Problema con FloxLib-A y Win32:Pioneer-C

Buenas, compañeros de InfoSpywares! Hoy, y después de varios años, vuelvo al foro por un “problemita” que no he podido resolver. No sé en qué momento comenzó la infección, pero hace como 2 días fue que me di cuenta de ella. Instalé Super AntiSpyware (desde acá mismo) y comenzó a detectar un Trojano en System32 (dlcoer.dll), así que decidí hacer un analisis completo y nada, solo me detectaba eso. Procedí a eliminarlo y nada, el archivo se restauraba, así como otro que se creaba a su par (dlcoer.dll.000). Después de varios intentos fallidos, decidí usar mi antivirus normal (Avast) para hacer un analisis de la PC, cuestión que me detectó FloxLib-A en casi todos mis ejecutables y al parecer los eliminó… Los demás los envió al Baúl de virus. Sinceramente la PC me va demasiado lenta y ahora, para rematar, no me ejecuta casi ningún programa. El navegador Opera (el que estoy usando) lo tuve que instalar nuevamente a raíz de eso, pero cada vez que lo cierro y voy a abrir me lanza nuevamente error. Orientenme, por favor, para poder solventar.

Buenas @DeusCMZ bienvenido al nuevo Foro.

Para revisar tu maquina, sigue estos pasos, en el orden indicado y leyendo todo lo explicado. :+1:

:one: Desactiva temporalmente el Antivirus :arrow_forward: Cómo deshabilitar temporalmente su Antivirus, mientras estemos realizando TODOS los pasos.

Vamos a descargar en TU ESCRITORIO(y NO en otro lugar :face_with_monocle:) todas las herramientas que vamos a utilizar en este procedimiento (pero no las ejecutes todavía) :


:two: Ejecutas las herramientas de una en una y en el orden indicado :



CCleaner.-

  • Instalas y Ejecutas CCleaner siguiendo los pasos indicados en el manual.

  • Úsalo primero en su opción de Limpiador para borrar cookies, temporales de Internet y todos los archivos que te muestre como obsoletos.

  • Después usa su opción de Registro para limpiar todo el registro de Windows(haciendo copia de seguridad).

Malwarebytes.-

  • Instalas y Ejecutas MBAM siguiendo los pasos indicados en el manual.

  • Realiza un Análisis Completo. :white_check_mark:

  • Seleccionando TODOS a Cuarentena para enviarlo a la cuarentena y Reinicias el sistema.

  • En el apartado del manual :arrow_forward:Historial :arrow_backward: encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta, para analizarlo.

AdwCleaner.-

  • Ejecuta Adwcleaner.exe.

  • Pulsamos en el botón Analizar ahora, y espera a que se realice el proceso, inmediatamente pulsa siempre sobre el botón Iniciar Reparación.

  • Espera a que se complete y sigue las instrucciones, si te pidiera Reiniciar el sistema Aceptas.

  • El log/informe lo encontramos en la pestaña “Informes”, volviendo a abrir el programa si fuese necesario, para poder copiarlo y pegarlo en tu próxima respuesta.

  • El informe también se puede encontrar en C:\AdwCleaner\Logs\AdwCleaner[C00].txt

Junkware Removal Tool.-

  • Ejecuta JRT.exe.

  • Y pulsar cualquier tecla para continuar, esperar pacientemente a que termine el proceso.

  • Si en algún momento te pide Reiniciar hazlo.

  • Al finalizar, un registro/informe (JRT.txt) se guardara en el escritorio y se abrirá automáticamente.

  • Copia y pega el contenido de JRT.txt en tu próxima respuesta.

Farbar Recovery Scan Tool.-

  • Ejecuta FRST.exe.

  • En el mensaje de la ventana del Disclaimer, pulsamos Yes

  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.

  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

:three: Poner los informes en tu próxima respuesta de :

  • Malwarebytes, AdwCleaner, JRT, FRST + Addition.txt, y en ese orden. :+1:

Debes copiarlos y pegarlos con todo su contenido y usaras varios mensajes si recibes un mensaje de error indicando que es muy largo(mas de 50.000 caracteres aprox.).

Y nos cuentas como funciona tu equipo en relación al problema planteado. :face_with_monocle:

Saludos Javier.

1 me gusta

Malwarebytes.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 26/5/19
Hora del análisis: 14:36
Archivo de registro: 3ca64ee2-7fe5-11e9-882e-00219730f9ac.json
Administrador: Sí

-Información del software-
Versión: 3.5.1.2522
Versión de los componentes: 1.0.365
Versión del paquete de actualización: 1.0.5292
Licencia: Gratis

-Información del sistema-
SO: Windows XP Service Pack 3
CPU: x86
Sistema de archivos: NTFS
Usuario: LUIS_ALBERTO\Ana

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 132224
Amenazas detectadas: 73
Amenazas en cuarentena: 73
Tiempo transcurrido: 30 min, 9 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Advertencia
PUM: Advertencia

