"lsm.exe" uses 50% CPU when running

InternetDude · September 26, 2013

Hello!

Im having trouble with my computer: Sometimes a process called "lsm.exe" (With "L", not "capital i") runs all alone. When this happens, the CPU usage goes skyrocket and the temperatures of my components do th same. After forcing it to finish, everything goes back to normal. Sometimes it appears with another names, but the effects are exactly the same. "-12361234.exe" is one of the names. (Notice that the actual name is not this one, is just some numbers with a "-").

Thanks for your time and help!

Here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2

Run by Xalo at 17:01:42 on 2013-09-26

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.8153.4719 [GMT 2:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Java\jre7\bin\javaw.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Gaming Mouse\Monitor.EXE

C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Gaming Mouse\OSD.exe

C:\Program Files (x86)\Gaming Mouse\Applets\CpuRam.exe

C:\Program Files (x86)\Gaming Mouse\Applets\EmailPOP3.EXE

C:\Program Files (x86)\Gaming Mouse\Applets\OSDSkype.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Gaming Mouse\Applets\OSDMSN.EXE

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\SpeedFan\speedfan.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [LocalSessionManager] "C:\Users\Xalo\AppData\Roaming\lsm.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sysXboot] "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Xalo\AppData\Local\Temp\sysXboot7798110488473582857.jar"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Gaming Mouse Driver] "C:\Program Files (x86)\Gaming Mouse\Monitor.EXE"

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 87.216.1.65 87.216.1.66

TCP: Interfaces\{61365D26-C58D-4EC2-97FC-6A043E5A01A1} : DHCPNameServer = 87.216.1.65 87.216.1.66

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Xalo\AppData\Roaming\Mozilla\Firefox\Profiles\tjfjxfqy.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-9-10 9216]

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-8-7 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-8-7 42624]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-8-7 22680]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-31 283064]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-11 14997280]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-8-7 46136]

R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-19 39200]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-7 565352]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-8-7 56448]

S2 BrowserDefendert;BrowserDefendert;C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe --> C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-8-29 137336]

S3 GPCIDrv;GPCIDrv;C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-2-4 14376]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-10 19456]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-8-10 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-10 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-10 30208]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]

S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-7 1255736]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-8-10 14544]

.

=============== Created Last 30 ================

.

2013-09-26 14:44:37 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{847E4F5C-F4E9-46B3-977E-1EA2675528E3}\offreg.dll

2013-09-26 14:10:02 -------- d-----w- C:\Users\Xalo\AppData\Local\Mozilla

2013-09-25 16:31:47 1065984 ----a-w- C:\Users\Xalo\AppData\Roaming\lsm.exe

2013-09-25 14:50:01 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{847E4F5C-F4E9-46B3-977E-1EA2675528E3}\mpengine.dll

2013-09-22 01:07:08 -------- d-----w- C:\Users\Xalo\AppData\Roaming\Tropico 4

2013-09-22 00:36:31 -------- d-----w- C:\Users\Xalo\AppData\Roaming\Kalypso Media

2013-09-22 00:31:38 -------- d-----w- C:\Program Files (x86)\Kalypso Media

2013-09-19 15:33:38 -------- d-----w- C:\Users\Xalo\AppData\Local\WinZip

2013-09-19 15:17:31 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys

2013-09-19 15:17:31 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll

2013-09-15 20:42:34 -------- d-----w- C:\Users\Xalo\AppData\Roaming\OpenOffice.org

2013-09-15 20:40:56 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2013-09-15 20:23:00 -------- d-----w- C:\Users\Xalo\AppData\Local\Adobe

2013-09-15 16:00:37 -------- d-----w- C:\Users\Xalo\AppData\Local\Gas Powered Games

2013-09-15 15:52:20 -------- d--h--w- C:\Windows\msdownld.tmp

2013-09-15 15:52:18 -------- d-----w- C:\Windows\SysWow64\directx

2013-09-15 15:50:33 -------- d-----w- C:\Program Files (x86)\Supreme Commander 2

2013-09-15 08:28:20 -------- d-----w- C:\ProgramData\Rockstar Games

2013-09-15 08:28:20 -------- d-----w- C:\Program Files (x86)\Rockstar Games

2013-09-15 07:42:39 -------- d-----w- C:\Program Files (x86)\Nordic Games

2013-09-12 21:35:40 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-09-11 23:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2013-09-10 12:52:36 -------- d-----w- C:\Users\Xalo\AppData\Roaming\SPORE

