Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help! computer won´t let me download or install any antivirus [Clo

Started by jorgitso , Oct 20 2014 09:14 AM
virus help remove denied install download antivirus

  • This topic is locked This topic is locked
44 replies to this topic

#1 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 20 October 2014 - 09:14 AM

Hi!

 

Im having issues with my pc, i cannot download any antivirus it says network error when it completes the download, cannot log in in some pages such as Soundcloud.

 

I scaned my pc with FRST.exe and aswMBR.exe as you said in a post for infections problems

 

here are the files.

 

Running Windows XP SP2

Attached Files


Edited by jorgitso, 20 October 2014 - 09:15 AM.

    Advertisements

Register to Remove

#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 21 October 2014 - 07:36 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 

#3 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 22 October 2014 - 03:40 PM

thank you for your fast reply, I will soon proceed.


#4 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 24 October 2014 - 08:30 AM

Hi, here is everything you asked, and attached the TDSSKiller log.

 

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014

Ran by george (administrator) on despacho on 24-10-2014 10:04:27
Running from C:\Documents and Settings\george\Escritorio\Nueva carpeta
Loaded Profile: george (Available profiles: ventas & george & Administrador)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Español (alfabetización internacional)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Archivos de programa\Mobogenie\MgAssist.exe
(Mobogenie.com) C:\Archivos de programa\Mobogenie3\MobogenieService.exe
(Symantec Corporation) C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Intuit) C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Archivos de programa\Mobogenie\DaemonProcess.exe
(zbshareware, Inc) C:\Archivos de programa\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
(Intuit Inc.) C:\Archivos de programa\Archivos comunes\Intuit\DataProtect\QBIDPService.exe
(Brother Industries, Ltd.) C:\Archivos de programa\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Archivos de programa\Browny02\Brother\BrStMonW.exe
(TeamViewer GmbH) C:\Archivos de programa\TeamViewer\Version8\TeamViewer_Service.exe
(Brother Industries, Ltd.) C:\Archivos de programa\ControlCenter4\BrCcUxSys.exe
(Symantec Corporation) C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
(Intuit Inc.) C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Brother Industries, Ltd.) C:\Archivos de programa\Browny02\BrYNSvc.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE
(TeamViewer GmbH) C:\Archivos de programa\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Archivos de programa\TeamViewer\Version8\tv_w32.exe
(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
(Farbar) C:\Documents and Settings\george\Escritorio\Nueva carpeta\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB Antivirus] => C:\Archivos de programa\USB Disk Security\USBGuard.exe [872448 2008-06-21] (zbshareware, Inc)
HKLM\...\Run: [Intuit SyncManager] => C:\Archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe [2807608 2013-08-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [GrooveMonitor] => C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [QuickBooksDB24] => C:\Program Files\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.)
HKLM\...\Run: [mobilegeni daemon] => C:\Archivos de programa\Mobogenie\DaemonProcess.exe [748736 2014-08-13] ()
HKLM\...\Run: [ControlCenter4] => C:\Archivos de programa\ControlCenter4\BrCcBoot.exe [212992 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Archivos de programa\Browny02\Brother\BrStMonW.exe [3145728 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515584 2004-08-19] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoStartBanner] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoStartBanner] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\george\Datos de programa\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Run: [DOS2USB] => C:\Archivos de programa\DOS2USB\DOS2USB.exe [280606 2007-05-24] (Bhaktee Software)
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Run: [cdloader] => C:\Documents and Settings\george\Datos de programa\mjusbsp\cdloader2.exe [124320 2011-08-23] (magicJack L.P.)
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoStartBanner] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {04c09057-eb2d-11e3-8399-4487fc5ed029} - F:\autorun.exe
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {1652a050-77aa-11e3-8376-4487fc5ed029} - F:\mqhqcv.pif
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {be016691-cee4-11e3-8391-4487fc5ed029} - F:\tksbwf.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-18\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-18\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartBanner] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Archivos de programa\Archivos comunes\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.busca7.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.busca7.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.busca7.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {C6DEC615-538F-43CF-ADD5-69ECAF6094ED} URL = http://www.google.es...F;FORID:1&hl=es
SearchScopes: HKLM - {C6DEC615-538F-43CF-ADD5-69ECAF6094ED} URL = http://www.google.es...F;FORID:1&hl=es
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...e=es_US&tpr=111
SearchScopes: HKCU - {C6DEC615-538F-43CF-ADD5-69ECAF6094ED} URL = http://www.google.es...F;FORID:1&hl=es
BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Archivos de programa\Norton AntiVirus\Engine\20.1.0.24\IPS\IPSBHO.DLL No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Aplicación auxiliar de inicio de sesión -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{42AEC371-9776-4368-8333-FD9EF5AB4A75}: [NameServer] 196.3.81.5,200.88.127.23
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013-11-22]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Datos de programa\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Datos de programa\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn [2014-10-23]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Archivos de programa\ESET\ESET Smart Security\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-05]
CHR Extension: (Búsqueda de Google) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-05]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-11-23]
CHR Extension: (Gmail) - C:\Documents and Settings\george\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-05]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\Exts\Chrome.crx [2013-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Archivos de programa\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [398336 2007-07-29] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [112128 2007-07-29] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [243200 2007-07-29] (Microsoft Corporation) [File not signed]
S3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2007-07-29] (Microsoft Corporation) [File not signed]
S2 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [116648 2015-11-05] (Google Inc.)
S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [116648 2015-11-05] (Google Inc.)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [96768 2007-07-29] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2007-07-29] (Microsoft Corporation) [File not signed]
R2 MgAssistService; C:\Archivos de programa\Mobogenie\MgAssist.exe [105664 2014-08-13] ()
S3 Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
R2 MobogenieService; C:\Archivos de programa\Mobogenie3\MobogenieService.exe [113344 2014-09-23] (Mobogenie.com)
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [152576 2007-07-29] (Microsoft Corporation) [File not signed]
S2 NAV; C:\Archivos de programa\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NCO; C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation)
R3 Netman; C:\WINDOWS\System32\netman.dll [197632 2007-07-29] (Microsoft Corporation) [File not signed]
S3 odserv; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-08-19] (Intuit) [File not signed]
S3 QBFCService; C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Archivos de programa\Archivos comunes\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
S4 QuickBooksDB24; C:\Program Files\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [180736 2007-07-29] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [398336 2007-07-29] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2007-07-29] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [57856 2007-07-29] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [334336 2007-07-29] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249344 2007-07-29] (Microsoft Corporation) [File not signed]
R2 TeamViewer8; C:\Archivos de programa\TeamViewer\Version8\TeamViewer_Service.exe [5087584 2013-10-01] (TeamViewer GmbH)
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2007-07-29] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185344 2007-07-29] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2007-07-29] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [916480 2006-11-03] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [475136 2007-07-29] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142464 2007-07-29] (Microsoft Corporation) [File not signed]
R1 BHDrvx86; C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx86.sys [1096280 2013-11-14] (Symantec Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DD01000.020\ccSetx86.sys [134304 2012-08-06] (Symantec Corporation)
R1 eeCtrl; C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-22] (Symantec Corporation)
R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [128768 2007-07-29] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2007-07-29] (Windows ® Server 2003 DDK provider) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [262656 2007-07-29] (Microsoft Corporation) [File not signed]
R3 IDSxpx86; C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSxpx86.sys [380824 2013-11-22] (Symantec Corporation)
