Jump to content

recent bitcoin infection, would love to make sure it is gone.

Hemanse
 Share

Recommended Posts

Hemanse

Hemanse

Posted
Posted

First time poster here, tried following some of the guides here and im pretty hopeful that i got rid of my infection, i just baiscly wanna be 100% sure, hoping maybe a friendly soul in here would help out.

 

RogueKiller report:

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rasmus [Admin rights]
Mode : Scan -- Date : 07/26/2013 04:45:39
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 7f9a6d073aa91afc1c6baee0d1b3e676
[bSP] 9ea6294610e5f4ef79e441599a57feb1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 244096 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 7dc9c1a2183cee96a21fb3ab5407dac1
[bSP] eb8d6fc1b551e41ae818f154951faa4c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07262013_044539.txt >>
 
 
Not really sure about the registry entries, dont wanna start deleting important stuff :)
 
Thanks in advance!
 
Link to post
Share on other sites
Hemanse

Hemanse

Posted
  • Author
Posted

I probably didnt start this post out like the guide shows how to and im sorry, here is the dds and attach:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Rasmus at 5:13:42 on 2013-07-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.16328.14091 [GMT 2:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\Users\Rasmus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 194.239.134.83 193.162.153.164
TCP: Interfaces\{9287C746-90EC-4999-80F3-AAB619AA8CB3} : DHCPNameServer = 194.239.134.83 193.162.153.164
TCP: Interfaces\{D394F71B-1FBE-4F8E-AD2B-D9A93E6B9328} : DHCPNameServer = 194.239.134.83 193.162.153.164
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rasmus\AppData\Roaming\Mozilla\Firefox\Profiles\84nxoy8y.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-06 22:48; jid1-4P0kohSJxU1qGg@jetpack; C:\Users\Rasmus\AppData\Roaming\Mozilla\Firefox\Profiles\84nxoy8y.default\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-7-18 49048]
R0 iusb3hcs;Intel® USB 3.0 værtscontrollerbryder driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-6 20464]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-6-18 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-6 283064]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-7-24 70352]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-7-16 2095752]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-5-30 1851088]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-2 169432]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2013-7-6 12672]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-7-3 46568]
R3 iusb3hub;Intel® USB 3.0 hub driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-6 368112]
R3 iusb3xhc;Intel® USB 3.0 udvidet værtscontroller driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-6 786416]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-7-23 157552]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-7-2 32344]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-7-15 13368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe --> C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [?]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-7-24 103448]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-2 171632]
S3 IntcDAud;Intel® lyd for skærm;C:\Windows\System32\drivers\IntcDAud.sys [2013-7-2 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-7-24 203672]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-2 59392]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-6 1255736]
.
=============== Created Last 30 ================
.
2013-07-26 02:14:00 -------- d-sh--w- C:\$RECYCLE.BIN
2013-07-26 01:42:58 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\Malwarebytes
2013-07-26 01:42:52 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-26 01:42:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-25 16:09:52 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-07-25 02:59:41 0 ----a-w- C:\Windows\System32\nvd3dum.dll
2013-07-25 02:59:41 0 ----a-w- C:\Windows\System32\nvapi.dll
2013-07-24 16:40:48 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-07-24 16:40:48 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-07-23 21:00:56 157552 ----a-w- C:\Windows\System32\drivers\e22W7x64.sys
2013-07-22 23:11:31 -------- d-----w- C:\Program Files\Newsbin
2013-07-21 19:49:16 -------- d-----w- C:\Program Files (x86)\NewsLeecher
2013-07-21 18:40:36 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\GrabIt
2013-07-21 05:55:10 -------- d-----w- C:\Windows\Microsoft Antimalware
2013-07-21 03:24:58 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\NewsLeecher
2013-07-20 23:42:46 -------- d-s---w- C:\ProgramData\Shared Space
2013-07-20 23:42:42 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-07-20 23:42:42 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-07-20 21:26:49 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-07-20 20:38:56 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\NVIDIA
2013-07-20 20:23:20 -------- d-----w- C:\VTRoot
2013-07-20 20:19:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-07-20 20:19:50 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-07-20 20:19:50 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-07-20 20:12:37 -------- d-----w- C:\Program Files\COMODO
2013-07-20 20:12:36 -------- d-----w- C:\ProgramData\COMODO
2013-07-20 20:12:33 -------- d-----w- C:\Users\Rasmus\AppData\Local\Comodo
2013-07-20 20:12:29 -------- d-----w- C:\Program Files (x86)\Comodo
2013-07-20 20:12:26 -------- d-----w- C:\ProgramData\Comodo Downloader
