Coin-miner

Artea · September 4, 2013

Earlier today, my computer suddenly became very sluggish. I checked the task manager to see that the processor was being utilized for 100%. I noticed a programme called coin-miner.exe, which is apparently a Trojan I closed it and after that the computer behaved normally again. I also noticed another .exe consisting of a half a dozen numbers, which I also closed. After that I ran AdwCleaner and JRT and deleted the files/registry entries in question. Unfortunately, I didn't keep the logs.

Coin-miner (or the other .exe_ hasn't appeared since. But I still want to make sure it's permanently gone. Is there any programme I can run and post the log for advice/analysis? I am using Microsoft Security Essentials, by the way.

Thanks in advance.

Psychotic · September 5, 2013

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Artea · September 5, 2013

Thanks for the quick reply.

Here's dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by A at 8:11:09 on 2013-09-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.6139.4776 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskmgr.exe
svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uWindows: Load = C:\Users\A\AppData\Roaming\Microsoft\Windows\taskmgr.exe
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\A\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [LAN Messenger] C:\Users\A\Desktop\lmc-1.2.35-win32\lmc.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AAEDA3E-4E60-4670-A15B-6BB70D7DABF5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EE94D214-5926-43D0-9C2F-24ADF4AC9E2D} : DHCPNameServer = 192.168.1.250
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-11 22:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-11 22:04; adblockpopups@jessehakanen.net; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-08-11 22:05; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-11 22:07; {76C80A11-FAD4-406c-8246-F5ED4F9367B5}; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
FF - ExtSQL: 2013-08-11 22:08; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF - ExtSQL: 2013-08-11 22:10; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-08-11 22:12; TFToolbarX@torrent-finder; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\TFToolbarX@torrent-finder.xpi
FF - ExtSQL: 2013-08-11 22:12; en-US@dictionaries.addons.mozilla.org; C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\en-US@dictionaries.addons.mozilla.org
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-12 283064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-14 321104]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-14 135560]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-11 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-4-14 246376]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-11 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-11 30208]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-11 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
S4 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2013-8-11 867712]
S4 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-4-14 244624]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-29 255744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-09-05 06:08:00   9515512   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB4129DB-86BF-4C9F-93F3-EFF0CFADF04A}\mpengine.dll
2013-09-05 06:06:50   9515512   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-05 00:43:52   --------   d-----w-   C:\Users\A\AppData\Roaming\The Longest Journey
2013-09-04 22:03:30   --------   d-----w-   C:\Outlast
2013-09-04 19:24:27   --------   d-----w-   C:\Users\A\AppData\Roaming\Mining
2013-09-03 20:18:28   --------   d-----w-   C:\Users\A\AppData\Local\EMU
2013-09-03 20:10:31   --------   d-----w-   C:\Program Files (x86)\Brothers - A Tale of Two Sons
2013-09-02 08:53:22   --------   d-----w-   C:\Program Files (x86)\GOG.com
2013-08-31 10:54:59   --------   d--h--w-   C:\Windows\msdownld.tmp
2013-08-31 10:51:04   --------   d-----w-   C:\ProgramData\Orbit
2013-08-31 08:52:25   8199504   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-08-31 08:52:20   9515512   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4645214E-B603-4E0C-A8C6-ACFF32325B9C}\mpengine.dll
2013-08-31 08:52:15   9515512   ------w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-08-31 07:50:36   --------   d-----w-   C:\Windows\ERUNT
2013-08-30 09:49:24   --------   d-----w-   C:\Program Files (x86)\JDownloader v2.0
2013-08-29 09:07:06   --------   d-----w-   C:\Users\A\AppData\Roaming\Might and Delight
2013-08-29 02:30:58   --------   d--h--w-   C:\Windows\PIF
2013-08-27 10:13:27   469873   ----a-r-   C:\Users\A\AppData\Roaming\Microsoft\Windows\taskmgr.exe
2013-08-27 07:45:48   --------   d-----w-   C:\Program Files (x86)\Internet Download Manager
2013-08-26 21:16:49   --------   d-----w-   C:\Users\A\AppData\Local\fontconfig
2013-08-26 21:16:48   --------   d-----w-   C:\Users\A\AppData\Local\gegl-0.2
2013-08-26 21:16:48   --------   d-----w-   C:\Users\A\.gimp-2.8
2013-08-26 21:15:24   --------   d-----w-   C:\Program Files\GIMP 2
2013-08-26 15:55:23   86528   ----a-w-   C:\Windows\bnetunin.exe
2013-08-26 15:55:23   61440   ----a-w-   C:\Windows\diabunin.exe
2013-08-26 15:55:23   --------   d-----w-   C:\Diablo
2013-08-25 21:43:24   --------   d-----w-   C:\Program Files (x86)\CAPCOM
2013-08-25 21:43:00   63488   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-08-25 21:42:59   753664   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-08-25 21:42:59   69714   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-08-25 21:42:59   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-08-25 21:42:59   274432   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-08-25 21:42:59   184320   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-08-25 21:42:57   200836   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-08-25 21:42:56   331908   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-08-25 16:45:59   --------   d-----w-   C:\Users\A\AppData\Local\SKIDROW
2013-08-25 13:43:36   --------   d-----w-   C:\Windows\_ISTMP1.DIR
2013-08-25 13:20:43   21840   ----atw-   C:\Windows\SysWow64\SIntfNT.dll
2013-08-25 13:20:43   17212   ----atw-   C:\Windows\SysWow64\SIntf32.dll
2013-08-25 13:20:43   12067   ----atw-   C:\Windows\SysWow64\SIntf16.dll
2013-08-25 11:57:25   --------   d-----w-   C:\Windows\solcache
2013-08-25 08:52:50   212992   ------w-   C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-08-24 14:52:52   --------   d-----w-   C:\Users\A\AppData\Roaming\3909
2013-08-24 13:21:06   --------   d-----w-   C:\Users\A\AppData\Local\AMD
2013-08-24 13:12:12   0   ----a-w-   C:\Windows\ativpsrm.bin
2013-08-24 13:10:03   --------   d-----w-   C:\Program Files (x86)\AMD AVT
2013-08-24 13:09:57   --------   d-----w-   C:\Program Files\Common Files\ATI Technologies
2013-08-24 13:09:57   --------   d-----w-   C:\Program Files (x86)\Common Files\ATI Technologies
2013-08-24 13:08:56   --------   d-----w-   C:\ProgramData\AMD
2013-08-24 13:07:47   --------   d-----w-   C:\Program Files (x86)\ATI Technologies
2013-08-24 13:07:30   --------   d-----w-   C:\Program Files\ATI
