So, I've got this "virus", and I still don't know how to eliminate it.
The thing this virus does are:
+open my registry editor at startup
+eat memory
+cause errors on usb drivers, and on windows mail (???) and on windows media player ( I never use it, but I got error dialogs)
So, I'm going to put the log here:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Mariano at 2:22:42 on 2012-10-11
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.54.3082.18.3992.2566 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Mariano\kedxalekcyfy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Winamp\Winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.claro-search.com/?
affID=116198&tt=3912_7&babsrc=HP_ss&mntrId=828b8961000000000000f8d1115ee33f
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files
\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-
5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
uRun: [kedxalekcyfy] C:\Users\Mariano\kedxalekcyfy.exe
uRun: [Regedit32] C:\Windows\system32\regedit.exe
mRun: [Regedit32] C:\Windows\system32\regedit.exe
mRun: [kedxalekcyfy] C:\ProgramData\kedxalekcyfy.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&escargar &con BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - C:\Program Files\BitComet
\BitComet.exe/AddAllLink.htm
IE: Descargar con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools
\BitCometBHO_1.5.4.11.dll/206
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 200.115.192.30 190.55.60.129 200.115.192.29
TCP: Interfaces\{7120F9F6-AE84-4F11-A58A-21BE0D062E98} : DhcpNameServer =
200.115.192.30 190.55.60.129 200.115.192.29
TCP: Interfaces\{7C6CCDCE-6C9A-4F1A-84A7-B334E4AD5B66} : DhcpNameServer = 10.0.0.2
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{9030D464-4C02-4ABF-8ECC-5164760863C6}
mRun-x64: [Regedit32] C:\Windows\system32\regedit.exe
mRun-x64: [kedxalekcyfy] C:\ProgramData\kedxalekcyfy.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools
\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mariano\AppData\Roaming\Mozilla\Firefox\Profiles
\ckvevm3c.default\
FF - prefs.js: browser.search.selectedEngine - Google Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?
affID=116198&tt=3912_7&babsrc=KW_ss&mntrId=828b8961000000000000f8d1115ee33f&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files
\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program
Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-26
161560]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:
\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-26
363800]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-
Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe -->
system32\AppleChargerSrv.exe [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools
\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe
-service [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe
[2012-9-26 274200]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla
Maintenance Service\maintenanceservice.exe [2012-9-26 114144]
.
=============== Created Last 30 ================
.
2012-10-09 23:43:43 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\4Front
2012-10-09 23:43:42 -------- d-----w- C:\Users\Mariano\TruePianos
Settings
2012-10-09 23:40:26 -------- d-----w- C:\ProgramData\4Front
2012-10-09 04:48:29 9308616 ----a-w- C:\ProgramData\Microsoft\Windows
Defender\Definition Updates\{277C4148-6C00-49A6-A5F2-59B3943EED30}\mpengine.dll
2012-10-08 22:21:11 -------- d-----w- C:\Program Files\glassfish-
3.1.2.2
2012-10-08 22:15:26 -------- d-----w- C:\Program Files\NetBeans 7.2
2012-10-08 22:09:40 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Malwarebytes
2012-10-08 22:09:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-08 03:08:34 -------- d-----w- C:\Users\Mariano\.nbi
2012-10-03 05:06:06 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Mipony
2012-10-03 05:05:57 -------- d-----w- C:\Program Files (x86)\MiPony
2012-09-30 15:43:49 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Steinberg
2012-09-30 15:43:48 2785792 ----a-w- C:\Windows\SysWow64\GuaD.dll
2012-09-30 15:43:47 2442752 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-09-28 03:13:21 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-28 03:13:21 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-28 03:13:16 108008 ----a-w- C:\Windows
\System32\WindowsAccessBridge-64.dll
2012-09-27 23:38:37 -------- d-----w- C:\Program Files (x86)\Shuangs
WAV to MP3 Converter
2012-09-27 23:14:21 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-27 15:46:24 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\WAV To MP3
2012-09-27 14:17:39 338432 ----a-w- C:\Windows\SysWow64\REX Shared