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 48
PUP.Optional.SearchManager, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, En cuarentena, [243], [476595],1.0.5292
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, En cuarentena, [243], [476595],1.0.5292
PUP.Optional.ASK.Gen, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\APN DTX, En cuarentena, [3639], [245527],1.0.5292
PUP.Optional.Blabbers, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\bbrs_002.tb, En cuarentena, [1005], [245964],1.0.5292
PUP.Optional.SearchManager, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, En cuarentena, [243], [260991],1.0.5292
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En cuarentena, [243], [260991],1.0.5292
PUP.Optional.Blabbers, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\Blabbers, En cuarentena, [1005], [245965],1.0.5292
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DataMngr, En cuarentena, [64], [253612],1.0.5292
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DataMngr_Toolbar, En cuarentena, [64], [253613],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\delta LTD, En cuarentena, [74], [228647],1.0.5292
PUP.Optional.Iminent, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\Iminent, En cuarentena, [102], [239410],1.0.5292
PUP.Optional.TelevisionFanatic, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\TelevisionFanatic, En cuarentena, [6861], [243985],1.0.5292
PUP.Optional.Babylon, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\BABSOLUTION\Redir, En cuarentena, [320], [235648],1.0.5292
PUP.Optional.Babylon, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\BABSOLUTION\Updater, En cuarentena, [320], [235649],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DELTA\DELTA, En cuarentena, [74], [228335],1.0.5292
PUP.Optional.MixiDJToolbar, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MIXIDJ\MIXIDJ, En cuarentena, [1179], [240854],1.0.5292
PUP.Optional.WinToFlashSuggestor, HKLM\SOFTWARE\CLASSES\TYPELIB\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, HKLM\SOFTWARE\CLASSES\INTERFACE\{78CE34FD-F6D4-4866-B79C-A37268D06A04}, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, HKLM\SOFTWARE\CLASSES\INTERFACE\{80904944-C726-4C7D-A452-3FFF2A882095}, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.InstallCore, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\PRODUCTSETUP, En cuarentena, [392], [481004],1.0.5292
PUP.Optional.DriverToolkit, HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\DriverToolkit, En cuarentena, [887], [512874],1.0.5292
Adware.InstallMonster, HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\InstallMonster, En cuarentena, [429], [392548],1.0.5292
PUP.Optional.WinToFlashSuggestor, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\APPDATALOW\SOFTWARE\WinToFlash Suggestor, En cuarentena, [2195], [182877],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DELTA\DELTA\IESTRG, En cuarentena, [74], [229174],1.0.5292
PUP.Optional.HTM, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\HIGH TECH MARKETING SL\htm, En cuarentena, [1031], [239234],1.0.5292
PUP.Optional.BProtector, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, En cuarentena, [2306], [235981],1.0.5292
PUP.Optional.RobinHood, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{54E67346-EE5A-45B6-82AA-4F0BB28C79C2}, En cuarentena, [2363], [168703],1.0.5292
PUP.Optional.RobinHood, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54E67346-EE5A-45B6-82AA-4F0BB28C79C2}, En cuarentena, [2363], [168703],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, En cuarentena, [2], [306571],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, En cuarentena, [2], [306571],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00000000-6E41-4FD3-8538-502F5495E5FC}, En cuarentena, [2], [327345],1.0.5292
PUP.Optional.Iminent, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, En cuarentena, [102], [168095],1.0.5292
PUP.Optional.Softonic, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, En cuarentena, [1823], [330153],1.0.5292
PUP.Optional.Softonic, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, En cuarentena, [1823], [330153],1.0.5292
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}, En cuarentena, [64], [169667],1.0.5292
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}, En cuarentena, [64], [169667],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, En cuarentena, [529], [168450],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, En cuarentena, [529], [168450],1.0.5292
PUP.Optional.QuickShare, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, En cuarentena, [146], [168682],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, En cuarentena, [529], [168324],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, En cuarentena, [529], [168324],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, En cuarentena, [74], [167247],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, En cuarentena, [74], [167247],1.0.5292
PUP.Optional.MixiDJToolbar, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}, En cuarentena, [1179], [168548],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, En cuarentena, [529], [168448],1.0.5292
PUP.Optional.MindSpark, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, En cuarentena, [529], [168448],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, En cuarentena, [74], [167248],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, En cuarentena, [74], [167248],1.0.5292

Valor del registro: 11
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En cuarentena, [64], [-1],0.0.0
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DELTA\DELTA|TLBRSRCHURL, En cuarentena, [74], [228335],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DELTA\DELTA|LASTB, En cuarentena, [74], [229175],1.0.5292
PUP.Optional.WinYahoo, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, En cuarentena, [246], [261450],1.0.5292
PUP.Optional.BProtector, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|BPROTECTORDEFAULTSCOPE, En cuarentena, [2306], [251613],1.0.5292
PUP.Optional.MixiDJToolbar, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MIXIDJ\MIXIDJ|TLBRSRCHURL, En cuarentena, [1179], [240854],1.0.5292
PUP.Optional.InstallCore, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\PRODUCTSETUP|TB, En cuarentena, [392], [481004],1.0.5292
PUP.Optional.Delta.ShrtCln, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\DELTA\DELTA\IESTRG|TLBRSRCHURL, En cuarentena, [74], [229174],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, En cuarentena, [2], [306571],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, En cuarentena, [2], [327345],1.0.5292
PUP.Optional.ASK, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, En cuarentena, [2], [306571],1.0.5292

