Jump to content

TimeServer.exe I need help to remove infection


Recommended Posts

Hello,

 

I start this topic because I have a quite similar problem to this one:

http://forums.malwarebytes.org/index.php?showtopic=128536

 

I have followed the steps indicated at that post, until I have reached a point where there is something different in my case.

The initial things are exactly the same. I think the process is infected by a bitcoin miner. It uses my computer resources and especially the graphic card. This results in a higher fan speed in a try to reduce the CPU temperature (that can go higher than 75ºC) and the impossibility to run games.

Usually it takes about 13% of the CPU, but last time I restarted the computer it took 99% and the CPU fan almost got crazy trying to reduce the temperature, so I had to end the process, which reduced the fan speed and the temperature drasticly. However, the graphic card is not working properly, as for example when I try to run the game Age of Empires it says my graphic card is 0 Mb, and a message appears suggesting me not to start the game.

 

As I said, I followed the steps shown on that topic, but something strange happens in my case. When I make an scan with RogueKillerX64, it kills timeserver.exe. I don't know why, but just running the scan, the program kills that process. Here it is the report that I get after the analysis:

 

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alberto [Admin rights]
Mode : Scan -- Date : 07/17/2013 10:33:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 3 ¤¤¤
[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> KILLED [TermProc]
[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> KILLED [TermProc]
[sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[FF][PROXY] nblqtdcg.default : user_pref("network.proxy.hxxp", "184.22.244.81"); -> FOUND
[FF][PROXY] nblqtdcg.default : user_pref("network.proxy.hxxp_port", 3128); -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 58b4188d1c9bd277f579ce5ce15a9836
[bSP] e95656edf98568fdb63cfc231792f95b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 206848 | Size: 19024 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 39168000 | Size: 381546 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 820574244 | Size: 553196 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07172013_103318.txt >>
RKreport[0]_S_07172013_103155.txt
 
---------------------------------------------------------------------
 
As I can see, it similar to the one on the post, but here next to the processes it says "KILLED" instead of "BEEINDIGD".
Can anyone help me with this problem and assist me in removing the infection?
Thanks in advance
 
Link to post
Share on other sites

Hello samiljak and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello,

First of all, thank you very much for your almost instant answer.

