Inicio Windows XP lento y navegación lenta


#1

Windows XP profesional se inicia lento. Mientras se inician los componentes del área de notificación en algún momento se queda mucho tiempo esperando, 1 minuto o más, hasta que prosigue con normalidad. Por otro lado el navegador de internet (Google Chrome o Mozilla) procesa lentamente pero no siempre. En ocasiones tiene buen funcionamiento y en otras no. Cuando va mal no sirve con cerrar la sesión y volver a iniciarla, al final tengo que apagar el PC por completo. Añadir que sigo los consejos para la eliminación de malware de la “Guía de Detección y Eliminación de Malware”, incluido el análisis online con eset y después el CCleaner No sé que más puedo intentar. Gracias.


#2

Hola.

Que resultados obtienes con las herramientas de la Guía, tienes informes.??


#3

No tengo informes. Cuando realizo las exploraciones y me recomienda eliminar lo hago, pero no guardo nada. Lo que quiero decir es que no es suficiente realizar las operaciones de exploración normales.


#4

Bien… pues lo primero y para revisar/verificar tu máquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :


CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Escanear, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Limpiar.

  • Guardas el reporte que te aparecerá, para copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en :arrow_forward: C:\AdwCleaner\AdwCleaner[C1].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relacion al problema planteado. :face_with_monocle:

Saludos, Javier.


#5

Javier he pasado el CCleaner y, cuando me disponía a instalar Malwarebytes, no he podido porque me da el siguiente error:

Runtime Error (at 423:824): Could ot call proc.

Tengo instalada ya la versión 3.5.1 y, además, actualizada. ¿Podría utilizar ésta? o, ¿no tendría los mismos resultados?


#6

Hola.

Efectivamente…puedes usar perfectamente la versión que ya tienes instalada, no hay problema.

No has podido usar y/o instalar la otra por que esa versión ya NO es compatible con Windows XP.

Saludos.


#7

Bueno. Te envío los informes después de hacer los análisis.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 28/12/18
Hora del análisis: 16:03
Archivo de registro: b49374c5-0ab1-11e9-bd15-c04a0020a1be.json
Administrador: Sí

-Información del software-
Versión: 3.5.1.2522
Versión de los componentes: 1.0.365
Versión del paquete de actualización: 1.0.8529
Licencia: Gratis

-Información del sistema-
SO: Windows XP Service Pack 3
CPU: x86
Sistema de archivos: NTFS
Usuario: HOGAR-98E03BF29\Pap\u00c3\u00a1 y Mam\u00c3\u00a1

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 234422
Amenazas detectadas: 0
(No hay elementos maliciosos detectados)
Amenazas en cuarentena: 0
(No hay elementos maliciosos detectados)
Tiempo transcurrido: 26 min, 15 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Advertencia
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end) 
# AdwCleaner v6.047 - Logfile created 28/12/2018 at 16:44:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Papá y Mamá - HOGAR-98E03BF29
# Running from : C:\Documents and Settings\Papá y Mamá\Desktop\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1048 Bytes] - [28/12/2018 16:44:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1121 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86 
Ran by Pap  y Mam  (Administrator) on 28/12/2018 at 17:09:05,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8 

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\G18RL6ER (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GA8S02YP (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LRQFOIL7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NGW24A8J (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G18RL6ER (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GA8S02YP (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LRQFOIL7 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NGW24A8J (Temporary Internet Files Folder) 