2013-09-10 11:23:22 -------- d-----w- C:\ProgramData\Steam

2013-09-10 10:31:45 -------- d-----w- C:\Program Files (x86)\Company of Heroes 2

2013-09-10 09:09:30 -------- d-----w- C:\Program Files (x86)\dlc

2013-09-10 07:26:28 -------- d-----w- C:\Users\Xalo\AppData\Local\Chromium

2013-09-09 22:36:50 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2013-09-09 22:35:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-09 22:32:59 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2013-09-09 22:32:48 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios

2013-09-09 21:57:38 -------- d-----w- C:\Program Files (x86)\Lavalys

2013-09-09 21:57:18 -------- d-----w- C:\ProgramData\DSearchLink

2013-09-09 17:02:36 25640 ----a-w- C:\Windows\gdrv.sys

2013-09-09 16:42:42 -------- d-----w- C:\Program Files\CPUID

2013-09-04 13:31:38 -------- d-----w- C:\Users\Xalo\AppData\Local\ElevatedDiagnostics

2013-09-03 23:17:49 -------- d-----w- C:\Users\Xalo\AppData\Local\FLT

2013-09-03 22:54:33 -------- d-----w- C:\Program Files (x86)\XCOM Enemy Unknown

2013-09-03 13:56:58 503808 ----a-w- C:\Windows\SysWow64\MSVCP71.dll

2013-09-03 13:56:58 40960 ----a-r- C:\Windows\SysWow64\psfind.dll

2013-09-03 13:56:58 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2013-09-03 13:54:10 -------- d-----w- C:\Program Files (x86)\THQ

2013-09-01 20:40:27 -------- d-----w- C:\Users\Xalo\AppData\Local\Introversion

2013-08-31 08:41:24 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-08-31 08:41:21 -------- d-----w- C:\Users\Xalo\AppData\Roaming\DAEMON Tools Lite

2013-08-31 08:41:20 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2013-08-31 08:37:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2013-08-30 01:49:00 -------- d-----w- C:\ProgramData\UAB

2013-08-30 01:48:56 -------- d-----w- C:\Users\Xalo\AppData\Local\PC_Drivers_Headquarters

2013-08-30 01:46:32 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters

2013-08-30 01:44:56 -------- d-----w- C:\ProgramData\APN

2013-08-29 20:46:40 -------- d-----w- C:\Users\Xalo\AppData\Roaming\Natural Selection 2

2013-08-29 16:51:42 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks

2013-08-29 02:02:43 -------- d-----w- C:\Users\Xalo\AppData\Local\Futuremark

2013-08-29 02:02:40 -------- d-----w- C:\Users\Xalo\AppData\Local\IsolatedStorage

2013-08-29 02:01:45 -------- d-----w- C:\Program Files (x86)\Futuremark

2013-08-29 02:00:53 -------- d-----w- C:\Program Files\Futuremark

2013-08-29 01:06:07 -------- d-----w- C:\Program Files (x86)\Gone Home

.

==================== Find3M ====================

.

2013-09-19 14:37:10 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-09-19 14:37:10 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-09-18 17:20:33 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll

2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-09-12 07:25:40 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll

2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-08-20 13:32:58 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll

2013-08-11 08:51:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-08-08 19:16:02 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-08-08 19:16:01 972712 ----a-w- C:\Windows\System32\deployJava1.dll

2013-08-08 19:16:01 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-07 00:43:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-07 00:43:21 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-07 00:43:21 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-08-07 00:30:07 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 17:01:50,81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 07/08/2013 0:42:53

System Uptime: 26/09/2013 15:43:49 (2 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | 990XA-UD3

Processor: AMD FX-8150 Eight-Core Processor | CPU 1 | 3600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 500 GiB total, 70,544 GiB free.

D: is FIXED (NTFS) - 432 GiB total, 431,411 GiB free.

E: is CDROM ()

F: is CDROM (UDF)

G: is FIXED (NTFS) - 466 GiB total, 58,525 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controladora de bus serie universal(USB)

Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&22A3F64&0&0050

Manufacturer:

Name: Controladora de bus serie universal(USB)

PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&22A3F64&0&0050

Service:

.

Class GUID:

Description: Controladora de bus serie universal(USB)

Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&37E5E774&0&0020

Manufacturer:

Name: Controladora de bus serie universal(USB)

PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&37E5E774&0&0020

Service:

.

==== System Restore Points ===================

.