2013-07-20 20:10:40 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-20 20:10:39 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06F441EC-07B0-4817-A059-1EFEDFFC2197}\mpengine.dll
2013-07-20 19:40:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-20 19:40:00 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-19 18:16:04 -------- d-----w- C:\Program Files (x86)\AppName
2013-07-17 18:39:18 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-07-17 18:39:18 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-07-17 18:39:18 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-07-17 18:39:18 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-07-17 18:39:18 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-07-17 18:39:18 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-07-17 18:39:11 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-07-17 18:39:08 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-07-17 18:37:56 -------- d-----w- C:\NVIDIA
2013-07-17 18:31:42 -------- d-----w- C:\Program Files (x86)\Driver Sweeper
2013-07-17 17:20:50 -------- d-----w- C:\Users\Rasmus\.oces2
2013-07-16 00:09:34 -------- d-----w- C:\Users\Rasmus\AppData\Local\Chromium
2013-07-16 00:07:38 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-07-14 23:37:30 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server
2013-07-14 21:36:41 -------- d-----w- C:\Users\Rasmus\AppData\Local\BIT.TRIP RUNNER
2013-07-14 21:36:39 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-07-14 21:36:39 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-07-14 21:36:39 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-07-14 21:36:39 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-07-14 21:36:39 -------- d-----w- C:\Program Files (x86)\OpenAL
2013-07-14 16:13:00 -------- d-----w- C:\Program Files (x86)\MarkAny
2013-07-13 22:36:06 -------- d-----w- C:\Users\Rasmus\Valley
2013-07-13 22:27:11 -------- d-----w- C:\Program Files (x86)\Unigine
2013-07-13 17:39:46 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.5
2013-07-13 16:25:02 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2013-07-12 22:49:18 -------- d-----w- C:\Users\Rasmus\AppData\Local\Rockstar Games
2013-07-12 22:43:13 -------- d-----w- C:\Windows\SysWow64\xlive
2013-07-12 22:43:13 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-07-12 02:33:57 -------- d-----w- C:\Users\Rasmus\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2013-07-11 23:28:31 -------- d-----w- C:\Users\Rasmus\AppData\Local\4A Games
2013-07-11 23:27:33 -------- d-----w- C:\Program Files (x86)\w
2013-07-11 16:38:14 -------- d-----w- C:\Windows\System32\MRT
2013-07-11 01:45:17 -------- d-----w- C:\Users\Rasmus\AppData\Local\QuickPar
2013-07-10 22:38:59 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\LolClient
2013-07-10 17:30:15 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-07-10 01:24:50 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-07-10 01:24:50 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-07-10 01:24:49 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-07-10 01:24:41 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-07-10 01:24:13 -------- d-----w- C:\Users\Rasmus\AppData\Local\PMB Files
2013-07-10 01:24:12 -------- d-----w- C:\ProgramData\PMB Files
2013-07-10 01:24:11 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-07-10 01:23:31 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\Riot Games
2013-07-09 23:38:14 -------- d-----w- C:\Users\Rasmus\AppData\Local\Adobe
2013-07-09 16:52:55 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-07-09 16:52:11 -------- d-----w- C:\ProgramData\Samsung
2013-07-08 23:15:18 -------- d-----w- C:\Users\Rasmus\AppData\Local\ALLBenchmark
2013-07-08 23:14:37 -------- d-----w- C:\Program Files\ALLBenchmark
2013-07-08 18:16:44 -------- d-----w- C:\Program Files\Intel Corporation
2013-07-08 18:16:16 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2013-07-08 18:01:36 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2013-07-07 23:21:58 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2013-07-07 23:21:58 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2013-07-07 23:21:58 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2013-07-07 23:21:58 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2013-07-07 23:21:58 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2013-07-07 23:21:58 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2013-07-07 21:39:06 -------- d-----w- C:\symbols
2013-07-07 21:29:02 -------- d-----w- C:\ProgramData\Windows App Certification Kit
2013-07-07 21:28:51 -------- d-----w- C:\Program Files\Application Verifier
2013-07-07 21:28:51 -------- d-----w- C:\Program Files (x86)\Application Verifier
2013-07-07 21:28:00 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-07-07 21:28:00 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-07-07 21:24:20 -------- d-----w- C:\ProgramData\Package Cache
2013-07-07 16:53:52 -------- d-----w- C:\Program Files\Ventrilo
2013-07-07 16:53:42 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-07-07 00:30:14 -------- d-----w- C:\Users\Rasmus\Heaven
2013-07-06 23:40:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2013-07-06 23:39:55 -------- d-----w- C:\Windows\SysWow64\directx
2013-07-06 23:39:44 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2013-07-06 23:28:16 -------- d-----w- C:\Users\Rasmus\AppData\Local\IsolatedStorage
2013-07-06 23:28:15 -------- d-----w- C:\Users\Rasmus\AppData\Local\Futuremark
2013-07-06 22:13:04 -------- d-----w- C:\Program Files (x86)\BlueScreenView
2013-07-06 22:01:44 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\Samsung
2013-07-06 22:01:44 -------- d-----w- C:\Users\Rasmus\AppData\Local\Samsung