Registry: 1 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/12/2018 at 17:11:33,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28.12.2018 01
Ran by Papá y Mamá (administrator) on HOGAR-98E03BF29 (28-12-2018 17:15:42)
Running from C:\Documents and Settings\Papá y Mamá\Desktop
Loaded Profiles: Papá y Mamá (Available Profiles: Papá y Mamá & Elena & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Inglés (Estados Unidos)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-03-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-08-02] (ATI Technologies Inc.)
HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Papá y Mamá\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-02-19] (Spotify Ltd)
HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204800 2009-02-04] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2006-03-15] (DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2006-03-15] ()
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2006-03-15] ()
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2006-03-15] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Intel Corporation)
HKLM\...\Drivers32: [msacm.siren] => C:\WINDOWS\system32\sirenacm.dll [48464 2010-04-16] (Microsoft Corporation)
HKLM\...\Drivers32: [vidc.XVID] => C:\WINDOWS\system32\xvidvfw.dll [243200 2011-06-24] ()
HKLM\...\Drivers32: [vidc.YV12] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files\ffdshow\ffdshow.ax [1761280 2004-10-12] ()
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [720384 2010-02-19] (DivX, Inc.)
HKLM\...\Drivers32: [VIDC.FMVC] => C:\WINDOWS\system32\fmcodec.dll [77824 2008-08-18] (Fox Magic Software)
HKLM\Software\...\AppCompatFlags\Custom\AJTS.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\bugs.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Burst.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\CHECK.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Dinosaur.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Disney Le Roi Lion II.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Donald.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\eng.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\GETREADY.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\HADESCH.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Instalar.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Launcher.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\LaunchFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\LaunchNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Lejonkungen II.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\LK II.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MICKEY1.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Mickey2.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MickeyJ.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MICKEYM.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MickeyP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MickyE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MICKYK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\MickyV.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\music.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Pochahontas II.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\PoohK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\PoohP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\PoohT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Print.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Setup.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGDA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGDE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGFI.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaDA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaDE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaFI.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaIT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaNO.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaSP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaSW.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCongaUK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubDA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubDE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubFI.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubIT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubNO.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubSP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubSW.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSCubUK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleDA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleDE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleFI.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleIT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleNO.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleSP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleSW.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSPaddleUK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampDA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampDE.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampFI.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampFR.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampIT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampNO.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampSP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampSW.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGHSSwampUK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGIT.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGNL.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGNO.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGSP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGSW.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\SPAGUK.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Toddler.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\TopoliA.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\TopoliP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\TopoliPP.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\ts2ac.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\TSAC.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Tslnch.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\TSSW.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\Typing.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\VIDEO.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\WDWRacing.exe: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\YPOOH.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\ZPOOH.EXE: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\_INS0432._MP: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\Custom\_INS5176._MP: [{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb] -> 16c04f253472d001
HKLM\Software\...\AppCompatFlags\InstalledSDB\{4acec804-8c2c-4c78-9127-6c6b756e44e2}: [DatabasePath] -> C:\WINDOWS\AppPatch\Custom\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb [2003-06-13]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-02-23]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A555B3AF-0E2C-4EBD-A79E-91872E5E10EF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A555B3AF-0E2C-4EBD-A79E-91872E5E10EF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1757981266-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1757981266-484061587-725345543-1003 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10] (SEIKO EPSON CORPORATION)