Library.dll
2012-09-27 14:17:37 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-09-27 14:15:33 -------- d-----w- C:\ProgramData\Propellerhead
Software
2012-09-27 14:15:31 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Propellerhead Software
2012-09-27 14:10:51 -------- d-----w- C:\Program Files
(x86)\Propellerhead
2012-09-27 13:55:07 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\PowerISO
2012-09-27 02:41:11 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Anvil Studio
2012-09-27 02:40:23 -------- d-----w- C:\Program Files (x86)\Anvil
Studio 2012
2012-09-27 02:09:02 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Synthogy
2012-09-27 02:04:31 83505 ----a-w- C:\Program Files (x86)\Uninstal.exe
2012-09-27 02:04:31 -------- d-----w- C:\Program Files (x86)\Synthogy
2012-09-27 01:07:07 -------- d-----w- C:\Users\Mariano\AppData\Local
\Macromedia
2012-09-27 01:06:34 73136 ----a-w- C:\Windows
\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 01:06:34 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-27 00:02:17 -------- d-----w- C:\Program Files\M-Audio
2012-09-27 00:02:17 -------- d-----w- C:\Program Files (x86)\M-Audio
2012-09-27 00:00:55 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-09-27 00:00:55 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-09-26 23:55:43 -------- d-----w- C:\Downloads
2012-09-26 23:48:10 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\BitComet
2012-09-26 23:48:09 -------- d-----w- C:\Program Files\BitComet
2012-09-26 23:33:49 -------- d-----w- C:\Users\Mariano\AppData\Local
\Adobe
2012-09-26 23:30:46 -------- d-----w- C:\Program Files (x86)\Cisco
2012-09-26 23:30:19 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2012-09-26 23:30:19 -------- d-----w- C:\Program Files (x86)\TP-LINK
2012-09-26 23:30:01 -------- d-----w- C:\ProgramData\RTLLog
2012-09-26 19:44:42 -------- d-----w- C:\Windows\Panther
2012-09-26 19:44:18 -------- d-----w- C:\Windows\System32\oem
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\wbem\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\es
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\drivers
\UMDF\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\drivers
\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\0C0A
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\wbem\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\es
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\drivers
\UMDF\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\drivers
\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\0C0A
2012-09-26 19:43:43 -------- d-----w- C:\Windows\es-ES
2012-09-26 16:17:58 -------- d-----w- C:\Users\Mariano\Definitive(x)
2012-09-26 16:10:58 -------- d-----w- C:\Users\Mariano\FABIAN
2012-09-26 16:10:44 -------- d-----w- C:\Users\Mariano\GM(x)
2012-09-26 16:08:08 -------- d-----w- C:\Users\Mariano\Java
2012-09-26 16:06:02 -------- d-----w- C:\Users\Mariano\K31th J4rr3tt
complete discography mp3
2012-09-26 16:01:23 -------- d-----w- C:\Users\Mariano\MARIANO
2012-09-26 15:55:16 -------- d-----w- C:\Users\Mariano\Musica
2012-09-26 15:55:07 -------- d-----w- C:\Users\Mariano\setupes
2012-09-26 15:41:54 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-26 15:37:34 -------- d--h--w- C:\ProgramData\Common Files
2012-09-26 15:37:04 -------- d-----w- C:\ProgramData\MFAData
2012-09-26 15:29:30 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-09-26 15:29:30 410624 ----a-w- C:\Windows\SysWow64\systemcpl.dll
2012-09-26 15:29:30 2048 ----a-w- C:\Windows\SysWow64\winver.exe
2012-09-26 15:29:30 1536 ----a-w- C:\Windows\SysWow64\sppcomapi.dll
2012-09-26 15:29:30 113543 ----a-w- C:\Windows\SysWow64\slmgr.vbs
2012-09-26 15:29:18 -------- d-----w- C:\Users\Mariano\Tracing
2012-09-26 15:28:41 -------- d-----w- C:\Program Files
(x86)\Microsoft
2012-09-26 15:28:21 -------- d-----w- C:\Program Files (x86)\Windows
Live SkyDrive
2012-09-26 15:27:50 4927864 ----a-w- C:\Program Files (x86)\Common Files
\Windows Live\.cache\7d1474841cd9bfb\Silverlight.2.0.exe
2012-09-26 15:24:21 -------- d-----w- C:\Program Files (x86)\Common
Files\Windows Live
2012-09-26 15:20:53 -------- d-----w- C:\Windows\PCHEALTH
2012-09-26 15:18:44 -------- d-----w- C:\Users\Mariano\AppData\Local
\Microsoft Help
2012-09-26 15:14:11 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-09-26 15:14:11 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-09-26 15:14:11 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2012-09-26 15:14:11 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-09-26 15:14:11 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-09-26 15:14:10 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-09-26 15:14:08 -------- d-----w- C:\Program Files (x86)\K-Lite