S3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [134912 2007-07-29] (Microsoft Corporation) [File not signed]
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2007-07-29] (Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-10-20] (Malwarebytes Corporation)
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [454656 2007-07-29] (Microsoft Corporation) [File not signed]
S3 NAVENG; C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131201.021\NAVENG.SYS [93272 2013-11-22] (Symantec Corporation)
S3 NAVEX15; C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131201.021\NAVEX15.SYS [1612376 2013-11-22] (Symantec Corporation)
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2007-07-29] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2007-02-09] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [174592 2007-07-29] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139528 2007-07-29] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2007-07-29] (Microsoft Corporation) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2010-09-02] () [File not signed]
S3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [332928 2007-07-29] (Microsoft Corporation) [File not signed]
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-11-22] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360576 2007-07-29] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [364160 2007-07-29] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30080 2007-07-29] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2007-07-29] (Microsoft Corporation) [File not signed]
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1358720 2009-05-08] (VIA Technologies, Inc.)
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [82944 2007-07-29] (Microsoft Corporation) [File not signed]
U4 Alerter; No ImagePath
R3 amsint32; \??\C:\WINDOWS\system32\drivers\ltogmq.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 kgdoypod; \??\C:\DOCUME~1\george\CONFIG~1\Temp\kgdoypod.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-11-05 16:04 - 2013-12-13 16:39 - 00000975 _____ () C:\WINDOWS\system32\InstallUtil.InstallLog
2015-11-05 15:38 - 2015-11-05 15:38 - 00000000 ____D () C:\Documents and Settings\george\Menú Inicio\Programas\WinRAR
2015-11-05 15:38 - 2015-11-05 15:38 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\WinRAR
2015-11-05 15:38 - 2015-11-05 15:38 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\SIEN SA
2015-11-05 15:38 - 2015-11-05 15:38 - 00000000 ____D () C:\Documents and Settings\george\Configuración local\Datos de programa\Temp
2015-11-05 15:38 - 2014-02-03 12:17 - 00000000 ____D () C:\Archivos de programa\Mozilla Firefox
2015-11-05 15:38 - 2013-12-13 16:39 - 00000000 ____D () C:\Archivos de programa\IminentToolbar
2015-11-05 15:37 - 2013-12-09 08:45 - 00079016 _____ () C:\Documents and Settings\george\Configuración local\Datos de programa\GDIPFONTCACHEV1.DAT
2015-11-05 15:37 - 2013-11-06 23:25 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\Adobe
2015-11-05 15:22 - 2015-11-05 15:22 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\Google Chrome
2015-11-05 15:22 - 2014-10-17 15:11 - 00001874 _____ () C:\Documents and Settings\All Users\Escritorio\Google Chrome.lnk
2015-11-05 15:22 - 2014-06-03 12:00 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-11-05 15:21 - 2015-11-05 15:22 - 00000000 ____D () C:\Documents and Settings\george\Configuración local\Datos de programa\Google
2015-11-05 15:21 - 2015-11-05 15:22 - 00000000 ____D () C:\Archivos de programa\Google
2015-11-05 15:21 - 2014-10-24 09:59 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-05 15:21 - 2014-10-23 19:59 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-05 15:18 - 2015-11-05 15:18 - 00000838 _____ () C:\Documents and Settings\george\Menú Inicio\Programas\Internet Explorer.lnk
2015-11-05 15:18 - 2015-11-05 15:18 - 00000773 _____ () C:\Documents and Settings\george\Menú Inicio\Programas\Outlook Express.lnk
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 __SHD () C:\Documents and Settings\george\Configuración local\Historial
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 ___RD () C:\Documents and Settings\george\Mis documentos\Mi música
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 ___RD () C:\Documents and Settings\george\Menú Inicio\Programas\Accesorios
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 ___RD () C:\Documents and Settings\george\Favoritos
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 ____D () C:\Documents and Settings\george\Menú Inicio\Programas\Accessorios
2015-11-05 15:18 - 2015-11-05 15:18 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\ESET
2015-11-05 15:18 - 2014-10-24 09:53 - 00000000 __RHD () C:\Documents and Settings\george\Reciente
2015-11-05 15:18 - 2014-10-24 09:45 - 00000000 ____D () C:\Documents and Settings\george\Escritorio
2015-11-05 15:18 - 2014-10-23 19:59 - 00000000 ___HD () C:\Documents and Settings\george\Configuración local\Datos de programa
2015-11-05 15:18 - 2014-10-23 10:27 - 00000192 ___SH () C:\Documents and Settings\george\ntuser.ini
2015-11-05 15:18 - 2014-10-23 10:27 - 00000000 ____D () C:\Documents and Settings\george
2015-11-05 15:18 - 2014-10-20 11:43 - 00000000 __RHD () C:\Documents and Settings\george\Datos de programa
2015-11-05 15:18 - 2014-09-19 16:59 - 00000000 ___RD () C:\Documents and Settings\george\Mis documentos
2015-11-05 15:18 - 2014-06-06 16:42 - 00000000 ___RD () C:\Documents and Settings\george\Menú Inicio\Programas
2015-11-05 15:18 - 2014-05-19 18:00 - 00000000 ___RD () C:\Documents and Settings\george\Mis documentos\Mis imágenes
2015-11-05 15:18 - 2014-03-31 15:46 - 00000823 _____ () C:\Documents and Settings\george\Menú Inicio\Programas\Windows Media Player.lnk
2015-11-05 15:18 - 2013-12-30 08:58 - 00000000 ___HD () C:\Documents and Settings\george\Entorno de red
2015-11-05 15:18 - 2013-12-06 17:29 - 00000000 __SHD () C:\Documents and Settings\george\Configuración local\Archivos temporales de Internet
2015-11-05 15:18 - 2013-12-06 17:13 - 00000000 ___RD () C:\Documents and Settings\george\Menú Inicio\Programas\Inicio
2015-11-05 15:18 - 2013-11-30 16:08 - 00000000 ___HD () C:\Documents and Settings\george\Configuración local
2015-11-05 15:18 - 2010-09-02 04:11 - 00000000 ___RD () C:\Documents and Settings\george\Menú Inicio
2015-11-05 15:18 - 2010-09-02 04:11 - 00000000 ___HD () C:\Documents and Settings\george\Impresoras
2015-11-05 15:18 - 2010-09-02 03:18 - 00001599 _____ () C:\Documents and Settings\george\Menú Inicio\Programas\Asistencia remota.lnk
2015-11-05 15:18 - 2010-09-02 03:15 - 00000000 ___HD () C:\Documents and Settings\george\Plantillas
2015-11-05 15:01 - 2015-11-05 15:01 - 00000000 ____D () C:\Documents and Settings\ventas\Datos de programa\Adobe
2015-11-05 15:00 - 2015-11-05 15:13 - 00000000 ____D () C:\Documents and Settings\ventas\Configuración local\Datos de programa\Deployment
2015-11-05 14:59 - 2007-07-29 14:47 - 00031616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-11-05 14:59 - 2007-07-29 14:47 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-11-05 14:59 - 2007-07-29 14:46 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-11-05 14:59 - 2007-07-29 14:46 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-11-05 14:59 - 2007-07-29 14:46 - 00009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-11-05 16:20 - 2014-11-05 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Menú Inicio\Programas\TeamViewer 8
2014-11-05 16:19 - 2014-11-05 16:19 - 00000864 _____ () C:\Documents and Settings\All Users\Escritorio\TeamViewer 8.lnk
2014-11-05 16:19 - 2014-11-05 16:19 - 00000000 ____D () C:\Archivos de programa\TeamViewer
2014-10-24 09:45 - 2014-10-24 10:04 - 00000000 ____D () C:\Documents and Settings\george\Escritorio\Nueva carpeta
2014-10-20 11:43 - 2014-10-20 11:43 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\Mobogenie
2014-10-20 11:24 - 2014-10-20 11:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-20 11:05 - 2014-10-20 11:05 - 00000512 _____ () C:\Documents and Settings\george\Escritorio\MBR.dat
2014-10-20 11:01 - 2014-10-24 10:04 - 00000000 ____D () C:\FRST
2014-10-04 14:10 - 2014-10-04 14:10 - 00001132 _____ () C:\Documents and Settings\george\Escritorio\Remoto.RDP
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-11-05 15:35 - 2010-09-02 05:42 - 00000000 ____D () C:\Archivos de programa\Winamp
2015-11-05 15:17 - 2010-09-02 06:00 - 00000192 ___SH () C:\Documents and Settings\ventas\ntuser.ini
2015-11-05 15:03 - 2010-12-16 14:17 - 00000000 ____D () C:\Documents and Settings\ventas\Tracing
2014-10-24 10:02 - 2013-12-04 12:57 - 00000838 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-23 19:54 - 2010-09-02 04:11 - 00000000 ____D () C:\Archivos de programa
2014-10-23 15:02 - 2010-09-02 03:19 - 00032346 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-23 11:03 - 2014-01-31 11:25 - 00000000 ____D () C:\Documents and Settings\george\Datos de programa\newnext.me
2014-10-23 11:03 - 2010-09-02 03:18 - 01652693 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-23 11:02 - 2010-09-02 04:13 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-10-23 11:02 - 2010-09-02 04:13 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-23 11:02 - 2010-09-02 03:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-23 11:02 - 2001-08-24 12:00 - 00002228 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-21 09:35 - 2013-11-22 18:52 - 00000000 _____ () C:\Documents and Settings\george\dos2usb.tmp
2014-10-21 09:35 - 2013-11-22 18:52 - 00000000 _____ () C:\Documents and Settings\george\dos2usb.spl
2014-10-20 11:05 - 2010-09-02 04:10 - 00774691 _____ () C:\WINDOWS\setupapi.log
2014-10-14 11:11 - 2013-11-22 18:51 - 00000000 ____D () C:\Archivos de programa\DOS2USB
2014-10-08 18:04 - 2013-12-05 11:30 - 00748990 _____ () C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-S-1-5-21-861567501-152049171-725345543-1005-0.dat
2014-10-08 18:04 - 2013-12-05 11:30 - 00326414 _____ () C:\Documents and Settings\LocalService\Configuración local\Datos de programa\WPFFontCache_v0400-System.dat
2014-09-29 12:17 - 2013-11-07 08:44 - 00001132 ____H () C:\Documents and Settings\george\Mis documentos\Default.rdp
2014-09-27 10:11 - 2014-08-07 09:28 - 00000000 ____D () C:\Archivos de programa\Mobogenie3
 
