't take it personally, babe, it just ain't your story - d:\games\don't take it personally

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-02 19:43:21

ComboFix-quarantined-files.txt 2013-04-02 16:43

ComboFix2.txt 2013-04-02 00:01

.

Pre-Run: 32 146 268 160 bytes free

Post-Run: 32 082 178 048 bytes free

.

- - End Of File - - B909BFCB2B581A592138852E616D5A10

Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Thanks,

For some reason, that's all there is in the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

However, I had a look at the results before closing the scanner and it found 5 identified files deleting 4 of them including 2 of the same thing as before which had made a new directory on c:\

Link to post
Share on other sites

I ran all the scans again and found nothing, so it looks like everything is fine. Thanks a lot.

However, I have a question. I've got an external hard drive on which I've been making backups so it's quite likely there might be infected files on there, too. Do I need to take any special precautions when I connect it or can I just connect it and run ESET on it?

Link to post
Share on other sites

You need to immunize your external harddrive before proceed. Use this tool:

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

You can you www.virustotal.com for a check too.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

When you don't need ESET Online Scanner anymore, just uninstall it.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.