2013-07-06 21:09:11 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2013-07-06 21:09:11 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2013-07-06 21:08:54 -------- d-----w- C:\Games
2013-07-06 21:05:44 -------- d-----w- C:\ProgramData\Battle.net
2013-07-06 20:52:54 -------- d-----w- C:\Users\Rasmus\AppData\Local\Macromedia
2013-07-06 20:52:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 20:52:45 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-06 20:50:01 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-07-06 20:50:01 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-07-06 20:50:01 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-07-06 20:50:01 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-07-06 20:50:00 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-07-06 20:50:00 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-07-06 20:49:58 -------- d-----w- C:\Program Files (x86)\Xvid
2013-07-06 20:37:30 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2013-07-06 20:37:30 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2013-07-06 20:36:26 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-07-06 20:36:23 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-07-06 20:35:58 -------- d-----w- C:\Program Files (x86)\Samsung
2013-07-06 20:33:17 -------- d-----w- C:\Users\Rasmus\AppData\Local\Downloaded Installations
2013-07-06 20:32:42 -------- d-----w- C:\Program Files (x86)\VideoLan
2013-07-06 20:29:08 -------- d-----w- C:\Program Files (x86)\QuickPar
2013-07-06 20:20:29 -------- d-----w- C:\Program Files (x86)\MPC-HC
2013-07-06 20:20:14 -------- d-----w- C:\Users\Rasmus\AppData\Local\Programs
2013-07-06 20:19:04 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0
2013-07-06 20:15:14 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-07-06 20:15:13 -------- d-----w- C:\Users\Rasmus\AppData\Roaming\DAEMON Tools Lite
2013-07-06 20:15:11 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-07-06 20:14:21 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-07-06 20:04:17 -------- d-----w- C:\Users\Rasmus\AppData\Local\NVIDIA
2013-07-06 19:12:16 -------- d-----w- C:\Users\Rasmus\AppData\Local\ElevatedDiagnostics
2013-07-06 19:05:09 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll
2013-07-06 19:05:08 786416 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2013-07-06 19:05:08 368112 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2013-07-06 19:05:08 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2013-07-06 19:05:08 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-07-06 18:52:29 -------- d-----w- C:\Program Files (x86)\Setup Files
2013-07-06 18:44:57 -------- d-----w- C:\Windows\SysWow64\Wat
2013-07-06 18:44:57 -------- d-----w- C:\Windows\System32\Wat
2013-07-06 18:43:30 11832 ----a-w- C:\Windows\acpimof.dll
2013-07-06 17:43:10 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-07-06 17:43:10 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-07-06 17:43:10 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-07-06 17:43:10 2560 ----a-w- C:\Windows\System32\drivers\da-DK\wdf01000.sys.mui
2013-07-06 17:37:15 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-06 17:35:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-07-06 17:33:05 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-07-06 17:33:05 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-07-06 17:33:05 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-07-06 17:33:05 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-07-06 17:33:04 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-07-06 17:33:04 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-07-06 17:32:42 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-07-06 17:32:42 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-07-06 17:32:42 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-07-06 17:32:42 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-07-06 17:32:42 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-07-06 17:32:42 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-07-06 17:32:42 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-07-06 17:31:33 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-07-06 17:31:33 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-07-06 17:31:33 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-07-06 17:31:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-07-06 17:31:32 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-07-06 16:59:29 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl
2013-07-06 16:59:27 12672 ----a-w- C:\Windows\System32\drivers\dadder.sys
2013-07-06 16:53:58 -------- d-----w- C:\Program Files (x86)\Sikkerhedspakke
2013-07-06 16:53:45 -------- d-----w- C:\ProgramData\fssg
2013-07-06 16:53:10 -------- d-----w- C:\ProgramData\f-secure
2013-07-06 16:50:34 -------- d-----w- C:\Users\Rasmus\AppData\Local\Razer
2013-07-06 16:50:06 -------- d-----w- C:\Program Files (x86)\Steam
2013-07-06 16:50:06 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-07-06 13:20:16 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-06 13:20:16 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-06 13:20:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 13:16:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-07-06 13:15:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2013-07-06 13:14:56 -------- d-----w- C:\Users\Rasmus\AppData\Local\Google
2013-07-06 13:14:53 -------- d-----w- C:\Users\Rasmus\AppData\Local\Deployment
2013-07-06 13:14:53 -------- d-----w- C:\Users\Rasmus\AppData\Local\Apps