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353346491859
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Papá y Mamá\Application Data\Mozilla\Firefox\Profiles\kfvnqg5i.default [2018-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.es.yahoo.com/
CHR NewTab: Default ->  Not-active:"chrome-extension://flndkmkiknaafapnnmbmimjjgnlcldlg/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://goooglesearch.net/KYv88S?sub_id_1={searchTerms}
CHR Profile: C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default [2018-12-28]
CHR Extension: (Documentos) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Búsqueda de Google) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Documentos de Google sin conexión) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-06]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (Gmail) - C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-03-17] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-12-05] (Adobe Systems Incorporated) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-08-02] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2185272 2018-06-26] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-04-24] (Hewlett-Packard Company) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 RalinkRegistryWriter; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe [375872 2013-06-17] (Ralink Technology, Corp.)
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3960896 2006-03-31] (Realtek Semiconductor Corp.)
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
S3 cdrombus; C:\WINDOWS\System32\Drivers\cdrombus.sys [18816 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [209576 2018-05-27] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [158616 2018-05-27] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [139944 2018-05-27] (ESET)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2012-12-16] () [File not signed]
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [148600 2018-12-28] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220896 2018-12-28] (Malwarebytes)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1660488 2013-09-06] (Ralink Technology, Corp.)
R3 RTL8023; C:\WINDOWS\System32\DRIVERS\Rtlnic.sys [70144 2004-12-02] (Realtek Semiconductor Corporation ) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2013-06-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S3 catchme; \??\C:\DOCUME~1\PAPYMA~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S0 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-28 17:15 - 2018-12-28 17:16 - 000025996 _____ C:\Documents and Settings\Papá y Mamá\Desktop\FRST.txt
2018-12-28 17:15 - 2018-12-28 17:15 - 000000000 ____D C:\FRST
2018-12-28 17:11 - 2018-12-28 17:11 - 000001937 _____ C:\Documents and Settings\Papá y Mamá\Desktop\JRT.txt
2018-12-28 16:44 - 2018-12-28 16:44 - 000001203 _____ C:\Documents and Settings\Papá y Mamá\Desktop\AdwCleaner[S0].txt
2018-12-28 16:42 - 2018-12-28 16:46 - 000000000 ____D C:\AdwCleaner
2018-12-28 12:02 - 2018-12-28 12:02 - 000148600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-12-28 12:01 - 2018-12-28 12:01 - 000020046 _____ C:\Documents and Settings\Papá y Mamá\My Documents\cc_20181228_120126.reg
2018-12-28 11:45 - 2018-12-28 11:46 - 001781248 _____ (Farbar) C:\Documents and Settings\Papá y Mamá\Desktop\FRST.exe
2018-12-28 11:43 - 2018-12-28 11:43 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Papá y Mamá\Desktop\JRT.exe
2018-12-28 11:25 - 2018-12-28 11:35 - 081227760 _____ (Malwarebytes ) C:\Documents and Settings\Papá y Mamá\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2018-12-28 11:14 - 2018-12-28 11:18 - 004110280 _____ C:\Documents and Settings\Papá y Mamá\Desktop\adwcleaner_6.047.exe
2018-12-28 11:01 - 2018-12-28 11:03 - 019299120 _____ (Piriform Software Ltd) C:\Documents and Settings\Papá y Mamá\Desktop\ccsetup551.exe
2018-12-27 11:14 - 2018-12-27 11:14 - 000000000 ____D C:\Documents and Settings\Elena\Desktop\Datos antiguos de Firefox
2018-12-19 09:29 - 2018-12-19 09:29 - 000107775 _____ C:\Documents and Settings\Papá y Mamá\My Documents\Amazon.pdf
2018-12-19 09:24 - 2018-12-19 09:24 - 000107775 _____ C:\Documents and Settings\Papá y Mamá\Desktop\Amazon.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-28 17:16 - 2017-10-15 17:51 - 000000000 ____D C:\Documents and Settings\Papá y Mamá\Local Settings\temp
2018-12-28 17:09 - 2012-11-19 15:26 - 000000000 ____D C:\WINDOWS\Registration
2018-12-28 17:06 - 2014-03-10 16:14 - 000000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2018-12-28 17:06 - 2013-12-09 01:08 - 000001084 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-12-28 17:05 - 2018-09-15 16:20 - 000000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-12-28 16:49 - 2018-08-20 18:23 - 000000340 ____H C:\WINDOWS\Tasks\CCleaner Update.job
2018-12-28 16:48 - 2012-11-19 15:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-28 16:46 - 2018-11-14 17:51 - 000032596 _____ C:\WINDOWS\SchedLgU.Txt
2018-12-28 16:46 - 2012-11-19 15:45 - 000000178 ___SH C:\Documents and Settings\Papá y Mamá\ntuser.ini
2018-12-28 16:02 - 2018-11-13 09:54 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-12-28 13:48 - 2013-12-09 01:08 - 000001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-12-28 13:18 - 2014-04-15 11:24 - 000000000 ____D C:\Documents and Settings\Papá y Mamá\Application Data\vlc
2018-12-28 12:00 - 2013-01-19 16:59 - 000000000 ____D C:\WINDOWS\Minidump
2018-12-28 11:58 - 2018-08-20 18:23 - 000000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2018-12-28 08:47 - 2006-03-15 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
2018-12-27 13:03 - 2012-11-20 23:04 - 000000178 ___SH C:\Documents and Settings\Elena\ntuser.ini
2018-12-27 12:45 - 2016-10-02 19:07 - 000000000 ____D C:\Documents and Settings\Elena\Local Settings\temp
2018-12-27 11:17 - 2017-04-16 08:24 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-12-27 11:11 - 2017-04-24 10:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-19 09:31 - 2013-03-12 02:34 - 000247808 ___SH C:\Documents and Settings\Papá y Mamá\My Documents\Thumbs.db
2018-12-14 07:56 - 2012-11-19 15:45 - 000000000 ____D C:\Documents and Settings\Papá y Mamá
2018-12-05 22:06 - 2018-03-13 19:23 - 000000910 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2018-12-05 22:06 - 2012-11-20 23:33 - 000842240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-12-05 22:06 - 2012-11-20 23:33 - 000175104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-12-05 22:06 - 2012-11-19 15:28 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2013-04-22 17:18 - 2013-04-22 17:18 - 000691152 _____ (AEAT) C:\Documents and Settings\Papá y Mamá\Actualizacion_Renta2012_windows_1_10.exe
2018-04-21 18:47 - 2018-04-21 18:47 - 000326325 _____ () C:\Documents and Settings\Papá y Mamá\Application Data\PE.bin
2017-04-03 16:58 - 2017-10-15 16:54 - 000000513 _____ () C:\Documents and Settings\Papá y Mamá\Application Data\Poladroid prefs.plist
2012-11-21 13:25 - 2018-11-13 15:43 - 000107008 _____ () C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-19 18:04 - 2012-11-19 18:04 - 000000134 _____ () C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\fusioncache.dat
2017-09-15 12:04 - 2017-09-15 12:04 - 000001085 _____ () C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