Codec Pack
2012-09-26 14:58:46 15128 ----a-w- C:\Windows\System32\drivers
\IntelMEFWVer.dll
2012-09-26 14:57:48 -------- d-sh--w- C:\Windows\Installer
2012-09-26 14:57:42 -------- d-----w- C:\Program Files (x86)\Common
Files\postureAgent
2012-09-26 14:57:40 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe
2012-09-26 14:57:40 -------- d-----w- C:\Program Files\GIGABYTE
2012-09-26 14:55:57 2528832 ----a-w- C:\Windows\System32\FMAPO64.dll
2012-09-26 14:54:39 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-09-26 14:54:35 -------- d-----w- C:\Intel
2012-09-26 14:53:13 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2012-09-26 14:53:00 753664 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-09-26 14:53:00 69714 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-09-26 14:53:00 63488 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-09-26 14:53:00 5632 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-09-26 14:53:00 32768 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\Objectps.dll
2012-09-26 14:53:00 274432 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-09-26 14:53:00 200836 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-09-26 14:53:00 184320 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-09-26 14:52:59 331908 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
.
==================== Find3M ====================
.
2012-09-03 16:45:04 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-09-03 16:45:04 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
.
============= FINISH: 2:22:50,20 ===============
---
that's all for now, bye, thanks in advance!
The thing this virus does are:
+open my registry editor at startup
+eat memory
+cause errors on usb drivers, and on windows mail (???) and on windows media player ( I never use it, but I got error dialogs)
So, I'm going to put the log here:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Mariano at 2:22:42 on 2012-10-11
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.54.3082.18.3992.2566 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Mariano\kedxalekcyfy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Winamp\Winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.claro-search.com/?
affID=116198&tt=3912_7&babsrc=HP_ss&mntrId=828b8961000000000000f8d1115ee33f
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files
\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-
5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
\WindowsLiveLogin.dll
uRun: [kedxalekcyfy] C:\Users\Mariano\kedxalekcyfy.exe
uRun: [Regedit32] C:\Windows\system32\regedit.exe
mRun: [Regedit32] C:\Windows\system32\regedit.exe
mRun: [kedxalekcyfy] C:\ProgramData\kedxalekcyfy.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&escargar &con BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&escargar todo con BitComet - C:\Program Files\BitComet
\BitComet.exe/AddAllLink.htm
IE: Descargar con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools
\BitCometBHO_1.5.4.11.dll/206
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 200.115.192.30 190.55.60.129 200.115.192.29
TCP: Interfaces\{7120F9F6-AE84-4F11-A58A-21BE0D062E98} : DhcpNameServer =
200.115.192.30 190.55.60.129 200.115.192.29
TCP: Interfaces\{7C6CCDCE-6C9A-4F1A-84A7-B334E4AD5B66} : DhcpNameServer = 10.0.0.2
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{9030D464-4C02-4ABF-8ECC-5164760863C6}
mRun-x64: [Regedit32] C:\Windows\system32\regedit.exe
mRun-x64: [kedxalekcyfy] C:\ProgramData\kedxalekcyfy.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools
\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mariano\AppData\Roaming\Mozilla\Firefox\Profiles
\ckvevm3c.default\
FF - prefs.js: browser.search.selectedEngine - Google Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?
affID=116198&tt=3912_7&babsrc=KW_ss&mntrId=828b8961000000000000f8d1115ee33f&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files
\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program
Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-26
161560]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:
\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-26
363800]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-
Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe -->
system32\AppleChargerSrv.exe [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools
\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe
-service [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe
[2012-9-26 274200]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla
Maintenance Service\maintenanceservice.exe [2012-9-26 114144]
.