RP69: 19/09/2013 17:26:38 - Quitado WinZip 17.5

RP70: 19/09/2013 17:31:20 - Installed WinZip 17.0

RP71: 22/09/2013 2:32:32 - Se ha instalado DirectX

RP72: 22/09/2013 3:03:00 - Se ha instalado DirectX

RP73: 23/09/2013 2:58:52 - Windows Update

.

==== Installed Programs ======================

.

@BIOS

1.0 Repack By Mrpiano

3DMark

Actualización de NVIDIA 8.3.14

Adobe Flash Player 10 Plugin

Adobe Reader XI (11.0.04) - Español

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

Call of Juarez Gunslinger © Ubisoft version 1

Catalyst Control Center

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chivalry: Medieval Warfare

Company of Heroes 2

Company of Heroes Singleplayer Demo

Counter-Strike: Global Offensive

DAEMON Tools Lite

Dishonored

Dolby Home Theater v4

Dota 2

EVEREST Ultimate Edition v4.60

Far Cry 3

Fraps

Futuremark SystemInfo

Gaming Mouse Driver

Garry's Mod

GeForce Experience NvStream Client Components

GIGABYTE OC_GURU II

Gone Home 1.00

Google Chrome

Google Update Helper

Hi-Rez Studios Authenticate and Update Service

Hotline Miami

Java 7 Update 25

Java 7 Update 25 (64-bit)

Java Auto Updater

Java 6 Update 22

Left 4 Dead 2

Malwarebytes Anti-Malware versión 1.75.0.1300

Max Payne 3

Metro: Last Light

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 24.0 (x86 en-US)

Mozilla Maintenance Service

Natural Selection 2

NVIDIA Controlador de 3D Vision 327.23

NVIDIA Controlador de audio HD 1.3.26.4

NVIDIA Controlador de gráficos 327.23

NVIDIA Controlador de la controladora 3D Vision 326.01

NVIDIA GeForce Experience 1.6.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Software del sistema PhysX 9.13.0725

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

NVIDIA Virtual Audio 1.2.5

ON_OFF Charge B12.1025.1

OpenOffice.org 3.3

Painkiller Hell and Damnation

Panel de control de NVIDIA 327.23

Papers, Please

Prison Architect

PunkBuster Services

Razer Game Booster

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Reus 1.0

Rockstar Games Social Club

S.T.A.L.K.E.R. - Call of Pripyat

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

SHIELD Streaming

SpeedFan (remove only)

SPORE

Steam

Team Fortress 2

Titan Quest

Titan Quest Immortal Throne

Torchlight II

Tribes: Ascend

Tropico 4 1.00

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Uplink

WinZip 17.0

XCOM: Enemy Unknown

Zip Opener Packages

.

==== Event Viewer Messages From Past Week ========

.

26/09/2013 17:01:00, Error: Service Control Manager [7000] - El servicio BrowserDefendert no pudo iniciarse debido al siguiente error: El sistema no puede encontrar el archivo especificado.

25/09/2013 7:13:55, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

25/09/2013 23:16:59, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

25/09/2013 18:06:12, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

25/09/2013 0:13:45, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

24/09/2013 15:04:49, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Steam Client Service.

24/09/2013 15:04:49, Error: Service Control Manager [7000] - El servicio Steam Client Service no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.

23/09/2013 3:25:50, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

23/09/2013 15:55:16, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

22/09/2013 4:10:40, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

21/09/2013 3:12:07, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 6:58:30, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 22:03:29, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 16:07:28, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}

20/09/2013 16:07:28, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

20/09/2013 16:07:27, Error: Service Control Manager [7001] - El servicio Servicio de lista de redes depende del servicio Reconocimiento de ubicación de red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:27, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "" para ejecutar el servidor: {A47979D2-C419-11D9-A5B4-001185AD2B89}

20/09/2013 16:07:27, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netman con argumentos "" para ejecutar el servidor: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

20/09/2013 16:07:26, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

20/09/2013 16:07:20, Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}

20/09/2013 16:07:10, Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: AFD AppleCharger CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Servicio Interfaz de almacenamiento en red depende del servicio NSI proxy service driver., el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos conectados al sistema no funciona.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Reconocimiento de ubicación de red depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Minirredirector SMB 2.0 depende del servicio Contenedor y motor de minirredirector SMB, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Minirredirector SMB 1.x depende del servicio Contenedor y motor de minirredirector SMB, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Estación de trabajo depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Contenedor y motor de minirredirector SMB depende del servicio Subsistema de almacenamiento en búfer redirigido, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos conectados al sistema no funciona.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Cliente DNS depende del servicio Controlador de soporte TDI heredado NetIO, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos conectados al sistema no funciona.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Cliente DHCP depende del servicio Ancillary Function Driver for Winsock, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos conectados al sistema no funciona.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Aplicación auxiliar IP depende del servicio Servicio Interfaz de almacenamiento en red, el cual no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio o grupo de dependencia.