Here it is what I got in DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Alberto at 17:32:44 on 2013-07-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.34.3082.18.7884.5259 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\windows\SysWow64\IntelCpHeciSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\Alberto\AppData\Local\Akamai\netsession_win.exe"                                                                                                                                                                                                               
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino de vínculo a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convertir a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 62.42.230.24 62.42.63.52
TCP: Interfaces\{2D038650-7557-4AB3-A3D4-174E55595084} : DHCPNameServer = 62.42.230.24 62.42.63.52
TCP: Interfaces\{2E94D4DD-0C11-4271-A4DE-6C7D258D3CFB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2E94D4DD-0C11-4271-A4DE-6C7D258D3CFB}\255444F534143514 : DHCPNameServer = 62.42.230.24 62.42.63.52
TCP: Interfaces\{2E94D4DD-0C11-4271-A4DE-6C7D258D3CFB}\84162696471636963C3BE6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A91EA7B1-62CF-40AC-85C1-E6531A44A1F7} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: adobe air application installer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: asusinstaller (1).exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: asusinstaller.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: nvstview.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - LocalServer32 - <no file>
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - LocalServer32 - <no file>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: adobe air application installer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: asusinstaller (1).exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: asusinstaller.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: nvstview.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-20 189936]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-22 16152]
R0 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2012-2-9 293416]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-12-23 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-12-23 378944]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-2-22 918448]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2012-2-22 950912]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-22 586880]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-12-23 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-12-23 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-9 46808]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-2-22 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-23 701512]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-10-8 2365792]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-17 169752]
R3 IntcDAud;Sonido Intel® para pantallas;C:\windows\System32\drivers\IntcDAud.sys [2013-3-19 442368]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-22 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-22 786200]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]
R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-23 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-7-16 838216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Time;Time;C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [2013-7-15 10752]
S3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2012-2-9 129000]
S3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2012-2-9 394216]
S3 HWHandSet;HWUSBSERSP;C:\windows\System32\drivers\hw_quusbmdm.sys [2013-4-3 223232]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2012-2-9 1488448]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-2-9 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-2-9 181248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-28 19456]
S3 Rockusb;Driver for Rockusb Device;C:\windows\System32\drivers\rockusb.sys [2013-6-15 65688]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\windows\System32\drivers\taphss6.sys [2013-1-20 42184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2012-12-23 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2071-07-25 07:13:30 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-07-17 14:10:25 -------- d-----w- C:\Users\Alberto\AppData\Local\Intel_Corporation
2013-07-16 16:46:25 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCC6F203-73B1-4FA5-83AD-A726B31BC57A}\offreg.dll
2013-07-16 16:19:37 -------- d-----w- C:\ProgramData\AmUStor
2013-07-16 16:19:37 -------- d-----w- C:\Program Files (x86)\AmIcoSingLun
2013-07-16 16:19:30 -------- d-----w- C:\Users\Alberto\AppData\Local\Logitech® Webcam Software
2013-07-16 16:16:13 53248 ----a-r- C:\Users\Alberto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-16 16:09:02 -------- d-----w- C:\Users\Alberto\AppData\Local\Logishrd
2013-07-16 16:04:14 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DCC6F203-73B1-4FA5-83AD-A726B31BC57A}\mpengine.dll