Datos del registro: 2
PUP.Optional.StartPage, HKU\S-1-5-21-1960408961-73586283-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|BPROTECTOR START PAGE, Sustituido, [301], [292762],1.0.5292
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Sustituido, [246], [293435],1.0.5292

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 1
PUP.Optional.WinToFlashSuggestor, C:\ARCHIVOS DE PROGRAMA\WINTOFLASH SUGGESTOR, En cuarentena, [2195], [180502],1.0.5292

Archivo: 11
PUP.Optional.WinBing, C:\ARCHIVOS DE PROGRAMA\MOZILLA FIREFOX\DEFAULTS\PREF\DSENGINE.JS, En cuarentena, [5425], [474786],1.0.5292
PUP.Optional.WinBing, C:\ARCHIVOS DE PROGRAMA\MOZILLA FIREFOX\DSENGINE.CFG, En cuarentena, [5425], [474787],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\AddressBarInstance.dll, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\icon.png, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\RestartIE.exe, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\SMBarBroker.exe, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\WinToFlashSuggestor.crx, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.WinToFlashSuggestor, C:\Archivos de programa\WinToFlash Suggestor\WinToFlashSuggestor.dll, En cuarentena, [2195], [180502],1.0.5292
PUP.Optional.GameHack, C:\ARCHIVOS DE PROGRAMA\CHEAT ENGINE 6.8.2\STANDALONEPHASE1.DAT, En cuarentena, [8091], [393793],1.0.5292
PUP.Optional.ASK, C:\WINDOWS\INSTALLER\22113FA.MSI, En cuarentena, [2], [113867],1.0.5292
PUP.Optional.ASK, C:\WINDOWS\INSTALLER\6ACAFD.MSI, En cuarentena, [2], [113867],1.0.5292

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner[C0]

# AdwCleaner v6.047 - Archivo de registro creado 26/05/2019 en 15:37:02
# Actualizado en 19/05/2017 por Malwarebytes
# Base de datos : 2017-05-19.1 [Local]
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (X86)
# Nombre de usuario : Ana - LUIS_ALBERTO
# Ejecutado desde : C:\Documents and Settings\Ana\Escritorio\adwcleaner_6.047.exe
# Modo: Limpiar
# Soporte : https://www.malwarebytes.com/support



***** [ Servicios ] *****



***** [ Carpetas ] *****

[-] Carpeta eliminada: C:\Documents and Settings\All Users\Datos de programa\lavasoft\web companion
[-] Carpeta eliminada: C:\Documents and Settings\All Users\Datos de programa\Auslogics


***** [ Archivos ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Accesos directos ] *****



***** [ Tareas programadas ] *****



***** [ Registro ] *****

[-] Llave eliminada: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r1139-n-bc.exe
[-] Llave eliminada: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SrvUpdater
[#] Llave eliminada al reiniciar: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\srvupdater
[-] Llave eliminada: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Llave eliminada: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Llave eliminada: HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
[-] Llave eliminada: HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
[-] Llave eliminada: HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
[-] Llave eliminada: HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Valor borrado: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Llave eliminada: HKU\.DEFAULT\Software\AskToolbar
[-] Llave eliminada: HKU\.DEFAULT\Software\Hola
[-] Llave eliminada: HKU\S-1-5-21-1960408961-73586283-1801674531-1007\Software\Auslogics
[#] Llave eliminada al reiniciar: HKU\S-1-5-18\Software\AskToolbar
[#] Llave eliminada al reiniciar: HKU\S-1-5-18\Software\Hola
[#] Llave eliminada al reiniciar: HKCU\Software\Auslogics
[-] Llave eliminada: HKLM\SOFTWARE\Hola
[-] Llave eliminada: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Llave eliminada: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Llave eliminada: HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
[-] Llave eliminada: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Navegadores ] *****



*************************

:: Llaves "Tracing" eliminadas
:: Se han borrado los ajustes de Winsock

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4344 Bytes] - [26/05/2019 15:37:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [4631 Bytes] - [26/05/2019 15:36:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4490 Bytes] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86 
Ran by Ana (Administrator) on 26/05/2019 at 15:56:03,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\System32\ai_recyclebin (Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2019 at 15:58:10,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST PARTE 1

Scan result of Farbar Recovery Scan Tool 

(FRST) (x86) Version: 26-05-2019
Ran by Ana (administrator) on 

LUIS_ALBERTO (LENOVO 9702AB7) 

(26-05-2019 15:59:49)
Running from C:\Documents and 

Settings\Ana\Escritorio
Loaded Profiles: Ana (Available Profiles: luis 

alberto combita & Ana & luis combita & 

Administrador & Invitado)
Platform: Microsoft Windows XP Professional 

Service Pack 3 (X86) Language: Español 

(alfabetización internacional)
Internet Explorer Version 8 (Default browser: 

Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 

http://www.geekstogo.com/forum/topic/33508

1-frst-tutorial-how-to-use-farbar-recovery-sc

an-tool/

==================== Processes 

(Whitelisted) =================

(If an entry is included in the fixlist, the process 

will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST 

Software) C:\Archivos de programa\AVAST 

Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST 

Software) C:\Archivos de programa\AVAST 

Software\Avast\AvastUI.exe
(Malwarebytes Corporation -> 

Malwarebytes) C:\Archivos de 

programa\Malwarebytes\Anti-Malware\MBA

MService.exe
(Malwarebytes Corporation -> 

Malwarebytes) C:\Archivos de 

programa\Malwarebytes\Anti-Malware\mbam

tray.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\explorer.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\services.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\spoolsv.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\svchost.exe
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\wbem\wmiprvse.ex

e
(Microsoft Corporation) [File not signed] 

C:\WINDOWS\system32\winlogon.exe
(Microsoft Windows Component Publisher -> 

Microsoft Corporation) 

C:\WINDOWS\system32\alg.exe
(Microsoft Windows Component Publisher -> 

Microsoft Corporation) 

C:\WINDOWS\system32\wscntfy.exe

==================== Registry 

(Whitelisted) 

===========================

(If an entry is included in the fixlist, the registry 

item will be restored to default or removed. 

The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Archivos 

de programa\AVAST 

Software\Avast\AvLaunch.exe [242392 

2019-04-16] (AVAST Software s.r.o. -> 

AVAST Software)
HKLM\...\Run: [RTHDCPL] => 

RTHDCPL.EXE
HKLM\...\Winlogon: [Shell] 

C:\WINDOWS\Explorer.exe [1036288 

2009-11-24] (Microsoft Corporation) [File 

not signed]
HKU\S-1-5-21-1960408961-73586283-18

01674531-1007\...\Policies\Explorer: 

[NoLowDiskSpaceChesks] 1
HKU\S-1-5-21-1960408961-73586283-18

01674531-1007\Control 

Panel\Desktop\\SCRNSAVE.EXE -> 

C:\WINDOWS\avastSS.scr [53208 

2016-09-06] (AVAST Software a.s. -> 

AVAST Software)
HKLM\...\Providers\LanMan Print Services: 

C:\WINDOWS\system32\win32spl.dll 

[105472 2009-11-24] (Microsoft 

Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.trspch] => 

C:\WINDOWS\system32\tssoft32.acm [8192 

2001-08-24] (Microsoft Windows 

Component Publisher -> DSP GROUP, 

INC.)
HKLM\...\Drivers32: [VIDC.I420] => 

C:\WINDOWS\system32\msh263.drv 

[294912 2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\...\Drivers32: [vidc.iv31] => 

C:\WINDOWS\system32\ir32_32.dll 

[199168 2001-08-24] (Microsoft Windows 

Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => 

C:\WINDOWS\system32\ir32_32.dll 

[199168 2001-08-24] (Microsoft Windows 

Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv41] => 

C:\WINDOWS\system32\ir41_32.ax 

[848384 2008-04-14] (Microsoft Windows 

Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => 

C:\WINDOWS\system32\msg723.acm 

[118784 2001-08-24] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\...\Drivers32: [vidc.M263] => 

C:\WINDOWS\system32\msh263.drv 

[294912 2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\...\Drivers32: [vidc.M261] => 

C:\WINDOWS\system32\msh261.drv 

[188416 2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => 

C:\WINDOWS\system32\msaud32.acm 

[282654 2009-11-24] (Microsoft 

Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.sl_anet] => 

C:\WINDOWS\system32\sl_anet.acm 

[86016 2008-04-14] (Microsoft Windows 

Component Publisher -> Sipro Lab Telecom 

Inc.)
HKLM\...\Drivers32: [msacm.iac2] => 

C:\WINDOWS\system32\iac25_32.ax 

[199680 2008-04-14] (Microsoft Windows 

Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => 

C:\WINDOWS\system32\ir50_32.dll 

[755200 2008-04-14] (Microsoft Windows 

Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.MPG4] => 

C:\WINDOWS\system32\mpg4c32.dll 

[420240 2001-05-11] (Microsoft 

Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => 

C:\WINDOWS\system32\mpg4c32.dll 

[420240 2001-05-11] (Microsoft 

Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.ac3filter] => 

C:\WINDOWS\system32\ac3filter.acm 

[497664 2009-08-11] () [File not signed]
HKLM\...\Drivers32: [vidc.tscc] => 

C:\WINDOWS\system32\tsccvid.dll [602624 

2013-11-26] (TechSmith Corporation) [File 

not signed]
HKLM\...\Drivers32: [vidc.tsc2] => 

C:\WINDOWS\system32\tsc2_codec32.dll 

[234496 2013-09-18] (TechSmith 

Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => 

C:\WINDOWS\system32\x264vfw.dll 

[3850240 2017-07-30] (x264vfw project) 

[File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => 

C:\WINDOWS\system32\huffyuv.dll [39936 

2004-05-18] (Disappearing Inc.) [File not 

signed]
HKLM\...\Drivers32: [VIDC.LAGS] => 

C:\WINDOWS\system32\lagarith.dll [216064 

2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => 

C:\WINDOWS\system32\xvidvfw.dll 

[284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => 

C:\WINDOWS\system32\ff_vfw.dll [112128 

2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => 

C:\WINDOWS\system32\ac3acm.acm 

[122880 2012-07-21] (fccHandler) [File not 

signed]
HKLM\...\Drivers32: [msacm.lameacm] => 

C:\WINDOWS\system32\lameACM.acm 

[473088 2015-02-25] 

(hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [msacm.l3codecp] => 

C:\WINDOWS\system32\l3codecp.acm 

[232448 2009-11-24] (Microsoft Windows 

Component Publisher -> Fraunhofer Institut 

Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f498

8}] -> C:\WINDOWS\system32\ieudinit.exe 

[2009-03-08] (Microsoft Windows -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e9

5}] -> C:\WINDOWS\inf\unregmp2.exe 

[2009-11-24] (Microsoft Corporation) [File 

not signed]
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88

a}] -> 

C:\WINDOWS\system32\shmgrate.exe 

[2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{2179C5D3-EBFF-11CF-B6FD-00AA00B

4E220}] -> 
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95

}] -> 
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{44BBA840-CC51-11CF-AAFA-00AA00

B6015C}] -> C:\Archivos de 

programa\Outlook Express\setup50.exe 

[2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{44BBA842-CC51-11CF-AAFA-00AA00

B6015B}] -> 

C:\WINDOWS\system32\advpack.dll 

[2009-11-24] (Microsoft Windows -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{5945c046-1e7d-11d1-bc44-00c04fd912b

e}] -> C:\WINDOWS\system32\advpack.dll 

[2009-11-24] (Microsoft Windows -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{5fd399c0-a70a-11d1-9948-00c04f98bbc9

}] -> C:\WINDOWS\system32\advpack.dll 

[2009-11-24] (Microsoft Windows -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{6BF52A52-394A-11d3-B153-00C04F79

FAA6}] -> 

C:\WINDOWS\system32\advpack.dll 

[2009-11-24] (Microsoft Windows -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{73FA19D0-2D75-11D2-995D-00C04F98

BBC9}] -> 
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{7790769C-0471-11d2-AF11-00C04FA3

5D02}] -> C:\Archivos de programa\Outlook 

Express\setup50.exe [2008-04-14] 

(Microsoft Windows Component Publisher -> 

Microsoft Corporation)
HKLM\Software\Microsoft\Active 

Setup\Installed Components: 

[{8A69D345-D564-463c-AFF1-A69D9E53

0F96}] -> C:\Archivos de 

programa\Google\Chrome\Application\49.0.2

623.112\Installer\chrmstp.exe [2019-05-23] 

(Google Inc -> Google Inc.)
HKLM\Software\...\Winlogon\GPExtensions: 

[{C631DF4C-088F-4156-B058-4375F085

3CD8}] -> 

C:\WINDOWS\System32\cscui.dll 

[2008-04-14] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
SecurityProviders: msapsspc.dll, schannel.dll, 

credssp.dll, digest.dll, msnsspc.dll
GroupPolicy: Restriction - Chrome <==== 

ATTENTION
GroupPolicy\User: Restriction ? <==== 

ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: 

Restriction <==== ATTENTION

(If an entry is included in the fixlist, the task 

(.job) file will be moved. The file which is 

running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleaner 

Update.job => C:\Archivos de 

programa\CCleaner\CCUpdate.exe
Task: C:\WINDOWS\Tasks\Opera scheduled 

Autoupdate 1464892677.job => C:\Archivos 

de programa\Opera\launcher.exe
Task: 

C:\WINDOWS\Tasks\SUPERAntiSpyware 

Scheduled Task 

b151d79f-4a94-4f42-80f0-dc3774cd11ab.jo

b => C:\Archivos de 

programa\SUPERAntiSpyware\SASTask.exe 

C:\Archivos de 

programa\SUPERAntiSpyware\SUPERAntiS

pyware.exe
Task: 

C:\WINDOWS\Tasks\SUPERAntiSpyware 

Scheduled Task 

c75f75b2-0d39-46d4-87a1-4e734462de70.j

ob => C:\Archivos de 

programa\SUPERAntiSpyware\SASTask.exe 

C:\Archivos de 

programa\SUPERAntiSpyware\SUPERAntiS

pyware.exe

==================== Internet 

(Whitelisted) ====================

(If an item is included in the fixlist, if it is a 

registry item it will be removed or restored to 

default.)


Internet Explorer:
==================
HKLM\Software\Microsoft\Internet 

Explorer\Main,Start Page = 

hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet 

Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet 

Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet 

Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Interne

t Explorer\Main,Start Page = 

hxxp://www.microsoft.com/isapi/redir.dll?prd=

ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Interne

t Explorer\Main,Search Page = 

hxxp://www.microsoft.com/isapi/redir.dll?prd=

ie&ar=iesearch
HKU\S-1-5-21-1960408961-73586283-18

01674531-1007\Software\Microsoft\Internet 

Explorer\Main,Search Page = 

hxxp://www.microsoft.com/isapi/redir.dll?prd=

ie&ar=iesearch
HKU\S-1-5-21-1960408961-73586283-18

01674531-1007\Software\Microsoft\Internet 

Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope 

{E9410C70-B6AE-41FF-AB71-32F4B279

EA5F} URL = 
SearchScopes: 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007 -> DefaultScope 