20/09/2013 16:07:10, Error: Service Control Manager [7001] - El servicio Aplicación auxiliar de NetBIOS sobre TCP/IP depende del servicio Ancillary Function Driver for Winsock, el cual no pudo iniciarse debido al siguiente error: Uno de los dispositivos conectados al sistema no funciona.

20/09/2013 16:06:13, Error: Service Control Manager [7023] - El servicio Servidor se cerró con el siguiente error: No se ha iniciado el servicio.

20/09/2013 16:06:13, Error: Service Control Manager [7023] - El servicio Examinador de equipos se cerró con el siguiente error: Se está cerrando el sistema.

20/09/2013 16:06:12, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM no ha podido iniciar el TCP/IP o el subproceso de escucha

20/09/2013 16:06:11, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 16:05:20, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 14:27:44, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

20/09/2013 14:21:34, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

19/09/2013 19:22:38, Error: Service Control Manager [7034] - El servicio AMD FUEL Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

.

==== End Of File ===========================

gringo_pr · September 26, 2013

Hello InternetDude

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

InternetDude · September 26, 2013

Done:

# AdwCleaner v3.005 - Reporte Creado 26/09/2013 en 17:25:42

# Actualizado 22/09/2013 por Xplode

# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)

# Nombre de usuario : Xalo - PC1337KILLER360

# Ejecutado desde : C:\Users\Xalo\Desktop\Anti malware tools\AdwCleaner.exe

# Opción : Limpiar

***** [ Servicios ] *****

[#] Servicio Borrar : BrowserDefendert

***** [ Archivos / Carpetas ] *****

Carpeta Borrar : C:\ProgramData\apn

Carpeta Borrar : C:\ProgramData\Babylon

Carpeta Borrar : C:\ProgramData\BrowserDefender

Carpeta Borrar : C:\ProgramData\DSearchLink

Carpeta Borrar : C:\ProgramData\eSafe

Carpeta Borrar : C:\Users\Xalo\AppData\Roaming\digitalsite

Carpeta Borrar : C:\Users\Xalo\AppData\Roaming\eIntaller

Carpeta Borrar : C:\Users\Xalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

Archivo Borrar : C:\Windows\System32\Tasks\BrowserDefendert

***** [ Accesos directos ] *****

Acceso directo Desinfectado : C:\Users\Xalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Acceso directo Desinfectado : C:\Users\Xalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Acceso directo Desinfectado : C:\Users\Xalo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\Classes\Prod.cap

Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Clave Borrar : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Clave Borrar : HKCU\Software\853db8fe73be817

Clave Borrar : HKLM\SOFTWARE\853db8fe73be817

Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clave Borrar : HKCU\Software\dsiteproducts

Clave Borrar : HKCU\Software\Softonic

Clave Borrar : HKLM\Software\DataMngr

Clave Borrar : HKLM\Software\eSafeSecControl

Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Clave Borrar : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (en-US)

[ Archivo : C:\Users\Xalo\AppData\Roaming\Mozilla\Firefox\Profiles\tjfjxfqy.default\prefs.js ]

-\\ Google Chrome v29.0.1547.76

[ Archivo : C:\Users\Xalo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4001 octets] - [26/09/2013 17:25:00]

AdwCleaner[s0].txt - [3235 octets] - [26/09/2013 17:25:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3295 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.2 (09.22.2013:1)

OS: Windows 7 Ultimate x64

Ran by Xalo on 26/09/2013 at 17:28:51,19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4077817561-2542389710-4094447064-1000\Software\SweetIM

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\digitalsite.job

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Xalo\AppData\Roaming\zip opener packages"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/09/2013 at 17:33:17,94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

gringo_pr · September 26, 2013

Hello InternetDude

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

InternetDude · September 26, 2013

Damn, I made a mistake and didin't disabled Defender for AdwCleaner and JRT scans. I repeated both and here are the new logs. As you can see there is almost nothing new found, but I prefered to be safe.