2013-07-16 15:58:32 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-16 15:56:26 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-16 15:56:26 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-07-16 15:45:17 -------- d-----w- C:\windows\SysWow64\RTCOM
2013-07-16 15:45:17 -------- d-----w- C:\Program Files\Realtek
2013-07-16 15:43:50 693352 ----a-w- C:\windows\System32\DTSVoiceClarityDLL64.dll
2013-07-16 15:31:40 838216 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2013-07-16 15:31:40 78920 ----a-w- C:\windows\System32\RtNicProp64.dll
2013-07-16 15:29:49 99288 ----a-w- C:\windows\System32\drivers\TeeDriverx64.sys
2013-07-16 15:29:49 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll
2013-07-16 15:28:27 -------- d-----w- C:\Intel
2013-07-16 15:26:07 877856 ----a-w- C:\windows\System32\nvvsvc.exe
2013-07-16 15:26:07 6398240 ----a-w- C:\windows\System32\nvcpl.dll
2013-07-16 15:26:07 63776 ----a-w- C:\windows\System32\nvshext.dll
2013-07-16 15:26:07 3477280 ----a-w- C:\windows\System32\nvsvc64.dll
2013-07-16 15:26:07 3065455 ----a-w- C:\windows\System32\nvcoproc.bin
2013-07-16 15:26:07 2555680 ----a-w- C:\windows\System32\nvsvcr.dll
2013-07-16 15:26:07 237856 ----a-w- C:\windows\System32\nvmctray.dll
2013-07-16 15:25:54 64000 ----a-w- C:\windows\System32\OpenCL.dll
2013-07-16 15:25:54 60416 ----a-w- C:\windows\SysWow64\OpenCL.dll
2013-07-16 15:25:49 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-07-16 15:25:47 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-07-16 15:23:58 -------- d-----w- C:\NVIDIA
2013-07-16 15:06:14 -------- d-----w- C:\ProgramData\DriverGenius
2013-07-16 14:23:24 -------- d-----w- C:\ProgramData\Age of Empires 3
2013-07-16 14:20:33 3767504 ----a-w- C:\windows\System32\d3dx9_26.dll
2013-07-16 14:20:33 2297552 ----a-w- C:\windows\SysWow64\d3dx9_26.dll
2013-07-16 14:18:51 -------- d-----w- C:\Program Files (x86)\Microsoft Games
2013-07-15 13:51:58 -------- d-----w- C:\Users\Alberto\AppData\Roaming\Pro Cycling Manager 2012
2013-07-15 12:01:15 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2013-07-15 11:57:06 564824 ----a-w- C:\windows\System32\drivers\sptd.sys
2013-07-15 11:51:03 10240 ----a-w- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
2013-07-15 11:51:02 49664 ----a-w- C:\ProgramData\Microsoft\Windows\Time\w9xpopen.exe
2013-07-15 11:51:02 10752 ----a-w- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
2013-07-15 11:51:01 2303488 ----a-w- C:\ProgramData\Microsoft\Windows\Time\python27.dll
2013-07-15 11:51:00 24064 ----a-w- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
2013-07-15 11:50:53 569680 ----a-w- C:\ProgramData\Microsoft\Windows\Time\msvcp90.dll
2013-07-15 11:50:52 219648 ----a-w- C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-06-24 18:27:55 -------- d-----w- C:\Users\Alberto\AppData\Roaming\ACD Systems
2013-06-24 18:27:55 -------- d-----w- C:\Users\Alberto\AppData\Local\ACD Systems
2013-06-24 18:24:18 -------- d-----w- C:\ProgramData\ACD Systems
2013-06-24 18:24:11 -------- d-----w- C:\Program Files\Common Files\ACD Systems
2013-06-24 18:24:11 -------- d-----w- C:\Program Files\ACD Systems
2013-06-24 18:23:31 -------- d-----w- C:\Users\Alberto\AppData\Local\Downloaded Installations
2013-06-24 10:08:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 10:08:57 -------- d-----w- C:\Program Files\iTunes
2013-06-24 10:08:57 -------- d-----w- C:\Program Files\iPod
2013-06-24 10:00:29 -------- d-----w- C:\Users\Alberto\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-06-24 08:11:25 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 20:45:12 159744 ----a-w- C:\Program Files\Internet Explorer\Módulos\npqtplugin5.dll
2013-06-22 20:45:12 159744 ----a-w- C:\Program Files\Internet Explorer\Módulos\npqtplugin4.dll
2013-06-22 20:45:12 159744 ----a-w- C:\Program Files\Internet Explorer\Módulos\npqtplugin3.dll
2013-06-22 20:45:12 159744 ----a-w- C:\Program Files\Internet Explorer\Módulos\npqtplugin2.dll
2013-06-22 20:45:12 159744 ----a-w- C:\Program Files\Internet Explorer\Módulos\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-07-16 16:08:05 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2013-07-16 16:06:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 16:06:17 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-16 15:23:18 4708256 ----a-w- C:\windows\PE_Rom.dll
2013-07-16 15:22:35 4765184 ----a-w- C:\windows\PE_File.dll
2013-07-14 21:41:12 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-07-14 21:41:12 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-24 08:11:22 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-24 08:11:22 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49 1887744 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-05-02 00:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-05-01 01:59:12 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2012-10-30 22:51:05 6527128 ----a-w- C:\Program Files\AVAST Softw
.
============= FINISH: 17:33:00,23 ===============
 