Some content of TEMP:
====================
C:\Documents and Settings\george\Configuración local\Temp\acfpdfu.dll
C:\Documents and Settings\george\Configuración local\Temp\acfpdfuamd64.dll
C:\Documents and Settings\george\Configuración local\Temp\acfpdfui.dll
C:\Documents and Settings\george\Configuración local\Temp\acfpdfuia64.dll
C:\Documents and Settings\george\Configuración local\Temp\acfpdfuiamd64.dll
C:\Documents and Settings\george\Configuración local\Temp\acfpdfuiia64.dll
C:\Documents and Settings\george\Configuración local\Temp\cdintf.dll
C:\Documents and Settings\george\Configuración local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe
[2007-07-29 08:45] - [2007-07-29 08:45] - 1035776 ____A (Microsoft Corporation) dbb6b75cc6cb2cf8ec0bafca08aed6be     
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll
[2007-07-29 08:46] - [2007-07-29 08:46] - 0579072 ____A (Microsoft Corporation) 237fb93c6b4330d8ee7d2448cf71c5ed     
 
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2007-07-29 08:46] - [2007-07-29 08:46] - 0398336 ____A (Microsoft Corporation) 78793aae30e77a07d6c5a378d163b909     
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by george at 2014-10-24 10:04:43
Running from C:\Documents and Settings\george\Escritorio\Nueva carpeta
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1.59.80 (HKLM\...\{6F012034-9C8E-45F1-800D-FA09DE37FDC5}_is1) (Version: 1.5.9.5 - Bhaktee Software)
Adobe Flash Player 11 ActiveX (HKLM\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-7360N (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
GetDataBack for FAT and GetDataBack for NTFS (HKLM\...\{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}) (Version: 3.03.000 - Runtime Software)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Kernel for Excel Demo 10.10.01 (HKLM\...\Kernel For Excel Demo_is1) (Version:  - Nucleus Data Recovery.Com Pvt Ltd)
K-Lite Codec Pack 3.3.0 Standard (HKLM\...\KLiteCodecPack_is1) (Version: 3.30 - )
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
Mask My IP (HKLM\...\MaskMyIP) (Version: 2.3.7.2 - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 2.0 with Security Updates (HKLM\...\Microsoft .NET Framework 2.0 with Security Updates) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Mobogenie (HKLM\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 7.10.1.0 (HKLM\...\Nero7_is1) (Version: 7.10.1.0 - Nero AG)
Norton AntiVirus (HKLM\...\NAV) (Version: 20.1.0.24 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2013.1.0.32 - Symantec Corporation)
OpenOffice.org 3.2 (HKLM\...\{76896231-3040-4D77-B0D4-87D2256AC0CB}) (Version: 3.2.9483 - OpenOffice.org)
Paquete de compatibilidad para 2007 Office system (HKLM\...\{90120000-0020-0C0A-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickBooks (Version: 24.0.4001.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
Reproductor de Windows Media 11 (HKLM\...\Windows Media Player) (Version:  - )
Revisión para Windows XP (KB935448) (HKLM\...\KB935448) (Version: 1 - Microsoft Corporation)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shockwave Player (HKLM\...\{103906AD-C60E-4E65-BC84-CE980D19CE41}) (Version: 10.2.0.022 - Adobe)
Star Check Writer (HKLM\...\Star Check Writer_is1) (Version: 1.00 - Starre Enterprises, Inc.)
Tame Release 4.5c (remove only) (HKLM\...\Tame_4.5e) (Version:  - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
USB Disk Security 5.0.0.85 (HKLM\...\USB Disk Security_is1) (Version:  - zbshareware, Inc.)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Winamp AudioPlayer (HKLM\...\{5643BB6D-14ED-4EF4-AB38-4F9CD208674C}) (Version: 5.3.5.1305 - Nullsoft, Inc.)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Live Asistente para el inicio de sesión (HKLM\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-861567501-152049171-725345543-1005_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Archivos de programa\Archivos comunes\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2001-08-24 12:00 - 2001-08-24 12:00 - 00000792 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-31 11:56 - 2014-08-13 11:58 - 00105664 _____ () C:\Archivos de programa\Mobogenie\MgAssist.exe
2010-09-02 05:42 - 2007-05-22 04:59 - 00128512 _____ () C:\Archivos de programa\WinRAR\rarext.dll
2014-01-31 11:25 - 2014-08-13 11:58 - 00748736 _____ () C:\Archivos de programa\Mobogenie\DaemonProcess.exe
2014-01-31 11:56 - 2014-08-13 11:58 - 00065728 _____ () C:\Archivos de programa\Mobogenie\Device.dll
2014-01-31 11:56 - 2014-08-13 11:58 - 00474816 _____ () C:\Archivos de programa\Mobogenie\DCR.dll
2014-05-19 09:02 - 2009-02-27 16:38 - 00139264 ____R () C:\Archivos de programa\Brother\BrUtilities\BrLogAPI.dll
2013-11-22 19:14 - 2012-05-30 11:51 - 00699280 ____R () C:\ARCHIVOS DE PROGRAMA\NORTON IDENTITY SAFE\ENGINE\2013.1.0.32\wincfi39.dll
2013-08-19 12:54 - 2013-08-19 12:54 - 00623432 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBCompressor.dll
2013-08-19 10:03 - 2013-08-19 10:03 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2014\zlib1.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00147272 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2013-08-19 12:54 - 2013-08-19 12:54 - 00247112 _____ () C:\Program Files\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00621384 _____ () C:\Program Files\Intuit\QuickBooks 2014\FtuEngine.dll
2013-08-19 12:54 - 2013-08-19 12:54 - 00577864 _____ () C:\Program Files\Intuit\QuickBooks 2014\BackupLib.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00134472 _____ () C:\Program Files\Intuit\QuickBooks 2014\QBProActiveCore.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00700744 _____ () C:\Program Files\Intuit\QuickBooks 2014\FeaturesBridge.dll
2013-08-19 12:55 - 2013-08-19 12:55 - 00043848 _____ () C:\Program Files\Intuit\QuickBooks 2014\mbpopup.dll
2004-08-19 09:42 - 2004-08-19 09:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Reboot.exe => C:\WINDOWS\pss\Reboot.exeCommon Startup
MSCONFIG\startupreg: HDAudDeck => C:\Archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
 