=============== Created Last 30 ================
.
2012-10-09 23:43:43 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\4Front
2012-10-09 23:43:42 -------- d-----w- C:\Users\Mariano\TruePianos
Settings
2012-10-09 23:40:26 -------- d-----w- C:\ProgramData\4Front
2012-10-09 04:48:29 9308616 ----a-w- C:\ProgramData\Microsoft\Windows
Defender\Definition Updates\{277C4148-6C00-49A6-A5F2-59B3943EED30}\mpengine.dll
2012-10-08 22:21:11 -------- d-----w- C:\Program Files\glassfish-
3.1.2.2
2012-10-08 22:15:26 -------- d-----w- C:\Program Files\NetBeans 7.2
2012-10-08 22:09:40 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Malwarebytes
2012-10-08 22:09:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-08 03:08:34 -------- d-----w- C:\Users\Mariano\.nbi
2012-10-03 05:06:06 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Mipony
2012-10-03 05:05:57 -------- d-----w- C:\Program Files (x86)\MiPony
2012-09-30 15:43:49 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Steinberg
2012-09-30 15:43:48 2785792 ----a-w- C:\Windows\SysWow64\GuaD.dll
2012-09-30 15:43:47 2442752 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2012-09-28 03:13:21 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-28 03:13:21 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-28 03:13:16 108008 ----a-w- C:\Windows
\System32\WindowsAccessBridge-64.dll
2012-09-27 23:38:37 -------- d-----w- C:\Program Files (x86)\Shuangs
WAV to MP3 Converter
2012-09-27 23:14:21 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-27 15:46:24 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\WAV To MP3
2012-09-27 14:17:39 338432 ----a-w- C:\Windows\SysWow64\REX Shared
Library.dll
2012-09-27 14:17:37 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2012-09-27 14:15:33 -------- d-----w- C:\ProgramData\Propellerhead
Software
2012-09-27 14:15:31 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Propellerhead Software
2012-09-27 14:10:51 -------- d-----w- C:\Program Files
(x86)\Propellerhead
2012-09-27 13:55:07 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\PowerISO
2012-09-27 02:41:11 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Anvil Studio
2012-09-27 02:40:23 -------- d-----w- C:\Program Files (x86)\Anvil
Studio 2012
2012-09-27 02:09:02 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\Synthogy
2012-09-27 02:04:31 83505 ----a-w- C:\Program Files (x86)\Uninstal.exe
2012-09-27 02:04:31 -------- d-----w- C:\Program Files (x86)\Synthogy
2012-09-27 01:07:07 -------- d-----w- C:\Users\Mariano\AppData\Local
\Macromedia
2012-09-27 01:06:34 73136 ----a-w- C:\Windows
\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 01:06:34 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-27 00:02:17 -------- d-----w- C:\Program Files\M-Audio
2012-09-27 00:02:17 -------- d-----w- C:\Program Files (x86)\M-Audio
2012-09-27 00:00:55 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-09-27 00:00:55 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-09-26 23:55:43 -------- d-----w- C:\Downloads
2012-09-26 23:48:10 -------- d-----w- C:\Users\Mariano\AppData
\Roaming\BitComet
2012-09-26 23:48:09 -------- d-----w- C:\Program Files\BitComet
2012-09-26 23:33:49 -------- d-----w- C:\Users\Mariano\AppData\Local
\Adobe
2012-09-26 23:30:46 -------- d-----w- C:\Program Files (x86)\Cisco
2012-09-26 23:30:19 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2012-09-26 23:30:19 -------- d-----w- C:\Program Files (x86)\TP-LINK
2012-09-26 23:30:01 -------- d-----w- C:\ProgramData\RTLLog
2012-09-26 19:44:42 -------- d-----w- C:\Windows\Panther
2012-09-26 19:44:18 -------- d-----w- C:\Windows\System32\oem
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\XPSViewer
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\wbem\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\es
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\drivers
\UMDF\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\drivers
\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\SysWow64\0C0A
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\wbem\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\es