And here it is Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 23/12/2012 1:33:39
System Uptime: 17/07/2013 15:59:27 (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | CM6870
Processor: Intel® Core i7-3770 CPU @ 3.40GHz | LGA1155 | 2584/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 373 GiB total, 100,427 GiB free.
D: is FIXED (NTFS) - 540 GiB total, 362,432 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&20BDBE28&0&00E0
Manufacturer: Ralink Technology, Corp.
Name: 802.11n Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_3090&SUBSYS_760111AD&REV_00\4&20BDBE28&0&00E0
Service: netr28x
.
==== System Restore Points ===================
.
RP168: 16/07/2013 17:59:07 - Antes de instalar controladores nuevos - 16/07/2013 17:59:03
RP169: 16/07/2013 17:59:31 - Windows Update
RP170: 16/07/2013 18:17:44 - Instalado Alcor Micro USB Card Reader
RP171: 16/07/2013 18:37:13 - Uniblue SpeedUpMyPC installation
RP172: 16/07/2013 18:43:04 - Uniblue SpeedUpMyPC installation
RP173: 16/07/2013 23:31:45 - Uniblue SpeedUpMyPC installation
RP174: 17/07/2013 9:44:37 - Removed Adobe Reader X (10.1.7) MUI.
.
==== Image File Execution Options =============
.
IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: adobe air application installer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: asusinstaller (1).exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: asusinstaller.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: nvstview.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: switchboard.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: AcroRd32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: adobe air application installer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: asusinstaller (1).exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: asusinstaller.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: nvstview.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: switchboard.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
ACDSee Pro 6
Actualización de NVIDIA 1.12.12
Adobe Acrobat XI Pro
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Widget Browser
Advertising Center
Age of Empires III
AI Suite II
Akamai NetSession Interface
Alcor Micro USB Card Reader
Apple Mobile Device Support
Apple Software Update
ArcSoft Perfect365
ASUS Instant On
Audacity 2.0.2
avast! Free Antivirus
Avid License Control
Bonjour
CameraHelperMsi
CDex - Open Source Digital Audio CD Extractor
Compatibilidad con Aplicaciones de Apple
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
erLT
Flame Painter 1.2
FormatFactory 3.0.1
GIMP 2.8.2
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript 8.60
GPL Ghostscript Fonts
ImagXpress
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25
Java Auto Updater
JDownloader 0.9
Logitech SetPoint 6.52
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware versión 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ESN Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended ESN Language Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Spanish) 2010
Microsoft Office Excel MUI (Spanish) 2010
Microsoft Office Groove MUI (Spanish) 2010
Microsoft Office InfoPath MUI (Spanish) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Spanish) 2010
Microsoft Office Outlook MUI (Spanish) 2010
Microsoft Office PowerPoint MUI (Spanish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Basque) 2010
Microsoft Office Proof (Catalan) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Spanish) 2010
Microsoft Office Publisher MUI (Spanish) 2010
Microsoft Office Shared 64-bit MUI (Spanish) 2010
Microsoft Office Shared MUI (Spanish) 2010
Microsoft Office Word MUI (Spanish) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MiniLyrics
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Essentials
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Express Help
Nero Installer
Nero Online Upgrade
Nero StartSmart OEM