2013-08-24 13:07:13   --------   d-----w-   C:\Program Files\ATI Technologies
2013-08-24 12:50:55   --------   d-----w-   C:\Users\A\AppData\Local\ATI
2013-08-24 12:50:29   --------   d-----w-   C:\Program Files (x86)\Phyxion.net
2013-08-22 21:42:14   941720   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF055D44-AF50-4B61-9CF0-88C077D411AD}\gapaengine.dll
2013-08-22 18:42:32   --------   d-----w-   C:\GOG games
2013-08-21 17:24:01   --------   d-----w-   C:\ProgramData\Package Cache
2013-08-16 14:55:18   --------   d-----w-   C:\Users\A\dwhelper
2013-08-14 21:08:59   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-08-14 20:51:16   --------   d-----w-   C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-14 20:48:58   --------   d-----w-   C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-14 20:48:11   --------   d-----w-   C:\Program Files (x86)\Microsoft Analysis Services
2013-08-14 20:47:55   --------   d-----w-   C:\Users\A\AppData\Local\Microsoft Help
2013-08-14 11:08:30   --------   d-----w-   C:\ProgramData\Steam
2013-08-13 21:57:05   466456   ----a-w-   C:\Windows\System32\wrap_oal.dll
2013-08-13 21:57:04   444952   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2013-08-13 21:57:04   122904   ----a-w-   C:\Windows\System32\OpenAL32.dll
2013-08-13 21:57:04   109080   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2013-08-13 21:57:04   --------   d-----w-   C:\Program Files (x86)\OpenAL
2013-08-13 16:51:06   --------   d-----w-   C:\Program Files (x86)\NAMCO BANDAI Games
2013-08-13 16:50:06   519000   ----a-w-   C:\Windows\System32\d3dx10_40.dll
2013-08-13 16:50:06   452440   ----a-w-   C:\Windows\SysWow64\d3dx10_40.dll
2013-08-13 16:50:06   2605920   ----a-w-   C:\Windows\System32\D3DCompiler_40.dll
2013-08-13 16:50:06   2036576   ----a-w-   C:\Windows\SysWow64\D3DCompiler_40.dll
2013-08-13 16:50:05   5631312   ----a-w-   C:\Windows\System32\D3DX9_40.dll
2013-08-13 09:47:47   306688   ----a-w-   C:\Windows\IsUninst.exe
2013-08-13 03:54:47   --------   d-----w-   C:\Users\A\AppData\Roaming\LAN Messenger
2013-08-13 03:04:47   --------   d-----w-   C:\Users\A\AppData\Roaming\fltk.org
2013-08-13 00:50:58   --------   d-----w-   C:\Windows\USB Vibration
2013-08-13 00:50:52   634880   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2013-08-13 00:50:52   57344   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2013-08-13 00:50:52   5632   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2013-08-13 00:50:52   270468   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2013-08-13 00:50:52   237568   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2013-08-13 00:50:52   159876   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2013-08-13 00:50:52   151552   ----a-w-   C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2013-08-13 00:50:50   --------   d-----w-   C:\Program Files (x86)\USB Vibration
2013-08-12 16:43:26   --------   d-----w-   C:\Users\A\AppData\Local\CrashDumps
2013-08-12 10:32:27   --------   d-----w-   C:\Users\A\AppData\Local\LAN Messenger
2013-08-12 04:19:53   163504   ----a-w-   C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-08-12 02:06:51   --------   d-----w-   C:\Users\A\AppData\Roaming\uTorrent
2013-08-12 01:33:30   --------   d-----w-   C:\Users\A\AppData\Roaming\avidemux
2013-08-12 01:27:38   --------   d-----w-   C:\Program Files\Avidemux 2.5
2013-08-11 23:52:14   --------   d-----w-   C:\Windows\SysWow64\syncdb
2013-08-11 23:36:32   283064   ----a-w-   C:\Windows\System32\drivers\dtsoftbus01.sys
2013-08-11 23:28:24   564824   ----a-w-   C:\Windows\System32\drivers\sptd.sys
2013-08-11 23:28:10   --------   d-----w-   C:\Users\A\AppData\Roaming\DAEMON Tools Lite
2013-08-11 23:28:06   --------   d-----w-   C:\Program Files (x86)\DAEMON Tools Lite
2013-08-11 23:23:18   941720   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-11 23:23:15   --------   d-----w-   C:\ProgramData\DAEMON Tools Lite
2013-08-11 23:18:27   --------   d-----w-   C:\Program Files\CCleaner
2013-08-11 23:07:08   --------   d-----w-   C:\Windows\SysWow64\nl
2013-08-11 23:07:08   --------   d-----w-   C:\Windows\SysWow64\0413
2013-08-11 23:07:08   --------   d-----w-   C:\Windows\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\SysWow64\XPSViewer
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\SysWow64\wbem\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\SysWow64\drivers\UMDF\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\SysWow64\drivers\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\System32\nl
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\System32\drivers\UMDF\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\System32\drivers\nl-NL
2013-08-11 23:07:07   --------   d-----w-   C:\Windows\System32\0413
2013-08-11 23:07:06   --------   d-----w-   C:\Windows\System32\wbem\nl-NL
2013-08-11 23:05:57   16896   ----a-w-   C:\Windows\System32\drivers\nl-NL\pacer.sys.mui
2013-08-11 23:05:56   26624   ----a-w-   C:\Windows\System32\drivers\nl-NL\bfe.dll.mui
2013-08-11 23:05:56   2560   ----a-w-   C:\Windows\System32\drivers\nl-NL\rdpwd.sys.mui
2013-08-11 23:05:54   3584   ----a-w-   C:\Windows\System32\drivers\nl-NL\modem.sys.mui
2013-08-11 23:05:54   3584   ----a-w-   C:\Windows\System32\drivers\nl-NL\ipnat.sys.mui
2013-08-11 23:05:54   2560   ----a-w-   C:\Windows\System32\drivers\nl-NL\volmgrx.sys.mui
2013-08-11 23:05:54   15872   ----a-w-   C:\Windows\System32\drivers\nl-NL\afd.sys.mui
2013-08-11 23:05:52   9216   ----a-w-   C:\Windows\System32\drivers\nl-NL\tunnel.sys.mui
2013-08-11 23:05:52   7168   ----a-w-   C:\Windows\System32\drivers\nl-NL\luafv.sys.mui
2013-08-11 23:05:52   69120   ----a-w-   C:\Windows\System32\drivers\nl-NL\ntfs.sys.mui
2013-08-11 23:05:52   5120   ----a-w-   C:\Windows\System32\drivers\nl-NL\rdbss.sys.mui
2013-08-11 23:05:52   2560   ----a-w-   C:\Windows\System32\drivers\nl-NL\srv.sys.mui
2013-08-11 23:00:32   --------   d-----w-   C:\Windows\NAPP_Dism_Log
2013-08-11 22:54:22   --------   d-----w-   C:\Program Files (x86)\SpeedFan
2013-08-11 21:55:25   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2013-08-11 21:55:17   --------   d-----w-   C:\Program Files\Microsoft Security Client
2013-08-11 20:57:33   --------   d-----w-   C:\Users\A\AppData\Local\Programs
2013-08-11 20:46:50   17018248   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-08-11 20:46:00   789416   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-08-11 20:45:48   867240   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-08-11 20:44:08   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-11 20:27:13   --------   d-----w-   C:\Program Files (x86)\VideoLAN
2013-08-11 20:17:58   --------   d-----w-   C:\Users\A\AppData\Local\Macromedia
2013-08-11 20:15:51   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-11 20:15:51   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-11 20:06:46   3767504   ----a-w-   C:\Windows\System32\d3dx9_26.dll
2013-08-11 20:06:46   2297552   ----a-w-   C:\Windows\SysWow64\d3dx9_26.dll
2013-08-11 20:00:43   --------   d-----w-   C:\Windows\SysWow64\directx
2013-08-11 19:50:38   --------   d-----w-   C:\Users\A\AppData\Local\Mozilla