# AdwCleaner v3.005 - Reporte Creado 26/09/2013 en 18:08:14

# Actualizado 22/09/2013 por Xplode

# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)

# Nombre de usuario : Xalo - PC1337KILLER360

# Ejecutado desde : C:\Users\Xalo\Desktop\AdwCleaner.exe

# Opción : Limpiar

***** [ Servicios ] *****

***** [ Archivos / Carpetas ] *****

***** [ Accesos directos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v24.0 (en-US)

[ Archivo : C:\Users\Xalo\AppData\Roaming\Mozilla\Firefox\Profiles\tjfjxfqy.default\prefs.js ]

-\\ Google Chrome v29.0.1547.76

[ Archivo : C:\Users\Xalo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4001 octets] - [26/09/2013 17:25:00]

AdwCleaner[R1].txt - [1057 octets] - [26/09/2013 18:07:46]

AdwCleaner[s0].txt - [3383 octets] - [26/09/2013 17:25:42]

AdwCleaner[s1].txt - [978 octets] - [26/09/2013 18:08:14]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1037 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.2 (09.22.2013:1)

OS: Windows 7 Ultimate x64

Ran by Xalo on 26/09/2013 at 18:10:16,79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/09/2013 at 18:14:36,90

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-09-26.03 - Xalo 26/09/2013 18:18:32.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.8153.6630 [GMT 2:00]

Running from: c:\users\Xalo\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Xalo\AppData\Local\Microsoft\Windows\Temporary Internet Files\ApnStub.exe

c:\windows\SysWow64\frapsvid.dll

.

((((((((((((((((((((((((( Files Created from 2013-08-26 to 2013-09-26 )))))))))))))))))))))))))))))))

.

2013-09-26 15:28 . 2013-09-26 15:28 -------- d-----w- c:\windows\ERUNT

2013-09-26 15:24 . 2013-09-26 16:08 -------- d-----w- C:\AdwCleaner

2013-09-26 14:10 . 2013-09-26 14:10 -------- d-----w- c:\users\Xalo\AppData\Local\Mozilla

2013-09-26 14:09 . 2013-09-26 14:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-09-25 14:50 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{847E4F5C-F4E9-46B3-977E-1EA2675528E3}\mpengine.dll

2013-09-22 01:07 . 2013-09-24 16:50 -------- d-----w- c:\users\Xalo\AppData\Roaming\Tropico 4

2013-09-22 00:36 . 2013-09-22 00:36 -------- d-----w- c:\users\Xalo\AppData\Roaming\Kalypso Media

2013-09-22 00:31 . 2013-09-22 01:01 -------- d-----w- c:\program files (x86)\Kalypso Media

2013-09-19 15:33 . 2013-09-19 15:33 -------- d-----w- c:\users\Xalo\AppData\Local\WinZip

2013-09-19 15:32 . 2013-09-19 15:34 -------- d-----w- c:\programdata\WinZip

2013-09-19 15:32 . 2013-09-19 15:32 -------- d-----w- c:\program files\WinZip

2013-09-19 15:30 . 2013-09-19 15:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2013-09-19 15:17 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys

2013-09-19 15:17 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll

2013-09-15 20:42 . 2013-09-15 20:42 -------- d-----w- c:\users\Xalo\AppData\Roaming\OpenOffice.org

2013-09-15 20:40 . 2013-09-15 20:41 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2013-09-15 20:24 . 2013-09-15 20:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-09-15 20:23 . 2013-09-15 20:26 -------- d-----w- c:\users\Xalo\AppData\Local\Adobe

2013-09-15 16:00 . 2013-09-15 16:00 -------- d-----w- c:\users\Xalo\AppData\Local\Gas Powered Games

2013-09-15 15:52 . 2013-09-15 15:52 -------- d--h--w- c:\windows\msdownld.tmp

2013-09-15 15:50 . 2013-09-15 15:55 -------- d-----w- c:\program files (x86)\Supreme Commander 2

2013-09-15 08:28 . 2013-09-15 08:55 -------- d-----w- c:\program files (x86)\Rockstar Games

2013-09-15 08:28 . 2013-09-15 08:28 -------- d-----w- c:\programdata\Rockstar Games

2013-09-15 07:42 . 2013-09-15 07:42 -------- d-----w- c:\program files (x86)\Nordic Games

2013-09-12 21:35 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-09-10 12:52 . 2013-09-10 12:52 -------- d-----w- c:\users\Xalo\AppData\Roaming\SPORE

2013-09-10 12:48 . 2013-09-10 12:48 -------- d-----w- c:\program files (x86)\Electronic Arts