NeroExpress
Neuratron PhotoScore Ultimate
Nokia Connectivity Cable Driver
Nokia Suite
NVIDIA Controlador de 3D Vision 314.22
NVIDIA Controlador de audio HD 1.3.23.1
NVIDIA Controlador de gráficos 314.22
NVIDIA Controlador de la controladora 3D Vision 314.22
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software del sistema PhysX 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Panel de control de NVIDIA 314.22
Paquete de controladores de Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
PC Connectivity Solution
PDFtoMusic Pro
Photoshop CS5 Extended 12.0
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RescuePRO Deluxe 5.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sibelius 7 OpenType Fonts
Sibelius 7.1.2.46
Sibelius Scorch (all browsers)
Skype™ 6.5
Snagit 11
Software de cámara Web Logitech
Spotify
TuneUp Utilities 2013
TuneUp Utilities Language Pack (es-ES)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
17/07/2013 16:02:27, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
17/07/2013 16:00:13, Error: Service Control Manager [7000]  - El servicio EIO no pudo iniciarse debido al siguiente error:  El sistema no puede encontrar el archivo especificado.
17/07/2013 14:56:52, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
17/07/2013 14:51:14, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
17/07/2013 14:47:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - El equipo se reinició después de una comprobación de errores. La comprobación de errores fue: 0x00000116 (0xfffffa800b93d010, 0xfffff88005f3a6ac, 0xffffffffc000009a, 0x0000000000000004). Se guardó un volcado en: C:\windows\MEMORY.DMP. Id. de informe: 071713-21652-01.
17/07/2013 11:40:14, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
17/07/2013 10:54:24, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
17/07/2013 10:29:14, Error: Service Control Manager [7034]  - El servicio Time se terminó de manera inesperada. Esto ha sucedido 1 veces.
16/07/2013 18:49:38, Error: Service Control Manager [7043]  - El servicio TuneUp Utilities Service no se cerró correctamente después de recibir un control de aviso de apagado.
16/07/2013 18:46:17, Error: Service Control Manager [7011]  - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
16/07/2013 18:45:47, Error: Service Control Manager [7011]  - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio TuneUp.UtilitiesSvc.
16/07/2013 18:24:25, Error: Service Control Manager [7022]  - El servicio Time no respondió después de iniciar.
16/07/2013 17:47:16, Error: Service Control Manager [7009]  - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Time.
16/07/2013 17:47:16, Error: Service Control Manager [7000]  - El servicio Time no pudo iniciarse debido al siguiente error:  El servicio no respondió a tiempo a la solicitud de inicio o de control.
16/07/2013 17:45:49, Error: Service Control Manager [7000]  - El servicio Intel® Management and Security Application Local Management Service no pudo iniciarse debido al siguiente error:  Ha terminado la canalización.
16/07/2013 17:44:03, Error: Service Control Manager [7031]  - El servicio avast! Antivirus terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
14/07/2013 23:40:02, Error: Server [2505]  - El servidor no pudo enlazarse al transporte \Device\NetBT_Tcpip_{2D038650-7557-4AB3-A3D4-174E55595084} debido a que otro equipo en la red tiene el mismo nombre. No se puede iniciar el servidor.
14/07/2013 23:40:01, Error: NetBT [4321]  - No se pudo registrar el nombre "ALBERTO-PC     :20" en la interfaz con dirección IP 192.168.1.6. El equipo la con dirección IP 192.168.1.15 no admite el nombre reclamado por este equipo.
14/07/2013 23:39:41, Error: NetBT [4321]  - No se pudo registrar el nombre "ALBERTO-PC     :0" en la interfaz con dirección IP 192.168.1.6. El equipo la con dirección IP 192.168.1.15 no admite el nombre reclamado por este equipo.
.
==== End Of File ===========================
 