2013-08-11 19:50:11   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-11 18:19:39   --------   d-----w-   C:\Windows\System32\MRT
2013-08-11 18:18:52   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2013-08-11 18:18:52   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2013-08-11 18:18:43   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2013-08-11 18:18:43   458712   ----a-w-   C:\Windows\System32\drivers\cng.sys
2013-08-11 18:18:43   340992   ----a-w-   C:\Windows\System32\schannel.dll
2013-08-11 18:18:43   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2013-08-11 18:18:43   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2013-08-11 18:18:43   154480   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2013-08-11 18:18:43   1448448   ----a-w-   C:\Windows\System32\lsasrv.dll
2013-08-11 18:17:46   1643520   ----a-w-   C:\Windows\System32\DWrite.dll
2013-08-11 18:17:46   1247744   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2013-08-11 18:15:23   --------   d-----w-   C:\Program Files (x86)\MSXML 4.0
2013-08-11 17:49:27   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-11 17:45:20   --------   d-----w-   C:\Windows\SysWow64\Wat
2013-08-11 17:45:20   --------   d-----w-   C:\Windows\System32\Wat
2013-08-11 17:11:16   --------   d-----w-   C:\Program Files (x86)\Common Files\Symantec Shared
2013-08-11 17:06:50   9728   ----a-w-   C:\Windows\System32\Wdfres.dll
2013-08-11 17:06:50   785512   ----a-w-   C:\Windows\System32\drivers\Wdf01000.sys
2013-08-11 17:06:50   54376   ----a-w-   C:\Windows\System32\drivers\WdfLdr.sys
2013-08-11 17:06:50   2560   ----a-w-   C:\Windows\System32\drivers\nl-NL\wdf01000.sys.mui
2013-08-11 16:56:53   294912   ----a-w-   C:\Windows\System32\browserchoice.exe
2013-08-11 16:49:03   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2013-08-11 16:49:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2013-08-11 16:49:03   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2013-08-11 16:49:03   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2013-08-11 16:47:53   87040   ----a-w-   C:\Windows\System32\drivers\WUDFPf.sys
2013-08-11 16:47:53   84992   ----a-w-   C:\Windows\System32\WUDFSvc.dll
2013-08-11 16:47:53   45056   ----a-w-   C:\Windows\System32\WUDFCoinstaller.dll
2013-08-11 16:47:53   198656   ----a-w-   C:\Windows\System32\drivers\WUDFRd.sys
2013-08-11 16:47:53   194048   ----a-w-   C:\Windows\System32\WUDFPlatform.dll
2013-08-11 16:47:52   744448   ----a-w-   C:\Windows\System32\WUDFx.dll
2013-08-11 16:47:52   229888   ----a-w-   C:\Windows\System32\WUDFHost.exe
2013-08-11 16:43:48   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
2013-08-11 16:43:48   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
2013-08-11 16:43:48   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
2013-08-11 16:43:47   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
2013-08-11 16:43:47   5120   ----a-w-   C:\Windows\System32\wmi.dll
2013-08-11 16:40:03   903168   ----a-w-   C:\Windows\SysWow64\certutil.exe
2013-08-11 16:40:03   52224   ----a-w-   C:\Windows\System32\certenc.dll
2013-08-11 16:40:03   43008   ----a-w-   C:\Windows\SysWow64\certenc.dll
2013-08-11 16:40:03   1192448   ----a-w-   C:\Windows\System32\certutil.exe
2013-08-11 16:38:28   466944   ----a-w-   C:\Program Files\Common Files\System\ado\msadomd.dll
2013-08-11 16:36:29   1887232   ----a-w-   C:\Windows\System32\d3d11.dll
2013-08-11 16:35:57   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2013-08-11 16:34:59   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2013-08-11 16:31:23   67072   ----a-w-   C:\Windows\splwow64.exe
2013-08-11 16:31:23   559104   ----a-w-   C:\Windows\System32\spoolsv.exe
2013-08-11 16:16:30   77312   ----a-w-   C:\Windows\System32\packager.dll
2013-08-11 16:16:30   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2013-08-11 16:10:58   --------   d-----w-   C:\Users\A\AppData\Local\VirtualStore
2013-08-11 16:09:39   2622464   ----a-w-   C:\Windows\System32\wucltux.dll
2013-08-11 16:09:22   99840   ----a-w-   C:\Windows\System32\wudriver.dll
2013-08-11 16:08:35   36864   ----a-w-   C:\Windows\System32\wuapp.exe
2013-08-11 16:08:35   186752   ----a-w-   C:\Windows\System32\wuwebv.dll
2013-08-11 16:08:25   --------   d-----w-   C:\Program Files\Accessory Store
2013-08-11 13:48:22   --------   d-----w-   C:\Windows\SysWow64\wbem\en-US
2013-08-11 13:48:22   --------   d-----w-   C:\Windows\System32\wbem\en-US
2013-08-11 13:39:56   --------   d-----w-   C:\Program Files (x86)\Video Web Camera
2013-08-11 13:32:53   10224   ------w-   C:\Windows\System32\drivers\cdralw2k.sys
2013-08-11 13:32:53   10224   ------w-   C:\Windows\System32\drivers\cdr4_xp.sys
2013-08-11 13:31:28   --------   d-----w-   C:\Program Files (x86)\Common Files\Sonic Shared
2013-08-11 13:28:23   --------   d-----w-   C:\Program Files (x86)\Microsoft
2013-08-11 13:25:25   --------   d-----w-   C:\Program Files\Elantech
2013-08-11 13:18:58   --------   d-----w-   C:\Program Files (x86)\Launch Manager
2013-08-11 13:16:47   --------   d---a-w-   C:\book
.
==================== Find3M ====================
.
2013-08-11 23:06:20   2560   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2013-08-11 23:06:09   5632   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2013-08-11 23:06:04   50688   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2013-08-11 23:06:01   26624   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2013-08-11 23:06:01   16896   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2013-08-11 23:05:52   2560   ----a-w-   C:\Windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2013-08-11 17:49:27   9728   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-07 02:22:02   278800   ------w-   C:\Windows\System32\MpSigStub.exe
2013-07-26 05:12:08   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54   1888768   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-07-19 01:41:01   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-07-09 06:03:30   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22   1732032   ----a-w-   C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12   243712   ----a-w-   C:\Windows\System32\wow64.dll
2013-07-09 05:52:52   224256   ----a-w-   C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16   1217024   ----a-w-   C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20   1472512   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34   3968960   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34   3913664   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47   1292192   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33   663552   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10   175104   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53   1910208   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-06-18 19:50:08   247216   ----a-w-   C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 19:50:08   139616   ----a-w-   C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16   39936   ----a-w-   C:\Windows\System32\drivers\tssecsrv.sys
2013-06-09 13:59:36   90192   ----a-w-   C:\Windows\System32\mfcm110u.dll
.
============= FINISH: 8:12:31,37 ===============