#8

Aquí está el último informe:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by Papá y Mamá (28-12-2018 17:16:37)
Running from C:\Documents and Settings\Papá y Mamá\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-11-19 14:32:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1757981266-484061587-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1757981266-484061587-725345543-1004 - Limited - Enabled)
Elena (S-1-5-21-1757981266-484061587-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Elena
Guest (S-1-5-21-1757981266-484061587-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1757981266-484061587-725345543-1000 - Limited - Disabled)
Papá y Mamá (S-1-5-21-1757981266-484061587-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Papá y Mamá
SUPPORT_388945a0 (S-1-5-21-1757981266-484061587-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
Acción Rescate (HKLM\...\ARescate) (Version:  - )
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Any Video Converter 5.7.5 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ArcSoft Panorama Maker 3 (HKLM\...\{A5F68DC8-0278-4AD8-B413-861509B5F25B}) (Version:  - ArcSoft)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{3EFEA529-2CFD-4357-A10B-F0BDFEBA5092}) (Version: 1.2.2405.30455 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.282-060802a-035722C-ATI - )
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
Comecocos (HKLM\...\{D5AC1F10-FE0F-11D6-80BE-0050BAAAE8FF}) (Version: 1.00.000 - )
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Configurador AEAT (HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\Configurador AEAT 2.5) (Version: 2.5 - AEAT)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 (HKLM\...\Diner Dash 2_is1) (Version:  - )
Disney Gamebreak El Tesoro de Simba (HKLM\...\Gamebreak El Tesoro de Simba) (Version:  - )
Disney Interactive Global Compatibility Update June 2003 (HKLM\...\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb) (Version:  - )
eMule (HKLM\...\eMule) (Version:  - )
EPSON CardMonitor (HKLM\...\{109D28C7-FB38-483A-9C91-001CB59E2699}) (Version:  - )
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.0.2.0 - )
EPSON PhotoQuicker3.5 (HKLM\...\{65F5B7AF-3363-11D7-BB6B-00018021113F}) (Version:  - )
EPSON PhotoStarter3.1 (HKLM\...\{C48817E7-AA05-4151-A99D-1E1E550CE801}) (Version:  - )
EPSON PRINT Image Framer Tool2.1 (HKLM\...\{23B59ED4-C360-11D7-875B-0090CC005647}) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Smart Panel (HKLM\...\{6C11D561-620B-47DA-A693-4C597F3CDF40}) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESCX3600 Manual de Referencia (HKLM\...\ESCX3600 Manual de Referencia) (Version:  - )
ESCX3600 Manual de software (HKLM\...\ESCX3600 Manual de software) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{1E8298E4-1428-4E59-879A-F02D6E723733}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
ffdshow (remove only) (HKLM\...\ffdshow) (Version:  - )
FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Hofmann 10.0.3 (HKLM\...\{D97F86DC-69A7-4B3C-AB78-D6E424BC3D4E}) (Version: 10.0.3 - Hofmann)
Instalación de DivX (HKLM\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Learning Essentials para Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe  1.4.89.1 (HKLM\...\{2792F12C-3515-4D69-8083-B557AF35F06F}) (Version: 1.4.89.1 - hxxp://www.lightscribe.com) Hidden
Localization Pack for Microsoft Windows XP Media Center Edition (HKLM\...\{6110AC9D-6D79-4D32-BF4E-E600689F5B15}) (Version: 1.0.0 - WIT) Hidden
Malwarebytes versión 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Matemáticas de Microsoft (HKLM\...\{07143840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