========================= Accounts: ==========================
 
Administrador (S-1-5-21-861567501-152049171-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrador
Asistente de ayuda (S-1-5-21-861567501-152049171-725345543-1000 - Limited - Disabled)
ASPNET (S-1-5-21-861567501-152049171-725345543-1003 - Limited - Enabled)
george (S-1-5-21-861567501-152049171-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\george
Invitado (S-1-5-21-861567501-152049171-725345543-501 - Limited - Disabled)
QBDataServiceUser24 (S-1-5-21-861567501-152049171-725345543-1018 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-861567501-152049171-725345543-1002 - Limited - Disabled)
ventas (S-1-5-21-861567501-152049171-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\ventas
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2014 01:00:36 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Error en la extracción de la lista raíz de terceros del archivo .CAB actualizado automáticamente: <http://www.download....authrootstl.cab> con el error: Un certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de fecha y hora en el archivo firmado.
 
Error: (06/20/2014 10:38:20 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::SetCustomPropertyString - Cannot add variable to excel : QBSUBSTORAGE
 
Error: (06/20/2014 10:38:20 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
ExcelHelper::WriteExcelVariable Com Error#: 800a03ec
 
Error: (06/20/2014 10:30:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
 
Error: (06/20/2014 10:30:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\connpool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (06/20/2014 10:30:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
Connection String:CON=QBConnectionPool-Probe-QB_despacho_24;;DBF=\\servidor\CONT\QuickBooks\Company Files\Repuestos RAP.qbw;CommLinks="tcpip(IP=192.168.0.116;TO=5;DOBROADCAST=NONE;port=55358)";ServerName=QB_despacho_24;DBN=224cbae8dddb4602837c3c72ef0178f4
 
Error: (06/20/2014 10:30:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2014":
Connection Error:Invalid user ID or password
 
Error: (06/18/2014 10:01:42 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download....authrootseq.txt> con el error: The server name or address could not be resolved
 
Error: (06/18/2014 09:46:14 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download....authrootseq.txt> con el error: The server name or address could not be resolved
 
Error: (06/18/2014 09:43:14 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Error en la recuperación de actualización automática del número de secuencia de la lista raíz de terceros de: <http://www.download....authrootseq.txt> con el error: The server name or address could not be resolved
 
 
System errors:
=============
Error: (12/21/2013 10:47:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Examinador de equipos terminó con el error: 
%%1460
 
Error: (12/21/2013 10:43:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Norton AntiVirus terminó con el error específico de servicio 4294967295 (0xFFFFFFFF).
 
Error: (12/18/2013 02:25:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Examinador de equipos terminó con el error: 
%%1460
 
Error: (12/18/2013 02:21:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Norton AntiVirus terminó con el error específico de servicio 4294967295 (0xFFFFFFFF).
 
Error: (12/18/2013 00:04:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Examinador de equipos terminó con el error: 
%%1460
 
Error: (12/18/2013 00:00:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Norton AntiVirus terminó con el error específico de servicio 4294967295 (0xFFFFFFFF).
 
Error: (12/18/2013 10:50:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Examinador de equipos terminó con el error: 
%%1460
 
Error: (12/18/2013 10:46:00 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Norton AntiVirus terminó con el error específico de servicio 4294967295 (0xFFFFFFFF).
 
Error: (12/18/2013 10:00:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: El servicio Examinador de equipos terminó con el error: 
%%1460
 
Error: (12/18/2013 09:56:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: El servicio Norton AntiVirus terminó con el error específico de servicio 4294967295 (0xFFFFFFFF).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 22%
Total physical RAM: 3318.17 MB
Available physical RAM: 2588.07 MB
Total Pagefile: 4683.67 MB
Available Pagefile: 3585 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:78.13 GB) (Free:54.54 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:853.37 GB) (Free:852.21 GB) NTFS
Drive f: () (Network) (Total:270.44 GB) (Free:244.9 GB) 
Drive x: () (Network) (Total:195.31 GB) (Free:180.62 GB) 
Drive y: () (Network) (Total:503.32 GB) (Free:496.92 GB) 
Drive z: () (Network) (Total:270.44 GB) (Free:244.9 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 032B032B)
Partition 1: (Active) - (Size=78.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853.4 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
ark.txt
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-24 10:19:03
Windows 5.1.2600 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD10EARS-22Y5B1 rev.80.00A80 931.51GB
Running: gmer.exe; Driver: C:\DOCUME~1\george\CONFIG~1\Temp\kgdoypod.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            8A19AE60                                                                               ZwAlertResumeThread
SSDT            8A19AEF8                                                                               ZwAlertThread
SSDT            8A00ACF0                                                                               ZwAllocateVirtualMemory
SSDT            89FD0F90                                                                               ZwAssignProcessToJobObject
SSDT            8A053C68                                                                               ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS                                           ZwCreateKey [0xA9699ED0]
SSDT            89F94FC0                                                                               ZwCreateMutant
SSDT            89FE93A8                                                                               ZwCreateSymbolicLinkObject
SSDT            89FD1118                                                                               ZwCreateThread
SSDT            8A00EE80                                                                               ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS                                           ZwDeleteKey [0xA969A150]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS                                           ZwDeleteValueKey [0xA969A810]
SSDT            8A00AE10                                                                               ZwDuplicateObject
SSDT            sptd.sys                                                                               ZwEnumerateKey [0xF74F2FB2]
SSDT            sptd.sys                                                                               ZwEnumerateValueKey [0xF74F3340]
SSDT            89FAC740                                                                               ZwFreeVirtualMemory
SSDT            8A010A60                                                                               ZwImpersonateAnonymousToken
SSDT            8A010AF8                                                                               ZwImpersonateThread
SSDT            8A081D00                                                                               ZwLoadDriver
SSDT            8A00A7E8                                                                               ZwMapViewOfSection
SSDT            89F94F48                                                                               ZwOpenEvent
SSDT            sptd.sys                                                                               ZwOpenKey [0xF74ED0B0]
SSDT            8A03B608                                                                               ZwOpenProcess
SSDT            8A00AD98                                                                               ZwOpenProcessToken
SSDT            8A00EFD0                                                                               ZwOpenSection
SSDT            8A00CB98                                                                               ZwOpenThread
SSDT            89FD0EE8                                                                               ZwProtectVirtualMemory
SSDT            sptd.sys                                                                               ZwQueryKey [0xF74F3418]
SSDT            sptd.sys                                                                               ZwQueryValueKey [0xF74F3298]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS                                           ZwRenameKey [0xA969AD70]
SSDT            8A19AF90                                                                               ZwResumeThread
SSDT            8A1A1DA8                                                                               ZwSetContextThread
SSDT            8A00A6C8                                                                               ZwSetInformationProcess
SSDT            8A00EF18                                                                               ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS                                           ZwSetValueKey [0xA969AA90]
SSDT            89F94EB0                                                                               ZwSuspendProcess
SSDT            8A1A1C98                                                                               ZwSuspendThread
SSDT            89F71430                                                                               ZwTerminateProcess
SSDT            8A1A1D30                                                                               ZwTerminateThread
SSDT            8A00A770                                                                               ZwUnmapViewOfSection
SSDT            89FAC7E8                                                                               ZwWriteVirtualMemory
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                 8A3721E8
Device          \FileSystem\Fastfat \FatCdrom                                                          889751E8
 