2013-07-06 13:13:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-07-06 13:12:20 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-07-06 13:12:20 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-07-06 13:12:20 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-07-06 13:09:30 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-07-06 13:09:28 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-07-06 13:09:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-07-06 13:09:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-07-03 10:11:06 46568 ----a-w- C:\Windows\System32\drivers\ISCTD64.sys
2013-07-02 19:20:42 -------- d-----w- C:\Windows\Panther
2013-07-02 13:02:41 -------- d-----w- C:\Windows\System32\SPReview
2013-07-02 12:59:23 2560 ----a-w- C:\Windows\System32\drivers\da-DK\rdpwd.sys.mui
2013-07-02 12:59:22 3584 ----a-w- C:\Windows\System32\drivers\da-DK\tsusbflt.sys.mui
2013-07-02 12:55:51 -------- d-----w- C:\Windows\System32\EventProviders
2013-07-02 12:33:15 16344 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-07-02 12:31:52 -------- d-----w- C:\Program Files (x86)\ASM106xSATA
2013-07-02 12:29:49 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-07-02 12:29:00 -------- d-sh--w- C:\Windows\Installer
2013-07-02 12:28:20 -------- d-----w- C:\MSI
2013-07-02 12:28:14 -------- d-----w- C:\Intel
2013-07-02 12:28:13 -------- d-----w- C:\Program Files (x86)\MSI
.
==================== Find3M  ====================
.
2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-07-06 17:38:59 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2013-07-06 17:37:15 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-02 13:01:52 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-07-02 13:01:52 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-18 14:16:10 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 14:16:08 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2013-06-18 14:15:50 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-06-18 14:15:48 437688 ----a-w- C:\Windows\System32\guard64.dll
2013-06-18 14:15:48 348584 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-06-18 14:15:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-06-18 14:15:40 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-06-18 14:15:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 14:15:36 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-06-13 06:09:14 55496 ----a-w- C:\Windows\SysWow64\offreg.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-28 20:37:16 3432776 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2013-05-27 11:38:20 1102616 ----a-w- C:\Windows\System32\MBAPO264.dll
2013-05-27 11:38:10 918808 ----a-w- C:\Windows\SysWow64\MBAPO232.dll
2013-05-24 15:40:54 142408 ----a-w- C:\Windows\System32\RCoInstII64.dll
2013-05-22 09:24:32 3744328 ----a-w- C:\Windows\System32\RtkAPO64.dll
2013-05-20 14:16:30 1003592 ----a-w- C:\Windows\System32\RtkApi64.dll
2013-05-20 12:36:20 2794056 ----a-w- C:\Windows\System32\RtPgEx64.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 10:01:34 2103040 ----a-w- C:\Windows\System32\WavesGUILib64.dll
2013-05-02 10:01:00 2032896 ----a-w- C:\Windows\System32\MaxxAudioEQ64.dll
2013-05-02 10:00:44 920320 ----a-w- C:\Windows\System32\MaxxAudioAPOShell64.dll
.
============= FINISH:  5:14:06,33 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 02-07-2013 14:25:31
System Uptime: 26-07-2013 05:04:50 (0 hours ago)
.
Motherboard: MSI |  | Z87-GD65 GAMING (MS-7845)
Processor: Intel® Core i5-4670K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 138,411 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 562,722 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 26-07-2013 04:02:02 - ComboFix created restore point
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
ALLBenchmark 1.0 RC5
Application Verifier x64 External Package
Asmedia ASM106x SATA Host Controller Driver
Comodo Dragon
COMODO Internet Security Premium
DAEMON Tools Lite
Driver Fusion
Driver Sweeper version 3.2.0
GeekBuddy
Google Chrome
Google Update Helper
Grand Theft Auto IV
ImgBurn
Intel Processor Diagnostic Tool 64Bit
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 25
Java Auto Updater
Java 6 Update 21 (64-bit)
Kits Configuration Installer
L.A. Noire
League of Legends
LibreOffice 4.0.4.2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 DAN Language Pack
Microsoft .NET Framework 4.5 DAN sprogpakke
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.8
MSI Afterburner 3.0.0 Beta 11
MSI Kombustor 2.5.0
NewsLeecher v5.0 Beta 16 ( RC 1 )
NirSoft BlueScreenView
NVIDIA GeForce Experience 1.5.1
NVIDIA Grafikdriver 320.49
NVIDIA HD-lyddriver 1.3.24.2
NVIDIA Install Application
NVIDIA Kontrolpanel 320.49
NVIDIA Opdateringer 6.4.23
NVIDIA PhysX
NVIDIA PhysX-systemsoftware 9.13.0604
NVIDIA Update Components
OpenAL
Pando Media Booster
QuickPar 0.9
Razer DeathAdder Mouse
Realtek High Definition Audio Driver
RivaTuner Statistics Server 5.2.0
Rockstar Games Social Club
Samsung Kies
Samsung Magician
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
SDK Debuggers
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
setup version 1.0
Steam
System Requirements Lab for Intel
Torchlight II
Unigine Valley Benchmark version 1.0
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Ventrilo Client for Windows x64
VLC media player 2.0.7
Winamp
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit EULA
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows Software Development Kit Redistributables
WinRAR archiver
World of Warcraft
WPT Redistributables
WPTx64
Xvid Video Codec
.
==== End Of File ===========================
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Hemanse and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log
Link to post
Share on other sites
Hemanse