 
What should I do now? Please note that timeserver.exe is not running since, as I said in the first post, I think it might be harmful for the CPU fan.
Thanks again :)
Link to post
Share on other sites

That is the last program I installed, just because DriverGenius suggested me to.

Now everything works better, I have 99% of CPU inactive and I can run Age of Empires without problems (at least after this first restart)

But the problem is that I had the problems I referred in my first post before installing that software so, how can I now that the infection is gone?

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log
Link to post
Share on other sites

I have scanned the PC with Malwarebytes (the complete one, not the fast one) a few times since I noticed the infection, but it never got anything.

Here it is the log for this scan anyways:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versión de la Base de Datos: v2013.07.17.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Alberto :: ALBERTO-PC [administrador]
 
Protección: Habilitado
 
17/07/2013 18:21:09
mbam-log-2013-07-17 (18-21-09).txt
 
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 245588
Tiempo transcurrido: 3 minuto(s), 12 segundo(s)
 
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
 
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
 
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
 
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
 
fin)
 
 
This is about ESET (I read that with it might cause interference with AVAST... should I repeat the analysis disabling avast? If so, how? Anyways, it caught something):
 
C:\Users\All Users\Microsoft\Windows\Time\WindowsTime.exe MSIL/CoinMiner.BW trojan
C:\$Recycle.Bin\S-1-5-21-2391284242-2660516687-3913076419-1001\$R9DLK4I.exe Win32/Adware.Lollipop.D application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-2391284242-2660516687-3913076419-1001\$RF0CC8P.exe a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\Alberto\PROGRAMAS\ALICIA PROGRAMAS\Avira\avira_free_antivirus_es.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Alberto\PROGRAMAS\Audacity\SoftonicDownloader_para_audacity.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Alberto\PROGRAMAS\Format factory\FFSetup296.exe multiple threats cleaned by deleting - quarantined
C:\Alberto\PROGRAMAS\Format factory\SoftonicDownloader_para_format-factory.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Alberto\PROGRAMAS\Gimp\SoftonicDownloader_para_gimp.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe MSIL/CoinMiner.BW trojan cleaned by deleting - quarantined
C:\Users\Alberto\AppData\Local\Temp\ICReinstall_Alcohol52_FE_2-0-2-4713.exe Win32/InstallCore.BO application cleaned by deleting - quarantined
C:\Users\Alberto\AppData\Local\Temp\is1988980107\DeltaTB.exe a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantined
C:\Users\Alberto\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\47363e7b-56c2ef4b a variant of Java/JShrink.A application cleaned by deleting - quarantined
C:\Users\Alberto\Desktop\Alcohol52_FE_2-0-2-4713.exe Win32/InstallCore.BO application cleaned by deleting - quarantined
C:\Users\Alberto\Desktop\SoftonicDownloader_para_pro-cycling-manager-2013.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Alberto\Documents\MAGIX Downloads\Installationsmanager\Video_easy_3_HD_DLV_es-ES_120330_12-05_3_0_1_29.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Users\Alberto\Downloads\SoftonicDownloader_para_asus-smart-doctor.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Alberto\Downloads\waterfox-windows-malavida.exe Win32/Malavida.A application cleaned by deleting - quarantined
 
I am a little bit concerned as "C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe MSIL/CoinMiner.BW trojan" appears twice (not in the log, but so in the program interface) and it is only deleted once. I am attaching a screen capture.
Sorry for the delay, but the scans took quite a lot of time.
What should I do next?
Thanks again :)
Link to post
Share on other sites

Sorry, what I say about "C:\Users\All Users\Microsoft\Windows\Time\WindowsTime.exe MSIL/CoinMiner.BW trojan" also appears in the ESET log.

I forgot to attach the picture, here it is.

Should I check "Unistall application on close" when closing ESET?

post-142888-0-54142700-1374095410_thumb.

Link to post
Share on other sites

No problem about that, take your time. I'm concerned for same entrie. No, leave ESET Online Scanner for now.

This one needs deep scan:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Here it is... I am a bit lost, what should I do now?

 