{84EA543E-D14F-4962-9CBC-965C63F8

630B} URL = 
Toolbar: HKU\.DEFAULT -> No Name - 

{2318C2B1-4965-11D4-9B18-009027A5C

D4F} -  No File
Toolbar: 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007 -> No Name - 

{2318C2B1-4965-11D4-9B18-009027A5C

D4F} -  No File
DPF: 

{17492023-C23A-453E-A040-C7C580BB

F700} 

hxxp://download.microsoft.com/download/E/5

/6/E5611B10-0D6D-4117-8430-A67417A

A88CD/LegitCheckControl.cab
Handler: grooveLocalGWS - 

{88FED34C-F0CA-4636-A375-3CB6248B

04CD} - C:\Archivos de programa\Microsoft 

Office\Office12\GrooveSystemServices.dll 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: http\0x00000001 - 

{E1D2BF42-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: http\oledb - 

{E1D2BF40-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: https\0x00000001 - 

{E1D2BF42-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: https\oledb - 

{E1D2BF40-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: ipp\0x00000001 - 

{E1D2BF42-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: ms-help - 

{314111c7-a502-11d2-bbca-00c04f8ec294

} - C:\Archivos de programa\Archivos 

comunes\Microsoft Shared\Help\hxds.dll 

[2013-09-25] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: msdaipp\0x00000001 - 

{E1D2BF42-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Handler: msdaipp\oledb - 

{E1D2BF40-A96B-11d1-9C6B-0000F875

AC61} - C:\Archivos de programa\Archivos 

comunes\System\Ole DB\MSDAIPP.DLL 

[2009-02-26] (Microsoft Corporation -> 

Microsoft Corporation)
Filter: text/webviewhtml - 

{733AC4CB-F1A4-11d0-B951-00A0C903

12E1} - 

C:\WINDOWS\system32\SHELL32.dll 

[2015-07-29] (Microsoft Corporation) [File 

not signed]
Filter: text/xml - 

{807563E5-5146-11D5-A672-00B0D022E

945} -  No File

FireFox:
========
FF ProfilePath: C:\Documents and 

Settings\Ana\Datos de 

programa\Mozilla\Firefox\Profiles\kzyrpnje.def

ault-1528586266250 [2019-05-26]
FF Homepage: C:\Documents and 

Settings\Ana\Datos de 

programa\Mozilla\Firefox\Profiles\kzyrpnje.def

ault-1528586266250 -> 

hxxps://www.facebook.com/
FF Extension: (Avast Online Security) - 

C:\Documents and Settings\Ana\Datos de 

programa\Mozilla\Firefox\Profiles\kzyrpnje.def

ault-1528586266250\Extensions\[email protected]

com.xpi [2019-04-29]
FF Extension: (Hotfix for Firefox bug 

1548973 (armagaddon 2.0) mitigation) - 

C:\Documents and Settings\Ana\Datos de 

programa\Mozilla\Firefox\Profiles\kzyrpnje.def

ault-1528586266250\features\{f5588059-19

ba-4dd1-bfa9-2d196612a04f}\hotfix-bug-15

[email protected] [2019-05-24] 

[Legacy]
FF Extension: (Application Update Service 

Helper) - C:\Archivos de programa\Mozilla 

Firefox\browser\features\[email protected]

rg.xpi [2018-06-21] [Legacy] [not signed]
FF Extension: (Multi-process staged rollout) - 

C:\Archivos de programa\Mozilla 

Firefox\browser\features\[email protected]

org.xpi [2018-06-21] [Legacy] [not signed]
FF Extension: (Pocket) - C:\Archivos de 

programa\Mozilla 

Firefox\browser\features\[email protected]

om.xpi [2018-06-21] [Legacy] [not signed]
FF Extension: (Web Compat) - C:\Archivos 

de programa\Mozilla 

Firefox\browser\features\[email protected]

.org.xpi [2018-06-21] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: 

[{20a82645-c095-46ed-80e3-08825760534

b}] - 

C:\WINDOWS\Microsoft.NET\Framework\v

3.5\Windows Presentation 

Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework 

Assistant) - 

C:\WINDOWS\Microsoft.NET\Framework\v

3.5\Windows Presentation 

Foundation\DotNetAssistantExtension 

[2011-12-27] [Legacy] [not signed]
FF 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007\...\Firefox\Extensions: 

[{87F8774F-B485-47E2-A755-A40A8A5E

8877}] - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\GAS Tecnologia\GBBD\bdv\xpi
FF Extension: ([email protected] - Banco de 

Venezuela) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\GAS Tecnologia\GBBD\bdv\xpi 

[2014-12-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> 

C:\WINDOWS\system32\Macromed\Flash\N

PSWF32_26_0_0_151.dll [2017-08-29] 

(Adobe Systems Incorporated -> ) [File not 

signed]
FF Plugin: @adobe.com/ShockwavePlayer -> 

C:\WINDOWS\system32\Adobe\Director\np

32dsw_1224194.dll [2016-02-19] (Adobe 

Systems, Inc.) [File not signed]
FF Plugin: 