MediaInfo 0.7.80 (HKLM\...\MediaInfo) (Version: 0.7.80 - MediaArea.net)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Spanish Language Pack (HKLM\...\{83169D43-4660-4347-BC95-E9D6E6BE65CE}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Student con Encarta Premium 2009 (HKLM\...\{09141881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 52.9.0 ESR (x86 es-ES) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 es-ES)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0.6746 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
Nero12EssTSST (HKLM\...\{1DEC64C1-7F34-44CD-BC35-8E0A096300CF}) (Version: 12.0.01100 - Nero AG)
Paquete de controladores de Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0) (HKLM\...\9722CA1E8F72F362E93CBEC75A707FDABFC8D880) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.)
Paquete de controladores de Windows - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/11/2012 2.0.0010.00002) (HKLM\...\04CF11701525348E660A41C9E4DEE7AAAD98E86E) (Version: 12/11/2012 2.0.0010.00002 - Google, Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\164A1E7FF3DDF1D1429B061CEE765B978D4B69AF) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\D508BE44D6211DAD002341FADB5C8DA632F0326F) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (12/24/2011 2.0000.0.0) (HKLM\...\771C514E9C0BA1CD3D17BBBEC61E3DA148D17997) (Version: 12/24/2011 2.0000.0.0 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\1C30D77FB8A9DD0D749C9A5E899FA9CD3F369744) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Paquete de controladores de Windows - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\69CADF8F00AAA9A376C5E2AB10282E747EC5386D) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Paquete de idioma de Microsoft .NET Framework 2.0 - ESN (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - ESN) (Version:  - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PIF DESIGNER2.1 (HKLM\...\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}) (Version:  - )
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.) Hidden
Poladroid (HKLM\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
Prerequisite installer (HKLM\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.23 - Realtek Semiconductor Corp.)
Renta 2012 1.00 (HKLM\...\8421-7800-2226-7659) (Version: 1.00 - AEAT)
Renta 2013 1.21 (HKLM\...\2285-3920-8902-9260) (Version: 1.21 - AEAT)
Renta 2014 1.20 (HKLM\...\8330-1526-1221-2374) (Version: 1.20 - AEAT)
Renta 2015 1.09 (HKLM\...\9648-5771-9114-3169) (Version: 1.09 - AEAT)
Reproductor de Windows Media 11 (HKLM\...\Windows Media Player) (Version:  - )
ScanToWeb (HKLM\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Software de impresora EPSON (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Spotify (HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SSC Service Utility v4.30 (HKLM\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TP-LINK TL-WN727N Driver (HKLM\...\{52C7E8B3-A21E-460B-A9EC-5B6CBB8635CE}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Internet Explorer 8 Multilingual User Interface (MUI) (HKLM\...\IE8-MUI) (Version: 20090411.120000 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Editor(Build 5.0.1) (HKLM\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1757981266-484061587-725345543-1003_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-06-26] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll [2008-09-02] (Alcohol Soft Development Team)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-06-26] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll [2005-10-19] ()
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-06-26] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CCleaner Update.job => C:\Program Files\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\":
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control:

==================== Loaded Modules (Whitelisted) ==============

2006-03-15 13:00 - 2011-02-04 17:48 - 000291840 _____ () C:\WINDOWS\system32\sbe.dll
2006-03-15 13:00 - 2013-01-02 07:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-03-15 13:00 - 2008-04-14 05:41 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-03-15 13:00 - 2008-04-14 05:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.

IE trusted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\gob.es -> hxxps://agenciatributaria.gob.es
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1757981266-484061587-725345543-1003\...\123simsen.com -> www.123simsen.com

There are 7932 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-03-15 13:00 - 2017-10-18 10:46 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1757981266-484061587-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Corporation)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk => C:\WINDOWS\pss\BDARemote.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPSON Stylus CX3600 Series (Copiar 1) => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P37 "EPSON Stylus CX3600 Series (Copiar 1)" /O6 "USB001" /M "Stylus CX3600"
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Papá y Mamá\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Papá y Mamá\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\VideoLAN\VLC\vlc.exe] => Disabled:VLC media player 2.1.3
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Papá y Mamá\Application Data\uTorrent\updates\3.4.3_40298.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Disabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe] => Disabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Elena\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\eMule\emule.exe] => Enabled:eMule
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\CCleaner\CCUpdate.exe] => Enabled:CCleaner Update
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
DomainProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
DomainProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
DomainProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
DomainProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
DomainProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
DomainProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [10243:TCP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [10280:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [10281:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [10282:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [10283:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [10284:UDP] => :LocalSubNet:Enabled:Servicio de uso compartido de red del Reproductor de Windows Media
StandardProfile\GloballyOpenPorts: [50001:TCP] => Enabled:Emule1
StandardProfile\GloballyOpenPorts: [60002:UDP] => Enabled:Emule2

==================== Restore Points =========================

29-09-2018 16:33:22 Punto de control del sistema
30-09-2018 22:27:08 Punto de control del sistema
02-10-2018 13:04:45 Punto de control del sistema
03-10-2018 16:47:47 Punto de control del sistema
12-10-2018 15:28:19 Punto de control del sistema
14-10-2018 08:50:58 Punto de control del sistema
16-10-2018 12:49:05 Punto de control del sistema
18-10-2018 10:47:32 Punto de control del sistema
19-10-2018 11:17:38 Punto de control del sistema
20-10-2018 12:41:00 Punto de control del sistema
21-10-2018 13:53:37 Punto de control del sistema
25-10-2018 19:40:24 Punto de control del sistema
29-10-2018 22:58:18 Punto de control del sistema
04-11-2018 19:54:30 Punto de control del sistema
05-11-2018 20:21:04 Punto de control del sistema
07-11-2018 14:41:48 Punto de control del sistema
11-11-2018 18:52:54 Punto de control del sistema
12-11-2018 20:43:11 Punto de control del sistema
14-11-2018 20:03:37 Punto de control del sistema
16-11-2018 12:45:52 Punto de control del sistema
18-11-2018 11:08:50 Punto de control del sistema
20-11-2018 22:49:03 Punto de control del sistema
24-11-2018 10:14:32 Punto de control del sistema
25-11-2018 12:37:18 Punto de control del sistema
02-12-2018 12:53:14 Punto de control del sistema
04-12-2018 21:27:55 Punto de control del sistema
05-12-2018 22:24:26 Punto de control del sistema
26-12-2018 13:27:52 Punto de control del sistema
28-12-2018 10:20:00 Punto de control del sistema
28-12-2018 17:09:13 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2018 06:38:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplicación que no responde: explorer.exe, versión 6.0.2900.5512, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error: (12/10/2018 06:31:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo con error: libavcodec.dll, versión 0.0.0.0, dirección de error 0x0019d098.
Procesando suceso específico de medio para [explorer.exe!ws!]

Error: (12/10/2018 06:30:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplicación que no responde: explorer.exe, versión 6.0.2900.5512, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error: (12/10/2018 06:30:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo con error: libavcodec.dll, versión 0.0.0.0, dirección de error 0x0019d098.
Procesando suceso específico de medio para [explorer.exe!ws!]

Error: (12/10/2018 06:29:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplicación que no responde: explorer.exe, versión 6.0.2900.5512, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.

Error: (12/10/2018 06:27:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: drwtsn32.exe, versión: 5.1.2600.0, módulo con error: dbghelp.dll, versión 5.1.2600.5512, dirección de error 0x0001295d.
Procesando suceso específico de medio para [drwtsn32.exe!ws!]

Error: (12/10/2018 06:27:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: explorer.exe, versión: 6.0.2900.5512, módulo con error: libavcodec.dll, versión 0.0.0.0, dirección de error 0x0019d098.
Procesando suceso específico de medio para [explorer.exe!ws!]

Error: (12/02/2018 02:22:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: twcu.exe, versión: 0.0.0.0, módulo con error: twcu.exe, versión 0.0.0.0, dirección de error 0x00034037.
Procesando suceso específico de medio para [twcu.exe!ws!]


System errors:
=============
Error: (12/28/2018 05:09:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio COM+ System Application terminó inesperadamente.  Lo ha hecho 1 veces.  Se realizará la siguiente acción correctora en 1000 milisegundos: Reiniciar el servicio.