And here's aswMBR.txt:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-05 08:15:37
-----------------------------
08:15:37.964    OS Version: Windows x64 6.1.7601 Service Pack 1
08:15:37.964    Number of processors: 4 586 0x503
08:15:37.979    ComputerName: A-PC UserName: A
08:15:39.508    Initialize success
08:17:31.536    AVAST engine defs: 13090401
08:20:36.068    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:20:36.068    Disk 0 Vendor: WDC_WD5000BEVT-22A0RT0 01.01A01 Size: 476940MB BusType: 11
08:20:36.068    Disk 0 MBR read successfully
08:20:36.068    Disk 0 MBR scan
08:20:36.084    Disk 0 Windows 7 default MBR code
08:20:36.099    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
08:20:36.131    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
08:20:36.146    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       458406 MB offset 37955584
08:20:36.240    Disk 0 scanning C:\Windows\system32\drivers
08:20:50.826    Service scanning
08:21:30.778    Modules scanning
08:21:30.778    Disk 0 trace - called modules:
08:21:30.809    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004ebb2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:21:31.324    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ff8060]
08:21:31.324    3 CLASSPNP.SYS[fffff880013cc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005f43680]
08:21:31.324    \Driver\atapi[0xfffffa8005cad5b0] -> IRP_MJ_CREATE -> 0xfffffa8004ebb2c0
08:21:33.757    AVAST engine scan C:\Windows
08:21:38.281    AVAST engine scan C:\Windows\system32
08:26:36.195    AVAST engine scan C:\Windows\system32\drivers
08:26:55.118    AVAST engine scan C:\Users\A
08:27:00.968    File: C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I590B7T9\Microsoft01[1].exe **INFECTED** Win32:Dropper-MXY [Trj]
08:29:17.172    File: C:\Users\A\AppData\Roaming\Mining\coin-miner.exe **INFECTED** Win32:BitCoinMiner-DH [Trj]
08:29:17.343    File: C:\Users\A\AppData\Roaming\Mining\Microsoft.exe **INFECTED** Win32:Dropper-MXY [Trj]
08:32:54.355    File: C:\Users\A\Documents\Installation files\Diversen\Anti-virus\dds.scr **INFECTED** Win32:Malware-gen
08:48:33.613    AVAST engine scan C:\ProgramData
08:49:16.467    Scan finished successfully
08:49:32.972    Disk 0 MBR has been saved successfully to "C:\Users\A\Desktop\MBR.dat"
08:49:33.050    The log file has been saved successfully to "C:\Users\A\Desktop\aswMBR.txt"