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               SYMTDI.SYS
 
Device          \Driver\usbuhci \Device\USBPDO-0                                                       8A0E01E8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                              8A3021E8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                8A3021E8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                   8A3021E8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                  8A3021E8
Device          \Driver\usbuhci \Device\USBPDO-1                                                       8A0E01E8
Device          \Driver\usbuhci \Device\USBPDO-2                                                       8A0E01E8
Device          \Driver\usbuhci \Device\USBPDO-3                                                       8A0E01E8
Device          \Driver\usbehci \Device\USBPDO-4                                                       8A0A3538
 
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              SYMTDI.SYS
 
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                 8A3741E8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                 8A3741E8
Device          \Driver\CDRom \Device\CdRom0                                                           8A0701E8
Device          \Driver\atapi \Device\Ide\IdePort0                                                     8A3731E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                     8A3731E8
Device          \Driver\atapi \Device\Ide\IdePort2                                                     8A3731E8
Device          \Driver\atapi \Device\Ide\IdePort3                                                     8A3731E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e                                            8A3731E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3                                            8A3731E8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                89F4B500
Device          \Driver\NetBT \Device\NetbiosSmb                                                       89F4B500
 
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              SYMTDI.SYS
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            SYMTDI.SYS
 
Device          \Driver\NetBT \Device\NetBT_Tcpip_{42AEC371-9776-4368-8333-FD9EF5AB4A75}               89F4B500
Device          \Driver\usbuhci \Device\USBFDO-0                                                       8A0E01E8
Device          \Driver\usbuhci \Device\USBFDO-1                                                       8A0E01E8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                      89F55790
Device          \Driver\usbuhci \Device\USBFDO-2                                                       8A0E01E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                            89F55790
Device          \Driver\usbuhci \Device\USBFDO-3                                                       8A0E01E8
Device          \Driver\usbehci \Device\USBFDO-4                                                       8A0A3538
Device          \Driver\Ftdisk \Device\FtControl                                                       8A3741E8
Device          \FileSystem\Fastfat \Fat                                                               889751E8
 
AttachedDevice  \FileSystem\Fastfat \Fat                                                               fltMgr.sys
 
Device          \FileSystem\Cdfs \Cdfs                                                                 89F66790
 
---- Trace I/O - GMER 2.1 ----
 
Trace           ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a3731e8]<<           8a3731e8
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2bdab8]                                8a2bdab8
Trace           3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000006f[0x8a2c29e8]           8a2c29e8
Trace           5 ACPI.sys[f74ab620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a2bfd98]  8a2bfd98
Trace           \Driver\atapi[0x8a2da9a0] -> IRP_MJ_CREATE -> 0x8a3731e8                               8a3731e8
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                     285507792
 
---- EOF - GMER 2.1 ----
 

 

Attached Files


#5 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 24 October 2014 - 09:17 AM

By the way, if you need to know, my pc language is configured to Spanish.


#6 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 October 2014 - 02:11 PM

Hi jorgitso,

TB-Psychotic is not available for a couple of days. Let's see if I can help in the meantime.

One of the reasons that you can't run antivirus on your system is because it is many years out of date. You are still running XP service pack 2. Service pack 3 came out in April of 2008. Many programs, including AV programs, will not run on service pack 2. Why have you never updated your system?

I would be remiss in pointing out that XP in any form is no longer being maintained by Microsoft. Therefore, your best answer would be to upgrade your system to at least Windows 7. Using XP is taking a risk at best.

That being said, let's see if we can do a bit of cleaning... and then we'll try to get you updated with service pack 3.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it as fixlist.txt
 

start
() C:\Archivos de programa\Mobogenie\MgAssist.exe
(Mobogenie.com) C:\Archivos de programa\Mobogenie3\MobogenieService.exe
() C:\Archivos de programa\Mobogenie\DaemonProcess.exe
(Symantec Corporation) C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
HKLM\...\Run: [mobilegeni daemon] => C:\Archivos de programa\Mobogenie\DaemonProcess.exe [748736 2014-08-13] ()
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\george\Datos de programa\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {04c09057-eb2d-11e3-8399-4487fc5ed029} - F:\autorun.exe
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {1652a050-77aa-11e3-8376-4487fc5ed029} - F:\mqhqcv.pif
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {be016691-cee4-11e3-8391-4487fc5ed029} - F:\tksbwf.exe
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
R2 MgAssistService; C:\Archivos de programa\Mobogenie\MgAssist.exe [105664 2014-08-13] ()
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-11-22] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
U4 Alerter; No ImagePath
R3 amsint32; \??\C:\WINDOWS\system32\drivers\ltogmq.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 kgdoypod; \??\C:\DOCUME~1\george\CONFIG~1\Temp\kgdoypod.sys [X]
2015-11-05 15:38 - 2013-12-13 16:39 - 00000000 ____D () C:\Archivos de programa\IminentToolbar
Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION
2014-01-31 11:56 - 2014-08-13 11:58 - 00105664 _____ () C:\Archivos de programa\Mobogenie\MgAssist.exe
2014-01-31 11:25 - 2014-08-13 11:58 - 00748736 _____ () C:\Archivos de programa\Mobogenie\DaemonProcess.exe
2014-01-31 11:56 - 2014-08-13 11:58 - 00065728 _____ () C:\Archivos de programa\Mobogenie\Device.dll
2014-01-31 11:56 - 2014-08-13 11:58 - 00474816 _____ () C:\Archivos de programa\Mobogenie\DCR.dll
end

.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#7 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 25 October 2014 - 03:17 PM

Here is the file!

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-10-2014

Ran by george at 2014-10-25 17:09:33 Run:1
Running from C:\Documents and Settings\george\Escritorio\WhatTheTech (NO MOVER O BORRAR)
Loaded Profile: george (Available profiles: ventas & george & Administrador)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
() C:\Archivos de programa\Mobogenie\MgAssist.exe
(Mobogenie.com) C:\Archivos de programa\Mobogenie3\MobogenieService.exe
() C:\Archivos de programa\Mobogenie\DaemonProcess.exe
(Symantec Corporation) C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
HKLM\...\Run: [mobilegeni daemon] => C:\Archivos de programa\Mobogenie\DaemonProcess.exe [748736 2014-08-13] ()
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\george\Datos de programa\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {04c09057-eb2d-11e3-8399-4487fc5ed029} - F:\autorun.exe
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {1652a050-77aa-11e3-8376-4487fc5ed029} - F:\mqhqcv.pif
HKU\S-1-5-21-861567501-152049171-725345543-1005\...\MountPoints2: {be016691-cee4-11e3-8391-4487fc5ed029} - F:\tksbwf.exe
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
R2 MgAssistService; C:\Archivos de programa\Mobogenie\MgAssist.exe [105664 2014-08-13] ()
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-11-22] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
U4 Alerter; No ImagePath
R3 amsint32; \??\C:\WINDOWS\system32\drivers\ltogmq.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
U3 kgdoypod; \??\C:\DOCUME~1\george\CONFIG~1\Temp\kgdoypod.sys [X]
2015-11-05 15:38 - 2013-12-13 16:39 - 00000000 ____D () C:\Archivos de programa\IminentToolbar
Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION
2014-01-31 11:56 - 2014-08-13 11:58 - 00105664 _____ () C:\Archivos de programa\Mobogenie\MgAssist.exe
2014-01-31 11:25 - 2014-08-13 11:58 - 00748736 _____ () C:\Archivos de programa\Mobogenie\DaemonProcess.exe
2014-01-31 11:56 - 2014-08-13 11:58 - 00065728 _____ () C:\Archivos de programa\Mobogenie\Device.dll
2014-01-31 11:56 - 2014-08-13 11:58 - 00474816 _____ () C:\Archivos de programa\Mobogenie\DCR.dll
end
*****************
 