2013-09-10 11:23 . 2013-09-10 11:23 -------- d-----w- c:\programdata\Steam

2013-09-10 10:31 . 2013-09-10 10:38 -------- d-----w- c:\program files (x86)\Company of Heroes 2

2013-09-10 09:09 . 2013-09-10 09:10 -------- d-----w- c:\program files (x86)\dlc

2013-09-10 07:26 . 2013-09-10 07:26 -------- d-----w- c:\users\Xalo\AppData\Local\Chromium

2013-09-09 22:36 . 2013-09-09 22:36 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls

2013-09-09 22:35 . 2013-09-09 22:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-09 22:35 . 2013-09-09 22:35 -------- d-----w- c:\windows\SysWow64\Macromed

2013-09-09 22:32 . 2013-09-09 22:46 -------- d-----w- c:\programdata\Hi-Rez Studios

2013-09-09 22:32 . 2013-09-09 22:33 -------- d-----w- c:\program files (x86)\Hi-Rez Studios

2013-09-09 21:57 . 2013-09-09 21:57 -------- d-----w- c:\program files (x86)\Lavalys

2013-09-09 17:02 . 2013-09-09 17:17 25640 ----a-w- c:\windows\gdrv.sys

2013-09-09 16:42 . 2013-09-09 16:42 -------- d-----w- c:\program files\CPUID

2013-09-04 13:31 . 2013-09-04 13:31 -------- d-----w- c:\users\Xalo\AppData\Local\ElevatedDiagnostics

2013-09-03 23:17 . 2013-09-03 23:17 -------- d-----w- c:\users\Xalo\AppData\Local\FLT

2013-09-03 22:54 . 2013-09-03 22:54 -------- d-----w- c:\program files (x86)\XCOM Enemy Unknown

2013-09-03 13:56 . 2007-01-01 18:03 40960 ----a-r- c:\windows\SysWow64\psfind.dll

2013-09-03 13:56 . 2006-07-11 16:43 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll

2013-09-03 13:56 . 2006-07-11 16:35 503808 ----a-w- c:\windows\SysWow64\MSVCP71.dll

2013-09-03 13:54 . 2013-09-03 14:00 -------- d-----w- c:\program files (x86)\THQ

2013-09-01 20:40 . 2013-09-01 20:40 -------- d-----w- c:\users\Xalo\AppData\Local\Introversion

2013-08-31 08:41 . 2013-08-31 08:41 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-08-31 08:41 . 2013-09-03 13:48 -------- d-----w- c:\users\Xalo\AppData\Roaming\DAEMON Tools Lite

2013-08-31 08:41 . 2013-08-31 08:41 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2013-08-31 08:37 . 2013-08-31 08:42 -------- d-----w- c:\programdata\DAEMON Tools Lite

2013-08-30 01:49 . 2013-08-30 01:49 -------- d-----w- c:\programdata\UAB

2013-08-30 01:48 . 2013-08-30 01:48 -------- d-----w- c:\users\Xalo\AppData\Local\PC_Drivers_Headquarters

2013-08-30 01:46 . 2013-08-30 01:46 -------- d-----w- c:\programdata\PC Drivers HeadQuarters

2013-08-29 20:46 . 2013-08-30 15:27 -------- d-----w- c:\users\Xalo\AppData\Roaming\Natural Selection 2

2013-08-29 16:51 . 2013-08-29 16:51 -------- d-----w- c:\program files (x86)\Bethesda Softworks

2013-08-29 02:02 . 2013-08-29 02:02 -------- d-----w- c:\users\Xalo\AppData\Local\Futuremark

2013-08-29 02:02 . 2013-08-29 02:02 -------- d-----w- c:\users\Xalo\AppData\Local\IsolatedStorage

2013-08-29 02:01 . 2013-08-29 02:01 -------- d-----w- c:\program files (x86)\Futuremark

2013-08-29 02:00 . 2013-08-29 02:00 -------- d-----w- c:\program files\Futuremark

2013-08-29 01:06 . 2013-08-29 01:06 -------- d-----w- c:\program files (x86)\Gone Home

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-19 14:37 . 2013-08-11 08:51 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-09-19 14:37 . 2013-08-09 13:48 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-09-18 17:20 . 2013-08-09 13:44 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-09-13 01:01 . 2013-08-07 01:53 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-09-12 08:58 . 2013-08-11 17:36 15703688 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-09-12 08:58 . 2013-08-11 17:14 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-09-12 08:58 . 2013-08-11 17:14 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-09-12 08:58 . 2013-08-11 17:14 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-09-12 08:58 . 2013-08-11 17:14 2986672 ----a-w- c:\windows\system32\nvapi64.dll