attach.txt

Psychotic · September 5, 2013

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Artea · September 5, 2013

ComboFix 13-09-04.04 - A 05-09-2013 10:00:20.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.6139.4932 [GMT 2:00]
Gestart vanuit: c:\users\A\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\A\AppData\Roaming\Microsoft\Windows\taskmgr.exe
c:\users\A\AppData\Roaming\Mining\coin-miner.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-08-05 to 2013-09-05 ))))))))))))))))))))))))))))))
.
.
2013-09-05 08:06 . 2013-09-05 08:06   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-05 06:08 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB4129DB-86BF-4C9F-93F3-EFF0CFADF04A}\mpengine.dll
2013-09-05 06:06 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-04 22:03 . 2013-09-04 22:28   --------   d-----w-   C:\Outlast
2013-09-03 20:10 . 2013-09-03 20:12   --------   d-----w-   c:\program files (x86)\Brothers - A Tale of Two Sons
2013-09-02 08:53 . 2013-09-02 08:53   --------   d-----w-   c:\program files (x86)\GOG.com
2013-08-31 10:54 . 2013-09-03 20:14   --------   d--h--w-   c:\windows\msdownld.tmp
2013-08-31 10:51 . 2013-08-31 10:51   --------   d-----w-   c:\programdata\Orbit
2013-08-31 08:52 . 2013-08-19 22:46   9515512   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4645214E-B603-4E0C-A8C6-ACFF32325B9C}\mpengine.dll
2013-08-31 07:50 . 2013-08-31 07:50   --------   d-----w-   c:\windows\ERUNT
2013-08-30 09:49 . 2013-09-04 21:38   --------   d-----w-   c:\program files (x86)\JDownloader v2.0
2013-08-30 09:36 . 2013-08-30 09:36   --------   d-----w-   c:\windows\Sun
2013-08-29 02:30 . 2013-08-29 02:30   --------   d--h--w-   c:\windows\PIF
2013-08-27 07:45 . 2013-08-27 07:45   --------   d-----w-   c:\program files (x86)\Internet Download Manager
2013-08-26 21:15 . 2013-08-26 21:16   --------   d-----w-   c:\program files\GIMP 2
2013-08-26 15:55 . 2013-08-26 16:03   --------   d-----w-   C:\Diablo
2013-08-26 15:55 . 2013-08-26 15:55   86528   ----a-w-   c:\windows\bnetunin.exe
2013-08-26 15:55 . 2013-08-26 15:55   61440   ----a-w-   c:\windows\diabunin.exe
2013-08-25 21:43 . 2013-08-31 22:51   --------   d-----w-   c:\program files (x86)\CAPCOM
2013-08-25 21:43 . 2005-04-03 21:00   63488   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-08-25 21:42 . 2005-04-03 21:02   753664   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-08-25 21:42 . 2005-04-03 21:02   69714   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-08-25 21:42 . 2005-04-03 21:01   274432   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-08-25 21:42 . 2005-04-03 21:00   184320   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-08-25 21:42 . 2005-04-03 20:59   5632   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-08-25 21:42 . 2013-08-25 21:42   200836   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-08-25 21:42 . 2013-08-25 21:42   331908   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-08-25 13:43 . 2013-08-25 13:43   --------   d-----w-   c:\windows\_ISTMP1.DIR
2013-08-25 13:20 . 2013-08-25 13:23   21840   ----atw-   c:\windows\SysWow64\SIntfNT.dll
2013-08-25 13:20 . 2013-08-25 13:23   17212   ----atw-   c:\windows\SysWow64\SIntf32.dll
2013-08-25 13:20 . 2013-08-25 13:23   12067   ----atw-   c:\windows\SysWow64\SIntf16.dll
2013-08-25 11:57 . 2013-08-25 11:57   --------   d-----w-   c:\windows\solcache
2013-08-25 08:52 . 2000-01-04 04:39   212992   ------w-   c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2013-08-24 13:20 . 2013-08-24 13:20   --------   d-----w-   c:\programdata\ATI
2013-08-24 13:12 . 2013-08-24 13:12   0   ----a-w-   c:\windows\ativpsrm.bin
2013-08-24 13:10 . 2013-08-24 13:10   --------   d-----w-   c:\program files (x86)\AMD AVT
2013-08-24 13:09 . 2013-08-24 13:09   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2013-08-24 13:09 . 2013-08-24 13:09   --------   d-----w-   c:\program files (x86)\Common Files\ATI Technologies
2013-08-24 13:08 . 2013-08-24 13:10   --------   d-----w-   c:\programdata\AMD
2013-08-24 13:07 . 2013-08-24 13:07   --------   d-----w-   c:\program files (x86)\ATI Technologies
2013-08-24 13:07 . 2013-08-24 13:07   --------   d-----w-   c:\program files\ATI
2013-08-24 13:07 . 2013-08-24 13:09   --------   d-----w-   c:\program files\ATI Technologies
2013-08-24 12:50 . 2013-08-24 12:50   --------   d-----w-   c:\program files (x86)\Phyxion.net
2013-08-22 21:42 . 2013-08-22 21:41   941720   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF055D44-AF50-4B61-9CF0-88C077D411AD}\gapaengine.dll
2013-08-22 18:42 . 2013-09-04 23:06   --------   d-----w-   C:\GOG games
2013-08-21 17:24 . 2013-08-21 18:38   --------   d-----w-   c:\programdata\Package Cache
2013-08-14 21:08 . 2013-07-26 05:13   2241024   ----a-w-   c:\windows\system32\wininet.dll
2013-08-14 21:08 . 2013-07-26 05:12   15405056   ----a-w-   c:\windows\system32\ieframe.dll
2013-08-14 21:08 . 2013-07-26 05:12   19239424   ----a-w-   c:\windows\system32\mshtml.dll
2013-08-14 21:01 . 2013-08-14 21:01   --------   d-----w-   c:\programdata\CyberLink
2013-08-14 20:51 . 2013-08-14 20:51   --------   d-----w-   c:\program files (x86)\Microsoft Synchronization Services
2013-08-14 20:50 . 2013-08-14 20:50   --------   d-----w-   c:\program files (x86)\Microsoft Sync Framework
2013-08-14 20:48 . 2013-08-14 20:48   --------   d-----w-   c:\program files (x86)\Microsoft Visual Studio 8
2013-08-14 20:48 . 2013-08-14 20:48   --------   d-----w-   c:\program files\Microsoft Office
2013-08-14 20:48 . 2013-08-14 20:48   --------   d-----w-   c:\program files (x86)\Microsoft Analysis Services
2013-08-14 20:47 . 2013-08-27 23:20   --------   d-----w-   c:\programdata\Microsoft Help
2013-08-14 20:47 . 2013-08-14 20:47   --------   d-----r-   C:\MSOCache
2013-08-14 11:08 . 2013-08-14 11:08   --------   d-----w-   c:\programdata\Steam
2013-08-13 21:57 . 2013-08-13 21:57   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2013-08-13 21:57 . 2013-08-13 21:57   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2013-08-13 21:57 . 2013-08-13 21:57   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2013-08-13 21:57 . 2013-08-13 21:57   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2013-08-13 21:57 . 2013-08-13 21:57   --------   d-----w-   c:\program files (x86)\OpenAL
2013-08-13 16:51 . 2013-08-13 16:55   --------   d-----w-   c:\program files (x86)\NAMCO BANDAI Games
2013-08-13 16:50 . 2008-10-15 04:22   519000   ----a-w-   c:\windows\system32\d3dx10_40.dll
2013-08-13 16:50 . 2008-10-15 04:22   452440   ----a-w-   c:\windows\SysWow64\d3dx10_40.dll
2013-08-13 16:50 . 2008-10-15 04:22   2605920   ----a-w-   c:\windows\system32\D3DCompiler_40.dll
2013-08-13 16:50 . 2008-10-15 04:22   2036576   ----a-w-   c:\windows\SysWow64\D3DCompiler_40.dll
2013-08-13 16:50 . 2008-10-15 04:22   5631312   ----a-w-   c:\windows\system32\D3DX9_40.dll
2013-08-13 09:47 . 1998-10-29 14:45   306688   ----a-w-   c:\windows\IsUninst.exe
2013-08-13 00:50 . 2013-08-13 00:50   --------   d-----w-   c:\windows\USB Vibration
2013-08-13 00:50 . 2013-08-13 00:50   270468   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2013-08-13 00:50 . 2013-08-13 00:50   159876   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2013-08-13 00:50 . 2002-08-05 08:46   57344   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2013-08-13 00:50 . 2002-08-02 01:10   5632   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2013-08-13 00:50 . 2002-08-02 00:20   634880   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2013-08-13 00:50 . 2002-08-02 00:20   237568   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2013-08-13 00:50 . 2002-08-02 00:20   151552   ----a-w-   c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2013-08-13 00:50 . 2013-08-13 00:50   --------   d-----w-   c:\program files (x86)\USB Vibration
2013-08-12 04:19 . 2013-08-12 04:19   163504   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-08-12 01:27 . 2013-08-12 01:28   --------   d-----w-   c:\program files\Avidemux 2.5