C:\Archivos de programa\Mobogenie\MgAssist.exe => No running process found
C:\Archivos de programa\Mobogenie3\MobogenieService.exe => No running process found
C:\Archivos de programa\Mobogenie\DaemonProcess.exe => No running process found
C:\Archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-861567501-152049171-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
"HKU\S-1-5-21-861567501-152049171-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04c09057-eb2d-11e3-8399-4487fc5ed029}" => Key deleted successfully.
"HKCR\CLSID\{04c09057-eb2d-11e3-8399-4487fc5ed029}" => Key not found.
"HKU\S-1-5-21-861567501-152049171-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1652a050-77aa-11e3-8376-4487fc5ed029}" => Key deleted successfully.
"HKCR\CLSID\{1652a050-77aa-11e3-8376-4487fc5ed029}" => Key not found.
"HKU\S-1-5-21-861567501-152049171-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be016691-cee4-11e3-8391-4487fc5ed029}" => Key deleted successfully.
"HKCR\CLSID\{be016691-cee4-11e3-8391-4487fc5ed029}" => Key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} => value deleted successfully.
MgAssistService => Service stopped successfully.
MgAssistService => Service deleted successfully.
Secdrv => Service deleted successfully.
SRTSP => Error deleting Service
SRTSPX => Unable to stop service
SRTSPX => Error deleting Service
SymDS => Unable to stop service
SymDS => Error deleting Service
SymEFA => Unable to stop service
SymEFA => Error deleting Service
SymEvent => Unable to stop service
SymEvent => Error deleting Service
SymIRON => Unable to stop service
SymIRON => Error deleting Service
SYMTDI => Unable to stop service
SYMTDI => Error deleting Service
Alerter => Service deleted successfully.
amsint32 => Unable to stop service
amsint32 => Service deleted successfully.
IntelIde => Service deleted successfully.
WS2IFSL => Service deleted successfully.
kgdoypod => Service deleted successfully.
C:\Archivos de programa\IminentToolbar => Moved successfully.
Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION => Error: No automatic fix found for this entry.
Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Archivos de programa\Mobogenie\MgAssist.exe => Moved successfully.
C:\Archivos de programa\Mobogenie\DaemonProcess.exe => Moved successfully.
C:\Archivos de programa\Mobogenie\Device.dll => Moved successfully.
C:\Archivos de programa\Mobogenie\DCR.dll => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

#8 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 25 October 2014 - 09:47 PM

Good.

 

Now let's try a different tool.

 

Download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#9 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 27 October 2014 - 07:04 AM

I don´t know if both files are the same, so I paste both LOG and ComboFix.txt below.

 

 

 

LOG

 

 ComboFix 14-10-27.01 - george 10/27/2014   8:48.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1252.1.3082.18.3318.2628 [GMT -4:00]
Running from: c:\documents and settings\george\Escritorio\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\george\dos2usb.tmp
C:\DSCN3682.JPG
C:\sxpdg.pif
c:\windows\msdownld.tmp
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27  )))))))))))))))))))))))))))))))
.
.
2015-11-05 19:21 . 2015-11-05 19:22 -------- d-----w- c:\archivos de programa\Google
2015-11-05 19:18 . 2014-10-27 12:51 -------- d-----w- c:\documents and settings\george
2015-11-05 19:00 . 2015-11-05 19:13 -------- d-----w- c:\documents and settings\ventas\Configuración local\Datos de programa\Deployment
2015-11-05 18:59 . 2007-07-29 18:46 21504 ----a-w- c:\windows\system32\hidserv.dll
2015-11-05 18:59 . 2007-07-29 18:47 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2015-11-05 18:59 . 2007-07-29 18:46 14976 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2015-11-05 18:59 . 2007-07-29 18:46 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2015-11-05 18:59 . 2007-07-29 18:47 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-11-05 20:19 . 2014-11-05 20:19 -------- d-----w- c:\archivos de programa\TeamViewer
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\xircom
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\wbem\snmp
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\oobe
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\srchasst
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\msagent
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\archivos de programa\microsoft frontpage
2014-10-20 15:24 . 2014-10-20 15:24 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-20 15:01 . 2014-10-25 21:10 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 12:54 . 2014-10-27 12:54 103140 --sh--r- C:\tetxfl.pif
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2007-07-29 . C79DF4477C0D82BB045CBC50E2B677E9 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2007-07-29 . 157B6FCB58270E3DF3ED67D316DCECE0 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
.
[-] 2007-07-29 . 78793AAE30E77A07D6C5A378D163B909 . 398336 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
.
[-] 2007-07-29 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
.
[-] 2007-07-29 . 27CDCD592CCCBC1A5A62A0DE169B5BBB . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2007-07-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2007-07-29 . 3E555C1ABB1F5DF1649B83B1878AC123 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
.
[-] 2007-07-29 12:45 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
.
[-] 2007-07-29 . E5BEBAE61A1EBFE320300F0A327543DC . 1039360 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
.
[-] 2007-07-29 . C4E7CEFD3802415865E631BE3AB6AC3B . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
.
[-] 2007-07-29 . 12B4671166CFA774828D14524A185240 . 3085312 . . [6.00.2900.3132] . . c:\windows\ie7\mshtml.dll
[-] 2007-05-08 . 490864D060718243B4F0FA7DB26BD048 . 3584000 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
[-] 2007-05-08 . 490864D060718243B4F0FA7DB26BD048 . 3584000 . . [7.00.6000.20591] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2007-07-29 . 861E25215BA370D4CA9337C2BC0E647F . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
.
[-] 2007-07-29 . 237FB93C6B4330D8EE7D2448CF71C5ED . 579072 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
.
[-] 2007-07-29 . F83EA3CC10363E54AA27DF3F1A291DBC . 668160 . . [6.00.2900.3121] . . c:\windows\ie7\wininet.dll
[-] 2007-04-25 . 3F87B114C97989298D809A44664F8A29 . 823808 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll
[-] 2007-04-25 . 3F87B114C97989298D809A44664F8A29 . 823808 . . [7.00.6000.20583] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2007-07-29 . DBB6B75CC6CB2CF8EC0BAFCA08AED6BE . 1035776 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
[-] 2007-07-29 . 1CCD86AF8968519AE6BF9729FC566F1A . 1285632 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
.