2013-09-12 08:58 . 2013-08-11 17:14 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-09-12 07:25 . 2013-08-11 17:16 6599968 ----a-w- c:\windows\system32\nvcpl.dll

2013-09-12 07:25 . 2013-08-11 17:16 3452192 ----a-w- c:\windows\system32\nvsvc64.dll

2013-09-12 07:25 . 2013-08-11 17:16 920864 ----a-w- c:\windows\system32\nvvsvc.exe

2013-09-12 07:25 . 2013-08-11 17:16 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-09-12 07:25 . 2013-08-11 17:16 2559776 ----a-w- c:\windows\system32\nvsvcr.dll

2013-09-12 07:25 . 2013-08-11 17:16 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-09-11 22:06 . 2013-08-11 17:16 3361114 ----a-w- c:\windows\system32\nvcoproc.bin

2013-08-20 13:32 . 2013-08-11 17:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll

2013-08-11 08:51 . 2013-08-11 08:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-08-08 19:28 . 2013-08-08 19:28 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin

2013-08-08 19:16 . 2013-08-08 19:16 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-08-08 19:16 . 2013-08-08 19:16 972712 ----a-w- c:\windows\system32\deployJava1.dll

2013-08-08 19:16 . 2013-08-08 19:16 312232 ----a-w- c:\windows\system32\javaws.exe

2013-08-08 19:16 . 2013-08-08 19:16 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-08-08 19:16 . 2013-08-08 19:16 189352 ----a-w- c:\windows\system32\javaw.exe

2013-08-08 19:16 . 2013-08-08 19:16 188840 ----a-w- c:\windows\system32\java.exe

2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-07 00:43 . 2013-08-07 00:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-07 00:43 . 2013-08-07 00:43 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-08-07 00:43 . 2013-08-07 00:43 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-08-07 00:31 . 2013-08-07 00:31 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-08-07 00:31 . 2013-08-07 00:31 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-08-07 00:31 . 2013-08-07 00:31 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-08-07 00:31 . 2013-08-07 00:31 81408 ----a-w- c:\windows\system32\icardie.dll

2013-08-07 00:31 . 2013-08-07 00:31 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-08-07 00:31 . 2013-08-07 00:31 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-08-07 00:31 . 2013-08-07 00:31 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-07 00:31 . 2013-08-07 00:31 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-08-07 00:31 . 2013-08-07 00:31 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-08-07 00:31 . 2013-08-07 00:31 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-08-07 00:31 . 2013-08-07 00:31 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-08-07 00:31 . 2013-08-07 00:31 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-08-07 00:31 . 2013-08-07 00:31 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-08-07 00:31 . 2013-08-07 00:31 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-08-07 00:31 . 2013-08-07 00:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-08-07 00:31 . 2013-08-07 00:31 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-08-07 00:31 . 2013-08-07 00:31 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-08-07 00:31 . 2013-08-07 00:31 441856 ----a-w- c:\windows\system32\html.iec

2013-08-07 00:31 . 2013-08-07 00:31 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-08-07 00:31 . 2013-08-07 00:31 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-08-07 00:31 . 2013-08-07 00:31 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-08-07 00:31 . 2013-08-07 00:31 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-08-07 00:31 . 2013-08-07 00:31 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-08-07 00:31 . 2013-08-07 00:31 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-08-07 00:31 . 2013-08-07 00:31 235008 ----a-w- c:\windows\system32\url.dll

2013-08-07 00:31 . 2013-08-07 00:31 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-08-07 00:31 . 2013-08-07 00:31 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-08-07 00:31 . 2013-08-07 00:31 216064 ----a-w- c:\windows\system32\msls31.dll

2013-08-07 00:31 . 2013-08-07 00:31 197120 ----a-w- c:\windows\system32\msrating.dll

2013-08-07 00:31 . 2013-08-07 00:31 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-08-07 00:31 . 2013-08-07 00:31 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-07 00:31 . 2013-08-07 00:31 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-08-07 00:31 . 2013-08-07 00:31 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-08-07 00:31 . 2013-08-07 00:31 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-07 00:31 . 2013-08-07 00:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-08-07 00:31 . 2013-08-07 00:31 149504 ----a-w- c:\windows\system32\occache.dll

2013-08-07 00:31 . 2013-08-07 00:31 144896 ----a-w- c:\windows\system32\wextract.exe