2013-08-11 23:52 . 2013-08-11 23:52   --------   d-----w-   c:\windows\SysWow64\syncdb
2013-08-11 23:36 . 2013-08-11 23:36   283064   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2013-08-11 23:28 . 2013-08-11 23:28   564824   ----a-w-   c:\windows\system32\drivers\sptd.sys
2013-08-11 23:28 . 2013-08-11 23:36   --------   d-----w-   c:\program files (x86)\DAEMON Tools Lite
2013-08-11 23:23 . 2013-08-11 23:22   941720   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-11 23:23 . 2013-08-12 10:06   --------   d-----w-   c:\programdata\DAEMON Tools Lite
2013-08-11 23:20 . 2006-02-03 06:43   3830992   ----a-w-   c:\windows\system32\d3dx9_29.dll
2013-08-11 23:20 . 2006-02-03 06:42   355536   ----a-w-   c:\windows\system32\xactengine2_0.dll
2013-08-11 23:20 . 2006-02-03 06:41   16592   ----a-w-   c:\windows\system32\x3daudio1_0.dll
2013-08-11 23:20 . 2005-12-05 16:09   3815120   ----a-w-   c:\windows\system32\d3dx9_28.dll
2013-08-11 23:20 . 2005-07-22 17:59   3807440   ----a-w-   c:\windows\system32\d3dx9_27.dll
2013-08-11 23:18 . 2013-08-11 23:18   --------   d-----w-   c:\program files\CCleaner
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\SysWow64\nl
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\SysWow64\0413
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\nl-NL
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\SysWow64\XPSViewer
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\SysWow64\drivers\UMDF\nl-NL
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\SysWow64\drivers\nl-NL
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\system32\nl
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\system32\drivers\UMDF\nl-NL
2013-08-11 23:07 . 2013-08-11 23:07   --------   d-----w-   c:\windows\system32\0413
2013-08-11 23:07 . 2013-08-11 18:26   --------   d-----w-   c:\windows\SysWow64\wbem\nl-NL
2013-08-11 23:07 . 2013-08-11 18:26   --------   d-----w-   c:\windows\system32\drivers\nl-NL
2013-08-11 23:07 . 2013-08-11 18:26   --------   d-----w-   c:\windows\system32\wbem\nl-NL
2013-08-11 23:06 . 2013-08-11 23:06   3584   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2013-08-11 23:00 . 2013-08-11 23:00   --------   d-----w-   c:\windows\NAPP_Dism_Log
2013-08-11 22:54 . 2013-09-04 21:15   --------   d-----w-   c:\program files (x86)\SpeedFan
2013-08-11 22:28 . 2013-08-11 22:28   --------   d-----w-   c:\program files\Microsoft Silverlight
2013-08-11 22:28 . 2013-08-11 22:28   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2013-08-11 21:55 . 2013-08-11 23:01   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2013-08-11 21:55 . 2013-08-11 23:08   --------   d-----w-   c:\program files\Microsoft Security Client
2013-08-11 20:47 . 2013-08-11 20:47   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-08-11 20:46 . 2013-08-11 20:46   17018248   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-11 20:46 . 2013-08-11 20:43   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-08-11 20:45 . 2013-08-11 20:43   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-08-11 20:44 . 2013-08-11 20:43   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-11 20:43 . 2013-08-11 20:43   --------   d-----w-   c:\program files (x86)\Java
2013-08-11 20:27 . 2013-08-11 20:27   --------   d-----w-   c:\program files (x86)\VideoLAN
2013-08-11 20:15 . 2013-08-11 20:50   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-11 20:15 . 2013-08-11 20:50   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-11 20:15 . 2013-08-11 20:15   --------   d-----w-   c:\windows\system32\Macromed
2013-08-11 20:06 . 2005-05-26 13:34   3767504   ----a-w-   c:\windows\system32\d3dx9_26.dll
2013-08-11 20:06 . 2005-05-26 13:34   2297552   ----a-w-   c:\windows\SysWow64\d3dx9_26.dll
2013-08-11 20:06 . 2005-03-18 15:19   3823312   ----a-w-   c:\windows\system32\d3dx9_25.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 23:06 . 2013-08-11 23:06   2560   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui
2013-08-11 23:06 . 2013-08-11 23:06   5632   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui
2013-08-11 23:06 . 2013-08-11 23:06   50688   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui
2013-08-11 23:06 . 2013-08-11 23:06   26624   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui
2013-08-11 23:06 . 2013-08-11 23:06   16896   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui
2013-08-11 23:05 . 2013-08-11 23:05   2560   ----a-w-   c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui
2013-08-11 16:08 . 2010-06-24 18:33   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-07 02:22 . 2010-11-21 03:27   278800   ------w-   c:\windows\system32\MpSigStub.exe
2013-07-09 04:45 . 2013-08-14 10:06   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-06-18 19:50 . 2013-06-18 19:50   247216   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2012-03-20 18:44   139616   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-09 17:53 . 2013-06-09 17:53   83024   ----a-w-   c:\windows\SysWow64\mfcm110u.dll
2013-06-09 17:53 . 2013-06-09 17:53   83016   ----a-w-   c:\windows\SysWow64\mfcm110.dll
2013-06-09 17:53 . 2013-06-09 17:53   74832   ----a-w-   c:\windows\SysWow64\mfc110fra.dll
2013-06-09 17:53 . 2013-06-09 17:53   74832   ----a-w-   c:\windows\SysWow64\mfc110deu.dll
2013-06-09 17:53 . 2013-06-09 17:53   73808   ----a-w-   c:\windows\SysWow64\mfc110esn.dll
2013-06-09 17:53 . 2013-06-09 17:53   72784   ----a-w-   c:\windows\SysWow64\mfc110ita.dll
2013-06-09 17:53 . 2013-06-09 17:53   70736   ----a-w-   c:\windows\SysWow64\mfc110rus.dll
2013-06-09 17:53 . 2013-06-09 17:53   65104   ----a-w-   c:\windows\SysWow64\mfc110enu.dll
2013-06-09 17:53 . 2013-06-09 17:53   53840   ----a-w-   c:\windows\SysWow64\mfc110jpn.dll
2013-06-09 17:53 . 2013-06-09 17:53   53328   ----a-w-   c:\windows\SysWow64\mfc110kor.dll
2013-06-09 17:53 . 2013-06-09 17:53   46160   ----a-w-   c:\windows\SysWow64\mfc110cht.dll
2013-06-09 17:53 . 2013-06-09 17:53   46160   ----a-w-   c:\windows\SysWow64\mfc110chs.dll
2013-06-09 17:53 . 2013-06-09 17:53   4456520   ----a-w-   c:\windows\SysWow64\mfc110u.dll
2013-06-09 17:53 . 2013-06-09 17:53   4421192   ----a-w-   c:\windows\SysWow64\mfc110.dll
2013-06-09 17:53 . 2013-06-09 17:53   164424   ----a-w-   c:\windows\SysWow64\atl110.dll
2013-06-09 13:59 . 2013-06-09 13:59   90192   ----a-w-   c:\windows\system32\mfcm110u.dll
2013-06-09 13:59 . 2013-06-09 13:59   90184   ----a-w-   c:\windows\system32\mfcm110.dll
2013-06-09 13:59 . 2013-06-09 13:59   74832   ----a-w-   c:\windows\system32\mfc110fra.dll
2013-06-09 13:59 . 2013-06-09 13:59   74832   ----a-w-   c:\windows\system32\mfc110deu.dll
2013-06-09 13:59 . 2013-06-09 13:59   73808   ----a-w-   c:\windows\system32\mfc110esn.dll
2013-06-09 13:59 . 2013-06-09 13:59   72784   ----a-w-   c:\windows\system32\mfc110ita.dll
2013-06-09 13:59 . 2013-06-09 13:59   70736   ----a-w-   c:\windows\system32\mfc110rus.dll
2013-06-09 13:59 . 2013-06-09 13:59   65104   ----a-w-   c:\windows\system32\mfc110enu.dll
2013-06-09 13:59 . 2013-06-09 13:59   5619784   ----a-w-   c:\windows\system32\mfc110u.dll
2013-06-09 13:59 . 2013-06-09 13:59   5592648   ----a-w-   c:\windows\system32\mfc110.dll
2013-06-09 13:59 . 2013-06-09 13:59   53840   ----a-w-   c:\windows\system32\mfc110jpn.dll
2013-06-09 13:59 . 2013-06-09 13:59   53328   ----a-w-   c:\windows\system32\mfc110kor.dll
2013-06-09 13:59 . 2013-06-09 13:59   46160   ----a-w-   c:\windows\system32\mfc110cht.dll
2013-06-09 13:59 . 2013-06-09 13:59   46160   ----a-w-   c:\windows\system32\mfc110chs.dll
2013-06-09 13:59 . 2013-06-09 13:59   192584   ----a-w-   c:\windows\system32\atl110.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\A\AppData\Roaming\uTorrent\uTorrent.exe" [2013-08-12 1130576]
"LAN Messenger"="c:\users\A\Desktop\lmc-1.2.35-win32\lmc.exe" [2012-07-24 1721344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11 20:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com