Error: (12/28/2018 05:09:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente.  Lo ha hecho 1 veces.  Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio StarWind AE Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Media Center Extender Service terminó inesperadamente.  Lo ha hecho 1 veces.  Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio RalinkRegistryWriter se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio LightScribeService Direct Disc Labeling Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Servicio de programador de Media Center se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (12/28/2018 05:09:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Receptor de Media Center terminó inesperadamente.  Lo ha hecho 1 veces.  Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 50%
Total physical RAM: 1535.29 MB
Available physical RAM: 754.22 MB
Total Virtual: 3431.6 MB
Available Virtual: 2851.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:10.4 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:38.44 GB) (Free:7.62 GB) NTFS
Drive f: (Cine) (Fixed) (Total:298.08 GB) (Free:12.87 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 233.8 GB) (Disk ID: FD40FD40)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=38.4 GB) - (Type=0F Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 398EB528)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#9

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2012-12-16] () [File not signed]
S3 catchme; \??\C:\DOCUME~1\PAPYMA~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S0 sptd; System32\Drivers\sptd.sys [X]
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
2012-11-21 13:25 - 2018-11-13 15:43 - 000107008 _____ () C:\Documents and Settings\Papá y Mamá\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.


#10

No puedo iniciar en modo a prueba de errores con conexión a red. No se conecta porque no inicia el driver del adaptador de red. Es TP-LINK Wireless usb adapter. ¿Se podría hacer a prueba de errores pero sin conexión a red?


#11

Hola @anlecina

Si tienes problemas con ese modo de windows NO hay problema, deja preparado el fichero y sigue las indicaciones desde el modo normal de windows y luego inicia tu equipo desde el modo seguro para realizar únicamente los pasos del FIX con FRST. :+1:


#12

Ya he iniciado la reparación, pero el FRST tarda mucho; parece bloqueado. Creo que es así por que ya ha copiado el archivo Fixlog.txt en el escritorio. Lleva como una hora. He abierto el archivo y por lo que he leído parece que ha completado la reparación. Indica, entre otras cosas, que ha eliminado (removed) servicios. Tengo miedo de que al forzar la finalización del programa ello pueda afectar al PC


#13

Bueno como no habías podido responder a mi anterior cuestión, y viendo que el FRST tardaba demasiado ya, me arriesgué a parar el proceso. Te envío el texto del resultado y tengo que decir que el inicio de windows es fantástico. Solo lo he hecho una vez. Lo intentaré más veces a ver qué pasa. Gracias:

Fix result of Farbar Recovery Scan Tool (x86) Version: 28.12.2018 01
Ran by Papá y Mamá (30-12-2018 09:29:43) Run:1
Running from C:\Documents and Settings\Papá y Mamá\Desktop
Loaded Profiles: Papá y Mamá (Available Profiles: Papá y Mamá & Elena & Administrator)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
START

CREATERESTOREPOINT:

CLOSEPROCESSES:

Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File

S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2012-12-16] () [File not signed]

S3 catchme; \??\C:\DOCUME~1\PAPYMA~1\LOCALS~1\Temp\catchme.sys [X]

S4 IntelIde; no ImagePath

S0 sptd; System32\Drivers\sptd.sys [X]

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

2012-11-21 13:25 - 2018-11-13 15:43 - 000107008 _____ () C:\Documents and Settings\Pap y Mam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

HOSTS:

REMOVEPROXY:

EMPTYTEMP:

CMD: netsh winsock reset

CMD: ipconfig /renew

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Classes\PROTOCOLS\Handler\wlmailhtml => removed successfully.
HKLM\Software\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\wlpg => removed successfully.
HKLM\Software\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => not found
HKLM\System\CurrentControlSet\Services\giveio => removed successfully.
giveio => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => removed successfully.
catchme => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.

#14

Hola.

Ummmmm… :thinking: que el proceso NO haya terminado y TU hayas tenido que cortarlo NO me gusta, por lo que se ve en el informe que pones NO parece que TODO lo que había por eliminar se haya llegado a eliminar. :roll_eyes:

APAGA totalmente tu equipo y digo APAGAR y NO REINICIAR y después de hacerlo lo enciendes de nuevo y verificas su funcionamiento, hazlo tres veces seguidas y nos comentas.

Saludos.


#15

Buenas. Ya he comprobado y se inicia mejor.No se queda como antes cuando se paraba durante algún minuto y luego proseguía, incluso se inicia mejor el navegador.