2013-08-07 00:31 . 2013-08-07 00:31 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-08-07 00:31 . 2013-08-07 00:31 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-08-07 00:31 . 2013-08-07 00:31 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-08-07 00:31 . 2013-08-07 00:31 13824 ----a-w- c:\windows\system32\mshta.exe

2013-08-07 00:31 . 2013-08-07 00:31 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-08-07 00:31 . 2013-08-07 00:31 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-08-07 00:31 . 2013-08-07 00:31 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-08-07 00:31 . 2013-08-07 00:31 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-08-07 00:31 . 2013-08-07 00:31 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-08-07 00:31 . 2013-08-07 00:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-08-07 00:31 . 2013-08-07 00:31 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-07 00:31 . 2013-08-07 00:31 102912 ----a-w- c:\windows\system32\inseng.dll

2013-08-07 00:30 . 2013-08-07 00:30 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-08-07 00:30 . 2013-08-07 00:30 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-08-07 00:30 . 2013-08-07 00:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-08-07 00:30 . 2013-08-07 00:30 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-08-07 00:30 . 2013-08-07 00:30 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-08-07 00:30 . 2013-08-07 00:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-08-07 00:30 . 2013-08-07 00:30 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-07 00:30 . 2013-08-07 00:30 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-08-07 00:30 . 2013-08-07 00:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-07 00:30 . 2013-08-07 00:30 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-08-07 00:30 . 2013-08-07 00:30 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-08-07 00:30 . 2013-08-07 00:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-21 1814440]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]

"sysXboot"="c:\program files\Java\jre7\bin\javaw.exe" [2013-08-08 189352]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"Gaming Mouse Driver"="c:\program files (x86)\Gaming Mouse\Monitor.EXE" [2011-09-09 200704]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-04-23 508256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GIGABYTE OC_GURU.lnk - c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2013-5-22 21946368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]

R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-21 18:01 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 22:50]

.

2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 22:50]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 87.216.1.65 87.216.1.66

FF - ProfilePath - c:\users\Xalo\AppData\Roaming\Mozilla\Firefox\Profiles\tjfjxfqy.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-LocalSessionManager - c:\users\Xalo\AppData\Roaming\lsm.exe

AddRemove-GOGPACKPAPERSPLEASE_is1 - c:\users\Xalo\Desktop\juegos\papersplease\Papers

AddRemove-Reus 1.0 - c:\users\Xalo\Desktop\juegos\Reus\Uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-26 18:24:48

ComboFix-quarantined-files.txt 2013-09-26 16:24

.

Pre-Run: 83.770.621.952 bytes libres

Post-Run: 84.042.059.776 bytes libres

.

- - End Of File - - 0DBB3592D37AAFBEA1FE46E503B897A0

A36C5E4F47E84449FF07ED3517B43A31

No problems during the scans.
The cumputer is running fine, the lsm.exe process is not appearing... but it starts all alone and when he wants, so I can't know if it has been removed yet. Only some time will tell. Oh, and the temperatures are some degrees lower!
Thanks for your help Gringo! Let me know if some other scans are needded, please.

gringo_pr · September 26, 2013

Hello InternetDude

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?

Gringo

InternetDude · September 27, 2013

ComboFix 13-09-26.03 - Xalo 27/09/2013 19:45:25.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.8153.6209 [GMT 2:00]

Running from: c:\users\Xalo\Desktop\Anti malware tools\ComboFix.exe

Command switches used :: c:\users\Xalo\Desktop\Anti malware tools\CFScript.txt.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2013-08-27 to 2013-09-27 )))))))))))))))))))))))))))))))

.

2013-09-27 17:49 . 2013-09-27 17:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-09-27 17:49 . 2013-09-27 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-27 17:44 . 2013-09-27 17:44 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{847E4F5C-F4E9-46B3-977E-1EA2675528E3}\offreg.dll

2013-09-26 15:28 . 2013-09-26 15:28 -------- d-----w- c:\windows\ERUNT

2013-09-26 15:24 . 2013-09-26 16:08 -------- d-----w- C:\AdwCleaner

2013-09-26 14:10 . 2013-09-26 14:10 -------- d-----w- c:\users\Xalo\AppData\Local\Mozilla

2013-09-26 14:09 . 2013-09-26 14:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-09-25 14:50 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{847E4F5C-F4E9-46B3-977E-1EA2675528E3}\mpengine.dll

2013-09-22 01:07 . 2013-09-27 14:55 -------- d-----w- c:\users\Xalo\AppData\Roaming\Tropico 4