Hemanse

Posted
  • Author
Posted

Thanks for responding so fast, here are the logs :)

 

Malwarebytes anti-malware log, found nothing harmful:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.26.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Rasmus :: RASMUS-PC [administrator]
 
26-07-2013 17:43:42
mbam-log-2013-07-26 (17-43-42).txt
 
Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 238368
Tid gået: 2 minut(ter), 35 sekund(er)
 
Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)
 
Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)
 
Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)
 
Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)
 
Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)
 
Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)
 
Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)
 
(færdig)
 
-------------------------------------
 
ESET.
 
C:\Users\Rasmus\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
E:\-= APPZ =-\ac3filter_2_5b.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\DriverSweeper_3.1.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\DriverSweeper_3.2.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\driver_fusion_170.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\DTLite4454-0316.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\DTLite4471-0335.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\-= APPZ =-\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\-= APPZ =-\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy application cleaned by deleting - quarantined
 
Most of them i cannot imagine are harmful, i always make sure to download applications from the source site, false positives?
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Nope. OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent. It is almost the same like Bundled.Toolbar.Ask, unwanted application.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
Hemanse

Hemanse

Posted
  • Author
Posted

Things look fine, not sure how those bitcoin infections snuck in, but i seem to have gotten rid of them and all signs of other malware, i have been using f-secure wich i got free from my isp, but seems like it hasnt done a very good job, switched to comodo now and hopefully i will be able to stay clean.

 

Thanks for the help.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.