#16

Hola @anlecina

Excelente. :+1:

Ahora quiero que elimines TODOS los puntos de restauración(System Restore) que tienes creados en tu sistema y se veían en los informes que nos pusiste.

Para hacerlo sigue estos pasos :

  • En el panel de Inicio pulsa sobre Mi PC.
  • Haces clic en “Ver información del sistema”.
  • Selecciona la etiqueta “Restaurar sistema”.
  • Marcas la casilla “Desactivar Restaurar sistema en todas las unidades” y pulsas en “Aplicar”.
  • El sistema preguntará si estás seguro de querer deshabilitarlo. Confírmalo pulsando en SÍ.
  • La opción que muestra el estado de los discos en la ventana “Configuración de la unidad” aparecerá deshabilitada (todo gris). Pulsa en el botón Aceptar.

REINICIA el sistema y sigues los pasos contrarios para volver a dejar activada la opción de Restaurar sistema - System Restore.

Ademas puedes dejarlo configurado con un porcentaje% menor al que por defecto debes tener establecido por WinXP(12%) con dejar un 3% es suficiente para tener 3/4 puntos de restauración de tu equipo almacenados.

Después de hacer esos pasos y ajustes vuelves a APAGAR totalmente el equipo y verificas su funcionamiento.

Nos comentas.

Saludos.


#17

He eliminado los ptos de restauración y terminado todos los pasos que me pediste. Supongo que tu intención era eliminar los archivos que no pudo el FRST y espero que así haya sido. No he notado cambios con respecto a otras ocasiones en las que reinicié el ordenador. Mido el tiempo que tarda y más o menos es el mismo. De momento todo va muy bien. Tu dirás si tengo que hacer algo más, … Gracias.


#18

Hola.

No, basicamente lo que quería era eliminar la multitud de putos de restauración que tenias creados y que generalmente provocan una sobrecarga del sistema. :+1:

Excelente. :clap:

Y ahora para eliminar un proceso que NO se quito con FRST quiero que realices los siguientes pasos, con esta herramienta :arrow_right: N-Repair.exe | @Infospyware, que debes descargar en tu escritorio. :+1:

  • Cerrar todos los programas que puedas tener abiertos.
  • Después debes ejecutarla haciendo doble click.(Si usas Windows Vista o 7, presiona clic derecho y seleccionas Ejecutar como Administrador).
  • En la ventana que te saldrá pulsar sobre el botón Reparar Netsvcs y responder la pregunta, con Si en caso de ser correcto el sistema operativo detectado.
  • Cuando termine el proceso saldrá una ventana de aviso indicando que el sistema se va a Reiniciar, debemos pulsar en Aceptar.
  • Al Reiniciar debería aparecer un informe, que nos debes copiar y pegar entero en tu próxima respuesta, este informe lo puedes también encontrar en C:\N-Repair.txt

Una vez Reiniciado el equipo comprobar su funcionamiento y comentarlo. :thinking:

Saludos.


#19

Está hecho. Parece ir todo muy bien.Aquí te dejo el informe:

#################################N-Repair By Infospyware

Información del sistema operativo: WIN_XP - X86 - Service Pack 3
Hora del sistema: 18:32:24  \\\  31/12/2018
Privilegios: Papá y Mamá - (ADMINISTRADOR)


============================================ VALORES ANTES DE LA RESTAURACIÓN ===============================

6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
MHN
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc

============================================ VALORES DESPUÉS DE LA RESTAURACIÓN ===============================

6to4
AppMgmt
AudioSrv
BITS
Browser
CryptSvc
DHCP
DMServer
ERSvc
EventSystem
FastUserSwitchingCompatibility
helpsvc
HidServ
hkmsvc
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
napagent
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
ShellHWDetection
SRService
Tapisrv
Themes
TrkWks
W32Time
winmgmt
WmdmPmSp
Wmi
wscsvc
wuauserv
WZCSVC
xmlprov

#20

Perfecto, :+1: nos alegra ver que ya está el problema inicial completamente arreglado, ahora solo queda eliminar las herramientas usadas.

Para hacerlo descarga :arrow_forward: DelFix.exe en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador -).

  • Marca todas las casillas, y pulsas en Run

Se abrirá el informe (DelFix.txt), puedes cerrarlo.


Para cualquier otro problema, no dudes en volver a postear., ya sabes dónde estamos. :+1:

Tema Solucionado.

Saludos, Javier.