FF - ExtSQL: 2013-08-11 22:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-11 22:04; adblockpopups@jessehakanen.net; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-08-11 22:05; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-08-11 22:07; {76C80A11-FAD4-406c-8246-F5ED4F9367B5}; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
FF - ExtSQL: 2013-08-11 22:08; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF - ExtSQL: 2013-08-11 22:10; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-08-11 22:12; TFToolbarX@torrent-finder; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\TFToolbarX@torrent-finder.xpi
FF - ExtSQL: 2013-08-11 22:12; en-US@dictionaries.addons.mozilla.org; c:\users\A\AppData\Roaming\Mozilla\Firefox\Profiles\0a6ubgx9.default\extensions\en-US@dictionaries.addons.mozilla.org
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\gog games\Papers
AddRemove-{37C14146-B1C0-0988-BEC3-E2A874ABE7C4} - c:\progra~3\INSTAL~1\{9A27C~1\Setup.exe
AddRemove-{3A1B9A4B-FE1F-BE71-7CA5-6E95994E9E0F} - c:\progra~3\INSTAL~1\{BC53E~1\Setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-09-05 10:08:52
ComboFix-quarantined-files.txt 2013-09-05 08:08
.
Pre-Run: 76.493.029.376 bytes beschikbaar
Post-Run: 76.437.958.656 bytes beschikbaar
.
- - End Of File - - BCC79E4878A918AA426CB8FFB7079861
A36C5E4F47E84449FF07ED3517B43A31