[-] 2007-07-29 . 00C566D725F80E77DAACB82D1FED4493 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
.
.
.
[-] 2007-07-29 12:46 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
.
[-] 2007-07-29 12:45 . 2B7A4915332B5DD133536E1E7E436654 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
.
[-] 2007-07-29 . 53FF54334B619C46E0919F1F7D112493 . 2019840 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-07-29 . FDA9504C4993043EF75AD2F59CD6DABA . 2061824 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ntkrnlpa.exe
.
[-] 2007-07-29 . FCB8D49E28B6AB1BC09AC240B07BADFC . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
.
[-] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2004-08-19 . 2E47EC1812526240B1F9E00FB9E5036D . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
[-] 2007-07-29 . 5501760F52EB0930E89992600A4D4592 . 2140160 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-29 . 61BDB2667827D484604C9A09248D6223 . 2184576 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ntoskrnl.exe
.
[-] 2007-07-29 . FBBC9ADC4E3FB61F7346517F04239123 . 334336 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
.
[-] 2007-07-29 . 93D6AEA2B292424863412EEBCC0834CF . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOS2USB"="c:\archivos de programa\DOS2USB\DOS2USB.exe" [2007-05-24 280606]
"cdloader"="c:\documents and settings\george\Datos de programa\mjusbsp\cdloader2.exe" [2011-08-23 124320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\archivos de programa\USB Disk Security\USBGuard.exe" [2008-06-21 872448]
"Intuit SyncManager"="c:\archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe" [2013-08-19 2807608]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickBooksDB24"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2013-08-19 679936]
"ControlCenter4"="c:\archivos de programa\ControlCenter4\BrCcBoot.exe" [2012-09-07 212992]
"BrStsMon00"="c:\archivos de programa\Browny02\Brother\BrStMonW.exe" [2012-06-06 3145728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-04-25 124928]
.
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
Intuit Data Protect.lnk - c:\archivos de programa\Archivos comunes\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-8-19 6264632]
QuickBooks Update Agent.lnk - c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-8-19 1170248]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2014\QBW32.EXE -silent [2013-8-19 1289032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Reboot.exe]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Reboot.exe
backup=c:\windows\pss\Reboot.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-05-14 07:45 33624064 ----a-r- c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-13 03:01 173592 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-13 03:01 141336 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-13 03:01 142360 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Archivos de programa\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Archivos de programa\\Norton Identity Safe\\Engine\\2013.1.0.32\\ccSvcHst.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\quickstart.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\scalc.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Archivos de programa\\DOS2USB\\DOS2USB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2014\\QBW32.EXE"=
"c:\\Archivos de programa\\USB Disk Security\\USBGuard.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\soffice.bin"=
"c:\\PROGRA~1\\Intuit\\QUICKB~1\\QBDBMgrN.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Archivos de programa\\Browny02\\Brother\\BrStMonW.exe"=
"c:\\Archivos de programa\\ControlCenter4\\BrCtrlCntr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 3:19 AM 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1404000.028\symds.sys [11/22/2013 10:28 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1404000.028\symefa.sys [11/22/2013 10:28 PM 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx86.sys [11/14/2013 1:16 AM 1096280]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1404000.028\ccsetx86.sys [11/22/2013 10:28 PM 134744]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD01000.020\ccSetx86.sys [11/22/2013 7:14 PM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1404000.028\ironx86.sys [11/22/2013 10:28 PM 175264]
R2 MobogenieService;MobogenieService;c:\archivos de programa\Mobogenie3\MobogenieService.exe [7/15/2014 4:43 AM 113344]
R2 NCO;Norton Identity Safe;c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [11/22/2013 7:14 PM 143928]
R2 QBVSS;QBIDPService;c:\archivos de programa\Archivos comunes\Intuit\DataProtect\QBIDPService.exe [8/19/2013 10:03 AM 1248256]
R2 TeamViewer8;TeamViewer 8;c:\archivos de programa\TeamViewer\Version8\TeamViewer_Service.exe [11/5/2014 4:19 PM 5087584]
R3 BrYNSvc;BrYNSvc;c:\archivos de programa\Browny02\BrYNSvc.exe [5/19/2014 9:02 AM 266240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2013 4:50 AM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSXpx86.sys [11/28/2013 11:20 PM 380824]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/2/2010 5:53 AM 1358720]
S2 NAV;Norton AntiVirus;c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [11/22/2013 10:28 PM 144368]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/20/2014 11:24 AM 54360]
S4 QuickBooksDB24;QuickBooksDB24;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB24 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB24 [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 19:08 1089352 ----a-w- c:\archivos de programa\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-04 16:57]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2015-11-05 19:21]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2015-11-05 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.busca7.com
mStart Page = hxxp://www.busca7.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{42AEC371-9776-4368-8333-FD9EF5AB4A75}: NameServer = 196.3.81.5,200.88.127.23
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NAV - c:\archivos de programa\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\20.1.0.24\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-27 08:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NCO]
"ImagePath"="\"c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
c:\archivos de programa\TeamViewer\Version8\TeamViewer.exe
c:\archivos de programa\TeamViewer\Version8\tv_w32.exe
c:\archivos de programa\ControlCenter4\BrCtrlCntr.exe
c:\archivos de programa\ControlCenter4\BrCcUxSys.exe
c:\program files\Intuit\QuickBooks 2014\QBW32.EXE
.
**************************************************************************
.
Completion time: 2014-10-27  08:57:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-27 12:57
.
Pre-Run: 58,665,017,344 bytes libres
Post-Run: 59,121,324,032 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A08115A11C96E3E63AC5837698547DDC
792F61657FECE3D17A9122B4EE282847
 