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\drivers
\UMDF\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\drivers
\es-ES
2012-09-26 19:43:44 -------- d-----w- C:\Windows\System32\0C0A
2012-09-26 19:43:43 -------- d-----w- C:\Windows\es-ES
2012-09-26 16:17:58 -------- d-----w- C:\Users\Mariano\Definitive(x)
2012-09-26 16:10:58 -------- d-----w- C:\Users\Mariano\FABIAN
2012-09-26 16:10:44 -------- d-----w- C:\Users\Mariano\GM(x)
2012-09-26 16:08:08 -------- d-----w- C:\Users\Mariano\Java
2012-09-26 16:06:02 -------- d-----w- C:\Users\Mariano\K31th J4rr3tt
complete discography mp3
2012-09-26 16:01:23 -------- d-----w- C:\Users\Mariano\MARIANO
2012-09-26 15:55:16 -------- d-----w- C:\Users\Mariano\Musica
2012-09-26 15:55:07 -------- d-----w- C:\Users\Mariano\setupes
2012-09-26 15:41:54 -------- d-----w- C:\Program Files (x86)\AVG
2012-09-26 15:37:34 -------- d--h--w- C:\ProgramData\Common Files
2012-09-26 15:37:04 -------- d-----w- C:\ProgramData\MFAData
2012-09-26 15:29:30 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2012-09-26 15:29:30 410624 ----a-w- C:\Windows\SysWow64\systemcpl.dll
2012-09-26 15:29:30 2048 ----a-w- C:\Windows\SysWow64\winver.exe
2012-09-26 15:29:30 1536 ----a-w- C:\Windows\SysWow64\sppcomapi.dll
2012-09-26 15:29:30 113543 ----a-w- C:\Windows\SysWow64\slmgr.vbs
2012-09-26 15:29:18 -------- d-----w- C:\Users\Mariano\Tracing
2012-09-26 15:28:41 -------- d-----w- C:\Program Files
(x86)\Microsoft
2012-09-26 15:28:21 -------- d-----w- C:\Program Files (x86)\Windows
Live SkyDrive
2012-09-26 15:27:50 4927864 ----a-w- C:\Program Files (x86)\Common Files
\Windows Live\.cache\7d1474841cd9bfb\Silverlight.2.0.exe
2012-09-26 15:24:21 -------- d-----w- C:\Program Files (x86)\Common
Files\Windows Live
2012-09-26 15:20:53 -------- d-----w- C:\Windows\PCHEALTH
2012-09-26 15:18:44 -------- d-----w- C:\Users\Mariano\AppData\Local
\Microsoft Help
2012-09-26 15:14:11 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-09-26 15:14:11 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-09-26 15:14:11 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
2012-09-26 15:14:11 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-09-26 15:14:11 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-09-26 15:14:10 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-09-26 15:14:08 -------- d-----w- C:\Program Files (x86)\K-Lite
Codec Pack
2012-09-26 14:58:46 15128 ----a-w- C:\Windows\System32\drivers
\IntelMEFWVer.dll
2012-09-26 14:57:48 -------- d-sh--w- C:\Windows\Installer
2012-09-26 14:57:42 -------- d-----w- C:\Program Files (x86)\Common
Files\postureAgent
2012-09-26 14:57:40 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe
2012-09-26 14:57:40 -------- d-----w- C:\Program Files\GIGABYTE
2012-09-26 14:55:57 2528832 ----a-w- C:\Windows\System32\FMAPO64.dll
2012-09-26 14:54:39 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2012-09-26 14:54:35 -------- d-----w- C:\Intel
2012-09-26 14:53:13 -------- d-----w- C:\Program Files (x86)\GIGABYTE
2012-09-26 14:53:00 753664 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-09-26 14:53:00 69714 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-09-26 14:53:00 63488 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-09-26 14:53:00 5632 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-09-26 14:53:00 32768 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\Objectps.dll
2012-09-26 14:53:00 274432 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-09-26 14:53:00 200836 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-09-26 14:53:00 184320 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-09-26 14:52:59 331908 ----a-w- C:\Program Files (x86)\Common Files
\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
.
==================== Find3M ====================
.
2012-09-03 16:45:04 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-09-03 16:45:04 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
.
============= FINISH: 2:22:50,20 ===============
---
that's all for now, bye, thanks in advance!