Psychotic · September 5, 2013

Full System Scan with Malwarebytes Antimalware

If not existing, please download

Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

Run Malwarebytes Antimalware
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Post that log back here.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Artea · September 5, 2013

Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
A :: A-PC [administrator]

5-9-2013 11:26:54
mbam-log-2013-09-05 (11-26-54).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 392312
Time elapsed: 1 hour(s), 5 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\A\Documents\Installation files\Essentials\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Qoobox\Quarantine\C\Users\A\AppData\Roaming\Mining\coin-miner.exe.vir (Trojan.BitMiner) -> Quarantined and deleted successfully.
C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I590B7T9\Microsoft01[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\A\AppData\Roaming\Mining\Microsoft.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

(end)

Eset:

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Packard Bell Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe   a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Users\A\Documents\Installation files\Diversen\Anti-virus\Unlocker1.9.1.exe   multiple threats
C:\Users\A\Documents\Installation files\Diversen\Graphics card\Utilities\cpu-z_1.60-setup-en.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\A\Documents\Installation files\Diversen\Graphics card\Utilities\DriverSweeper_3.2.0.exe   Win32/OpenCandy application
C:\Users\A\Documents\Installation files\Diversen\Graphics card\Utilities\driver_fusion_1.2.0.exe   Win32/OpenCandy application
C:\Users\A\Documents\Installation files\Diversen\Graphics card\Utilities\hwmonitor_1.19-setup.exe   a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\A\Documents\Installation files\Essentials\DTLite4454-0315.exe   Win32/OpenCandy application

Psychotic · September 5, 2013

The files ESET found aren´t malware but contain security risks. I would delete them immediately - your choice.

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

Save it to your desktop, start it and follow the instructions in the window.
After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Artea · September 5, 2013

I'll keep them. I've been using them for years without any problems.

adwCleaner:

# AdwCleaner v3.002 - Report created 05/09/2013 at 16:56:56
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : A - A-PC
# Running from : C:\Users\A\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (nl)

[ File : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\0a6ubgx9.default\prefs.js ]

*************************

AdwCleaner[R3].txt - [754 octets] - [05/09/2013 16:53:57]
AdwCleaner[s3].txt - [676 octets] - [05/09/2013 16:56:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [735 octets] ##########

SecurityCheck:

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

It says Windows Security Center is not running, which is indeed inaccurate.

Artea · September 5, 2013

Sorry for the double post, but it's been a while. Was that the last step? If so, thanks a lot for your help.

Psychotic · September 6, 2013

Your system is clean now!

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
Run setup and follow the instructions.
Click upon Start-->control panel-->add/remove programs.
Search for and remove any older reader versions.

Uninstall our tools using delfix

Please follow these steps in order:

In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
In any case please download delfix to your desktop.
- Close all other programms and start delfix.
- Please check all the boxes and run the tool.
- delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

How to protect yourself

System Updates
Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Windows XP | Windows Vista |
Windows 7 | windows 8
Protection
What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
Up to date Software
Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
- Secunia Online Software Inspector - Checks if your software has updates available.
- Filehippo Update Checkere - This tool also scans your computer for outdated software.
- Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
[*] Backups
There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

AdvancedSetup · September 11, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Coin-miner

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information