 
 
 
 
ComboFix.txt
 
ComboFix 14-10-27.01 - george 10/27/2014   8:48.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.3082.18.3318.2628 [GMT -4:00]
Running from: c:\documents and settings\george\Escritorio\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\documents and settings\george\dos2usb.tmp
C:\DSCN3682.JPG
C:\sxpdg.pif
c:\windows\msdownld.tmp
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27  )))))))))))))))))))))))))))))))
.
.
2015-11-05 19:21 . 2015-11-05 19:22 -------- d-----w- c:\archivos de programa\Google
2015-11-05 19:18 . 2014-10-27 12:51 -------- d-----w- c:\documents and settings\george
2015-11-05 19:00 . 2015-11-05 19:13 -------- d-----w- c:\documents and settings\ventas\Configuración local\Datos de programa\Deployment
2015-11-05 18:59 . 2007-07-29 18:46 21504 ----a-w- c:\windows\system32\hidserv.dll
2015-11-05 18:59 . 2007-07-29 18:47 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2015-11-05 18:59 . 2007-07-29 18:46 14976 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2015-11-05 18:59 . 2007-07-29 18:46 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2015-11-05 18:59 . 2007-07-29 18:47 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-11-05 20:19 . 2014-11-05 20:19 -------- d-----w- c:\archivos de programa\TeamViewer
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\xircom
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\wbem\snmp
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\system32\oobe
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\srchasst
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\windows\msagent
2014-10-27 12:52 . 2014-10-27 12:52 -------- d-----w- c:\archivos de programa\microsoft frontpage
2014-10-20 15:24 . 2014-10-20 15:24 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-20 15:01 . 2014-10-25 21:10 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 12:54 . 2014-10-27 12:54 103140 --sh--r- C:\tetxfl.pif
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2007-07-29 . C79DF4477C0D82BB045CBC50E2B677E9 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2007-07-29 . 157B6FCB58270E3DF3ED67D316DCECE0 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
.
[-] 2007-07-29 . 78793AAE30E77A07D6C5A378D163B909 . 398336 . . [5.1.2600.2726] . . c:\windows\system32\rpcss.dll
.
[-] 2007-07-29 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
.
[-] 2007-07-29 . 27CDCD592CCCBC1A5A62A0DE169B5BBB . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2007-07-29 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2007-07-29 . 3E555C1ABB1F5DF1649B83B1878AC123 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
.
[-] 2007-07-29 12:45 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\system32\es.dll
.
[-] 2007-07-29 . E5BEBAE61A1EBFE320300F0A327543DC . 1039360 . . [5.1.2600.3119] . . c:\windows\system32\kernel32.dll
.
[-] 2007-07-29 . C4E7CEFD3802415865E631BE3AB6AC3B . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
.
[-] 2007-07-29 . 12B4671166CFA774828D14524A185240 . 3085312 . . [6.00.2900.3132] . . c:\windows\ie7\mshtml.dll
[-] 2007-05-08 . 490864D060718243B4F0FA7DB26BD048 . 3584000 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
[-] 2007-05-08 . 490864D060718243B4F0FA7DB26BD048 . 3584000 . . [7.00.6000.20591] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2007-07-29 . 861E25215BA370D4CA9337C2BC0E647F . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
.
[-] 2007-07-29 . 237FB93C6B4330D8EE7D2448CF71C5ED . 579072 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
.
[-] 2007-07-29 . F83EA3CC10363E54AA27DF3F1A291DBC . 668160 . . [6.00.2900.3121] . . c:\windows\ie7\wininet.dll
[-] 2007-04-25 . 3F87B114C97989298D809A44664F8A29 . 823808 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll
[-] 2007-04-25 . 3F87B114C97989298D809A44664F8A29 . 823808 . . [7.00.6000.20583] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2007-07-29 . DBB6B75CC6CB2CF8EC0BAFCA08AED6BE . 1035776 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
[-] 2007-07-29 . 1CCD86AF8968519AE6BF9729FC566F1A . 1285632 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
.
[-] 2007-07-29 . 00C566D725F80E77DAACB82D1FED4493 . 135168 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
.
.
.
[-] 2007-07-29 12:46 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
.
[-] 2007-07-29 12:45 . 2B7A4915332B5DD133536E1E7E436654 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
.
[-] 2007-07-29 . 53FF54334B619C46E0919F1F7D112493 . 2019840 . . [5.1.2600.3093] . . c:\windows\system32\ntkrnlpa.exe
[-] 2007-07-29 . FDA9504C4993043EF75AD2F59CD6DABA . 2061824 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ntkrnlpa.exe
.
[-] 2007-07-29 . FCB8D49E28B6AB1BC09AC240B07BADFC . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
.
[-] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2004-08-19 . 2E47EC1812526240B1F9E00FB9E5036D . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
[-] 2007-07-29 . 5501760F52EB0930E89992600A4D4592 . 2140160 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-29 . 61BDB2667827D484604C9A09248D6223 . 2184576 . . [5.1.2600.3093] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\ntoskrnl.exe
.
[-] 2007-07-29 . FBBC9ADC4E3FB61F7346517F04239123 . 334336 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
.
[-] 2007-07-29 . 93D6AEA2B292424863412EEBCC0834CF . 7680 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOS2USB"="c:\archivos de programa\DOS2USB\DOS2USB.exe" [2007-05-24 280606]
"cdloader"="c:\documents and settings\george\Datos de programa\mjusbsp\cdloader2.exe" [2011-08-23 124320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"="c:\archivos de programa\USB Disk Security\USBGuard.exe" [2008-06-21 872448]
"Intuit SyncManager"="c:\archivos de programa\Archivos comunes\Intuit\Sync\IntuitSyncManager.exe" [2013-08-19 2807608]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickBooksDB24"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2013-08-19 679936]
"ControlCenter4"="c:\archivos de programa\ControlCenter4\BrCcBoot.exe" [2012-09-07 212992]
"BrStsMon00"="c:\archivos de programa\Browny02\Brother\BrStMonW.exe" [2012-06-06 3145728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-04-25 124928]
.
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
Intuit Data Protect.lnk - c:\archivos de programa\Archivos comunes\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-8-19 6264632]
QuickBooks Update Agent.lnk - c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-8-19 1170248]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2014\QBW32.EXE -silent [2013-8-19 1289032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Reboot.exe]
path=c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Reboot.exe
backup=c:\windows\pss\Reboot.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-05-14 07:45 33624064 ----a-r- c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-13 03:01 173592 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-13 03:01 141336 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-13 03:01 142360 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Archivos de programa\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Archivos de programa\\Norton Identity Safe\\Engine\\2013.1.0.32\\ccSvcHst.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\quickstart.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\scalc.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\Archivos de programa\\DOS2USB\\DOS2USB.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2014\\QBW32.EXE"=
"c:\\Archivos de programa\\USB Disk Security\\USBGuard.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\soffice.exe"=
"c:\\Archivos de programa\\OpenOffice.org 3\\program\\soffice.bin"=
"c:\\PROGRA~1\\Intuit\\QUICKB~1\\QBDBMgrN.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Archivos de programa\\Browny02\\Brother\\BrStMonW.exe"=
"c:\\Archivos de programa\\ControlCenter4\\BrCtrlCntr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/2/2010 3:19 AM 685816]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1404000.028\symds.sys [11/22/2013 10:28 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1404000.028\symefa.sys [11/22/2013 10:28 PM 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx86.sys [11/14/2013 1:16 AM 1096280]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1404000.028\ccsetx86.sys [11/22/2013 10:28 PM 134744]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD01000.020\ccSetx86.sys [11/22/2013 7:14 PM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1404000.028\ironx86.sys [11/22/2013 10:28 PM 175264]
R2 MobogenieService;MobogenieService;c:\archivos de programa\Mobogenie3\MobogenieService.exe [7/15/2014 4:43 AM 113344]
R2 NCO;Norton Identity Safe;c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe [11/22/2013 7:14 PM 143928]
R2 QBVSS;QBIDPService;c:\archivos de programa\Archivos comunes\Intuit\DataProtect\QBIDPService.exe [8/19/2013 10:03 AM 1248256]
R2 TeamViewer8;TeamViewer 8;c:\archivos de programa\TeamViewer\Version8\TeamViewer_Service.exe [11/5/2014 4:19 PM 5087584]
R3 BrYNSvc;BrYNSvc;c:\archivos de programa\Browny02\BrYNSvc.exe [5/19/2014 9:02 AM 266240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivos de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2013 4:50 AM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Datos de programa\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSXpx86.sys [11/28/2013 11:20 PM 380824]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/2/2010 5:53 AM 1358720]
S2 NAV;Norton AntiVirus;c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [11/22/2013 10:28 PM 144368]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/20/2014 11:24 AM 54360]
S4 QuickBooksDB24;QuickBooksDB24;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB24 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB24 [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 19:08 1089352 ----a-w- c:\archivos de programa\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-04 16:57]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2015-11-05 19:21]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2015-11-05 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.busca7.com
mStart Page = hxxp://www.busca7.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{42AEC371-9776-4368-8333-FD9EF5AB4A75}: NameServer = 196.3.81.5,200.88.127.23
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NAV - c:\archivos de programa\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\20.1.0.24\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-27 08:53
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\archivos de programa\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NCO]
"ImagePath"="\"c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\archivos de programa\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Archivos comunes\Intuit\QuickBooks\QBCFMonitorService.exe
c:\archivos de programa\TeamViewer\Version8\TeamViewer.exe
c:\archivos de programa\TeamViewer\Version8\tv_w32.exe
c:\archivos de programa\ControlCenter4\BrCtrlCntr.exe
c:\archivos de programa\ControlCenter4\BrCcUxSys.exe
c:\program files\Intuit\QuickBooks 2014\QBW32.EXE
.
**************************************************************************
.
Completion time: 2014-10-27  08:57:04 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-27 12:57
.
Pre-Run: 58,665,017,344 bytes libres
Post-Run: 59,121,324,032 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A08115A11C96E3E63AC5837698547DDC
792F61657FECE3D17A9122B4EE282847

#10 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 27 October 2014 - 08:10 AM

Ok... now let's see if we can get Service Pack 3 installed.

 

Please follow this link: http://www.microsoft...ails.aspx?id=24

 

Download and install SP3.

 

Then please run ComboFix again and post the log here.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

    Advertisements

Register to Remove

#11 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 30 October 2014 - 07:40 AM

Sure, I will notify you when I finish

#12 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 30 October 2014 - 09:38 AM

Thank you.  If all goes well I should know when you post the new log.


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#13 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 31 October 2014 - 08:14 AM

Hi,

 

everything went very well, the update was succesful, but now, I'm trying to uninstall an old Norton Antivirus program I have, but throws me an error, I tried to delete it from the control panel, but the software isn't in the list, so I tried from the program it self, but it trows me several errors.


#14 jorgitso

jorgitso

    Authentic Member

  • Authentic Member
  • PipPip
  • 29 posts

Posted 31 October 2014 - 08:18 AM

Also!, can't download any antivirus yet! :s

download status still says network error when is almost finishing


Edited by jorgitso, 31 October 2014 - 08:20 AM.

#15 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 31 October 2014 - 10:29 AM

Can you please post a new ComboFix log as requested in post #10?


Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: virus, help, remove, denied, install, download, antivirus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·