ComboFix 13-07-16.01 - Alberto 17/07/2013  23:31:58.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.34.3082.18.7884.5950 [GMT 2:00]
Running from: c:\users\Alberto\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alberto\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 21:35 . 2013-07-17 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-17 16:27 . 2013-07-17 16:27 -------- d-----w- c:\program files (x86)\ESET
2013-07-17 14:10 . 2013-07-17 14:10 -------- d-----w- c:\users\Alberto\AppData\Local\Intel_Corporation
2013-07-16 16:46 . 2013-07-16 16:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCC6F203-73B1-4FA5-83AD-A726B31BC57A}\offreg.dll
2013-07-16 16:19 . 2013-07-16 16:19 -------- d-----w- c:\programdata\AmUStor
2013-07-16 16:19 . 2013-07-16 16:19 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2013-07-16 16:19 . 2013-07-16 16:19 -------- d-----w- c:\users\Alberto\AppData\Local\Logitech® Webcam Software
2013-07-16 16:16 . 2013-07-16 16:16 53248 ----a-r- c:\users\Alberto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-16 16:15 . 2013-07-16 16:15 -------- d-----w- c:\program files (x86)\Logitech
2013-07-16 16:09 . 2013-07-16 16:09 -------- d-----w- c:\users\Alberto\AppData\Local\Logishrd
2013-07-16 16:07 . 2013-07-16 16:07 -------- d-----w- c:\program files\Logitech
2013-07-16 16:04 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCC6F203-73B1-4FA5-83AD-A726B31BC57A}\mpengine.dll
2013-07-16 15:58 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-16 15:56 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-16 15:56 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-16 15:45 . 2013-07-16 15:45 -------- d-----w- c:\windows\SysWow64\RTCOM
2013-07-16 15:45 . 2013-07-16 15:45 -------- d-----w- c:\program files\Realtek
2013-07-16 15:43 . 2013-03-26 15:04 2734624 ----a-w- c:\windows\system32\FMAPO64.dll
2013-07-16 15:31 . 2013-03-04 13:35 838216 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-07-16 15:31 . 2013-03-04 13:35 78920 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-07-16 15:29 . 2013-03-20 13:45 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2013-07-16 15:29 . 2013-03-20 13:45 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-07-16 15:29 . 2013-07-16 15:29 -------- d-----w- c:\users\Alberto\AppData\Roaming\InstallShield
2013-07-16 15:28 . 2013-07-17 13:54 -------- d-----w- C:\Intel
2013-07-16 15:26 . 2013-07-16 15:26 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-07-16 15:24 . 2013-03-15 05:53 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-07-16 15:23 . 2013-07-16 15:23 -------- d-----w- C:\NVIDIA
2013-07-16 15:06 . 2013-07-16 15:23 -------- d-----w- c:\programdata\DriverGenius
2013-07-16 14:23 . 2013-07-16 14:23 -------- d-----w- c:\programdata\Age of Empires 3
2013-07-16 14:20 . 2005-05-26 13:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-07-16 14:20 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2013-07-16 14:20 . 2005-03-18 15:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2013-07-16 14:18 . 2013-07-16 14:18 -------- d-----w- c:\program files (x86)\Microsoft Games
2013-07-15 13:51 . 2013-07-15 14:06 -------- d-----w- c:\users\Alberto\AppData\Roaming\Pro Cycling Manager 2012
2013-07-15 12:01 . 2013-07-15 12:01 -------- d-----w- c:\program files (x86)\Alcohol Soft
2013-07-15 11:57 . 2013-07-15 11:57 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-07-15 11:51 . 2013-07-15 13:41 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-07-15 11:51 . 2013-07-15 13:41 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-07-15 11:51 . 2013-07-15 13:41 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-07-15 11:51 . 2013-07-15 13:41 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-07-15 11:50 . 2013-07-15 13:41 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-07-15 11:50 . 2013-07-15 13:41 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-06-24 18:27 . 2013-06-24 18:28 -------- d-----w- c:\users\Alberto\AppData\Local\ACD Systems
2013-06-24 18:27 . 2013-06-24 18:27 -------- d-----w- c:\users\Alberto\AppData\Roaming\ACD Systems
2013-06-24 18:24 . 2013-06-24 18:24 -------- d-----w- c:\programdata\ACD Systems
2013-06-24 18:24 . 2013-06-24 18:24 -------- d-----w- c:\program files\Common Files\ACD Systems
2013-06-24 18:24 . 2013-06-24 18:24 -------- d-----w- c:\program files\ACD Systems
2013-06-24 18:23 . 2013-07-15 08:54 -------- d-----w- c:\users\Alberto\AppData\Local\Downloaded Installations
2013-06-24 10:08 . 2013-06-24 10:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-24 10:08 . 2013-06-24 10:09 -------- d-----w- c:\program files\iTunes
2013-06-24 10:08 . 2013-06-24 10:08 -------- d-----w- c:\program files\iPod
2013-06-24 10:00 . 2013-06-24 10:00 -------- d-----w- c:\users\Alberto\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-06-24 08:11 . 2013-06-24 08:11 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-22 20:45 . 2013-06-22 20:45 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin5.dll
2013-06-22 20:45 . 2013-06-22 20:45 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin4.dll
2013-06-22 20:45 . 2013-06-22 20:45 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin3.dll
2013-06-22 20:45 . 2013-06-22 20:45 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin2.dll
2013-06-22 20:45 . 2013-06-22 20:45 159744 ----a-w- c:\program files\Internet Explorer\Módulos\npqtplugin.dll
2013-06-22 20:45 . 2013-06-22 20:45 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 16:08 . 2012-12-23 11:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-07-16 16:06 . 2012-12-26 12:53 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-16 16:06 . 2012-02-22 02:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-16 16:05 . 2012-12-23 11:20 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-16 15:23 . 2012-12-23 00:50 4708256 ----a-w- c:\windows\PE_Rom.dll
2013-07-16 15:22 . 2012-12-23 11:26 4765184 ----a-w- c:\windows\PE_File.dll
2013-07-14 21:41 . 2013-03-19 22:41 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-07-14 21:41 . 2012-12-23 01:46 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-07-14 21:41 . 2012-12-23 01:46 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 08:11 . 2012-12-23 02:56 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 08:11 . 2012-12-23 02:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-13 11:19 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 11:19 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 11:19 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 11:19 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 11:19 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 11:19 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 11:19 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 11:19 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 11:19 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 11:19 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 11:20 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 11:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-03-19 22:41 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-12-23 01:46 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-23 01:46 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-23 01:46 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-23 01:46 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-23 01:45 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-23 01:46 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-13 11:20 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-26 05:51 . 2013-06-13 11:20 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-13 11:20 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-13 11:19 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2012-10-30 22:51 . 2012-12-23 11:34 6527128 ----a-w- c:\program files\AVAST Softw
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Alberto\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"LWS"=c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 HWHandSet;HWUSBSERSP;c:\windows\system32\DRIVERS\hw_quusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\hw_quusbmdm.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-14 21:41 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 16:06]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 01:30]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-23 01:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino de vínculo a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convertir a Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 62.42.230.24 62.42.63.52
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2391284242-2660516687-3913076419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]
@Denied: (2) (S-1-5-21-2391284242-2660516687-3913076419-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60po"
.
[HKEY_USERS\S-1-5-21-2391284242-2660516687-3913076419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]
@Denied: (2) (S-1-5-21-2391284242-2660516687-3913076419-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60pp"
.
[HKEY_USERS\S-1-5-21-2391284242-2660516687-3913076419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]
@Denied: (2) (S-1-5-21-2391284242-2660516687-3913076419-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.v60ppf"
.
[HKEY_USERS\S-1-5-21-2391284242-2660516687-3913076419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2391284242-2660516687-3913076419-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 6.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4b,8d,af,34,bf,bc,06,ff,a7,07,ae,d1,e3,22,ae,98,db,50,55,46,61,
   8d,7c,b5,87,bd,72,12,d3,b9,61,fd,de,c8,1f,ec,f6,a9,54,77,bc,8a,42,d4,ef,f5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:39,84,4a,c7,1d,7b,a3,36,eb,62,b1,4d,25,e2,a9,93,87,40,9e,f6,40,
   f2,21,ad,54,f2,c7,24,6a,06,9a,2e,ee,41,20,e3,1e,19,94,2c,9c,49,5d,df,04,1f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-17  23:36:30
ComboFix-quarantined-files.txt  2013-07-17 21:36
.
Pre-Run: 123.367.817.216 bytes libres
Post-Run: 123.509.587.968 bytes libres
.
- - End Of File - - 4C4B4D1C5522E2473518068759C8430D
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Looks good.

One last additional scan:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Now I have a problem that wasn't happening before. When I try to run Dreamweaver CS6 it says:

The application couldn't run properly (0xc000007b). Please clic on Accept to close it

 

Well, it says something like that, as I am translating from Spanish. Is it related to my previous problem? What should I do?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.