@java.com/DTPlugin,version=11.101.2 -> 

C:\Archivos de 

programa\Java\jre1.8.0_101\bin\dtplugin\npD

eployJava1.dll [2016-09-20] (Oracle 

America, Inc. -> Oracle Corporation)
FF Plugin: 

@java.com/JavaPlugin,version=11.101.2 -> 

C:\Archivos de 

programa\Java\jre1.8.0_101\bin\plugin2\npjp2

.dll [2016-09-20] (Oracle America, Inc. -> 

Oracle Corporation)
FF Plugin: 

@Microsoft.com/NpCtrl,version=1.0 -> 

c:\Archivos de programa\Microsoft 

Silverlight\5.1.50709.0\npctrl.dll 

[2016-07-11] (Microsoft Corporation ->  

Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 

-> 

c:\WINDOWS\Microsoft.NET\Framework\v

3.5\Windows Presentation 

Foundation\NPWPF.dll [2009-09-14] 

(Microsoft Corporation -> Microsoft 

Corporation)
FF Plugin: @nexon.net/NxGame -> 

C:\Documents and Settings\All Users\Datos 

de 

programa\NexonUS\NGM\npNxGameUS.dll 

[2018-09-27] (Nexon) [File not signed]
FF Plugin: @raidcall.en/RCplugin -> 

C:\Documents and Settings\Ana\Datos de 

programa\raidcall\plugins\nprcplugin.dll [No 

File]
FF Plugin: @tools.google.com/Google 

Update;version=3 -> C:\Archivos de 

programa\Google\Update\1.3.34.11\npGoogl

eUpdate3.dll [2019-05-23] (Google Inc -> 

Google LLC)
FF Plugin: @tools.google.com/Google 

Update;version=9 -> C:\Archivos de 

programa\Google\Update\1.3.34.11\npGoogl

eUpdate3.dll [2019-05-23] (Google Inc -> 

Google LLC)
FF Plugin: @videolan.org/vlc,version=3.0.4 

-> C:\Archivos de programa\VLC\npvlc.dll 

[2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Archivos de 

programa\Adobe\Reader 

11.0\Reader\AIR\nppdf32.dll [2014-08-05] 

(Adobe Systems, Incorporated -> Adobe 

Systems Inc.)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: 

@talk.google.com/GoogleTalkPlugin -> 

C:\Documents and Settings\Ana\Datos de 

programa\Mozilla\plugins\npgoogletalk.dll 

[2013-08-27] (Google Inc -> Google)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: 

@talk.google.com/O1DPlugin -> 

C:\Documents and Settings\Ana\Datos de 

programa\Mozilla\plugins\npo1d.dll 

[2013-08-27] (Google Inc -> Google)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: 

@talk.google.com/O3DPlugin -> 

C:\Documents and Settings\Ana\Datos de 

programa\Mozilla\plugins\npgtpo3dautoplugin.

dll [2013-08-27] (Google Inc -> )
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: @tools.google.com/Google 

Update;version=3 -> C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Update\1.3.21.153\npGoog

leUpdate3.dll [2013-07-12] (Google Inc -> 

Google Inc.)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: @tools.google.com/Google 

Update;version=9 -> C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Update\1.3.21.153\npGoog

leUpdate3.dll [2013-07-12] (Google Inc -> 

Google Inc.)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: 

@unity3d.com/UnityPlayer,version=1.0 -> 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Unity\WebPlayer\loader\npUnity3D

32.dll [2015-07-11] (Unity Technologies SF 

-> Unity Technologies ApS)
FF Plugin 

HKU\S-1-5-21-1960408961-73586283-18

01674531-1007: gastecnologia.com.br/sf/bdv 

-> C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\GAS 

Tecnologia\GBBD\npsf_bdv.dll [2014-01-13] 

(Banco de Venezuela SA Banco Universal -> 

GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: 

C:\Documents and Settings\Ana\Datos de 

programa\mozilla\plugins\npgoogletalk.dll 

[2013-08-30]
FF Plugin ProgramFiles/Appdata: 

C:\Documents and Settings\Ana\Datos de 

programa\mozilla\plugins\npgtpo3dautoplugin.

dll [2013-08-30]
FF Plugin ProgramFiles/Appdata: 

C:\Documents and Settings\Ana\Datos de 

programa\mozilla\plugins\npo1d.dll 

[2013-08-30]

Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> 

hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> 

hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User Data\Default 

[2019-05-24]
CHR Extension: (Presentaciones) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\aapocclcgogkmnckok

dopfmhonfmgoek [2019-03-29]
CHR Extension: (Documentos) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\aohghmighlieiainnegkc

ijnfilokake [2019-03-29]
CHR Extension: (Google Drive) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\apdfllckaahabafndbhi

eahigkjlhalf [2019-03-29]
CHR Extension: (WebRTC Protect) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\bkmmlbllpjdpgcgdoh

baghfaecnddhni [2019-05-05]
CHR Extension: (YouTube) - C:\Documents 

and Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\blpcfgokakmgnkcojh

hkbfbldkacnbeo [2019-03-29]
CHR Extension: (Friend Remover PRO - 

Delete All Friends 2017) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\ekjblaihiicbgjibfipjoep

kmondnnbd [2019-03-29]
CHR Extension: (Avast SafePrice | 

Comparaciones, ofertas y cupones) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\eofcbnmajmjmplflapa

ojjnihcjkigck [2019-03-29]
CHR Extension: (Hojas de cálculo) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\felcaaldnbdncclmgdcn

colpebgiejap [2019-03-29]
CHR Extension: (Documentos de Google sin 

conexión) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\ghbmnnjooekpmoecn

nnilnnbdlolhkhi [2019-04-08]
CHR Extension: (Avast Online Security) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\gomekmidlodglbbmal

cneegieacbdmki [2019-05-02]
CHR Extension: (Hoxx VPN Proxy) - 

C:\Documents and Settings\Ana\Configuración 

local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\nbcojefnccbanplpoffo

pkoepjmhgdgh [2019-05-05]
CHR Extension: (Sistema de pagos de 

Chrome Web Store) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\nmmhkkegccagdldgii

medpiccmgmieda [2019-03-29]
CHR Extension: (Gmail) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Google\Chrome\User 

Data\Default\Extensions\pjkljhegncpnkpknbco

hdijeoejaedia [2019-03-29]
CHR HKLM\...\Chrome\Extension: 

[eofcbnmajmjmplflapaojjnihcjkigck] - 

hxxps://clients2.google.com/service/update2/cr

x
CHR HKLM\...\Chrome\Extension: 

[gomekmidlodglbbmalcneegieacbdmki] - 

hxxps://clients2.google.com/service/update2/cr

x
CHR HKLM\...\Chrome\Extension: 

[jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no 

Path/update_url>
CHR HKLM\...\Chrome\Extension: 

[pppagaglfkmlpgobnlenhknilehpmcbo] - <no 

Path/update_url>

Opera: 
=======
OPR Extension: (Super Auto Refresh) - 

C:\Documents and Settings\Ana\Datos de 

programa\Opera Software\Opera 

Stable\Extensions\ghjaeanhfafkigkehjgapnlobfh

efkme [2017-04-10]
OPR Extension: (DotVPN — a better way to 

VPN) - C:\Documents and 

Settings\Ana\Datos de programa\Opera 

Software\Opera 

Stable\Extensions\hiegahbgoabbpoieploedhfno

bmpgbeg [2019-01-13]
OPR Extension: (Page Capture) - 

C:\Documents and Settings\Ana\Datos de 

programa\Opera Software\Opera 

Stable\Extensions\hjjhcalkcaeagibemeeakbmm

maneedoh [2015-08-07]
OPR Extension: (TinEye Reverse Image 

Search (Context menu)) - C:\Documents and 

Settings\Ana\Datos de programa\Opera 

Software\Opera 

Stable\Extensions\kgdmjihcfdjkcgodohgofgcdf

iaekdkk [2015-12-12]
OPR Extension: (SafeBrowse) - 

C:\Documents and Settings\Ana\Datos de 

programa\Opera Software\Opera 

Stable\Extensions\klmnkkadejnkpgnibphjeoan

cnmmjkef [2015-08-07]
OPR Extension: (About://Internal Pages) - 

C:\Documents and Settings\Ana\Datos de 

programa\Opera Software\Opera 

Stable\Extensions\mpkgnldklpemphbfogboacnl

jgfpnkme [2016-11-01]
OPR Extension: (Flash Video Downloader 

(FVD)) - C:\Documents and 

Settings\Ana\Datos de programa\Opera 

Software\Opera 

Stable\Extensions\neacgcjokggofibnbfapeaejh

clmpple [2017-08-10]
OPR Extension: (Bookmarks Manager) - 

C:\Documents and Settings\Ana\Datos de 

programa\Opera Software\Opera 

Stable\Extensions\nkgbeagkihphgjnlkclfjjjplme

fndnm [2013-11-14]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de programa\Opera 

Software\Opera 

Stable\Extensions\oidhhegpmlfpoeialbgcdocjal

ghfpkp [2019-05-04]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de programa\Opera 

Software\Opera 

Stable\WidevineCDM\1.4.8.903\_platform_s

pecific\win_x86\widevinecdmadapter.dll 

[2016-08-05]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - 

C:\WINDOWS\system32\Macromed\Flash\p

epflashplayer32_29_0_0_140.dll 

[2018-04-22]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\QuickTime\plugins\npqtplugin.dll 

[2017-06-15]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\QuickTime\plugins\npqtplugin2.dll 

[2017-06-15]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\QuickTime\plugins\npqtplugin3.dll 

[2017-06-15]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\QuickTime\plugins\npqtplugin4.dll 

[2017-06-15]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\QuickTime\plugins\npqtplugin5.dll 

[2017-06-15]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Windows Media Player\npdrmv2.dll 

[2009-11-24]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Windows Media Player\npdsplay.dll 

[2008-04-14]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Windows Media 

Player\npwmsdrm.dll [2009-11-24]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Adobe\Reader 

11.0\Reader\AIR\nppdf32.dll [2014-08-05]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Google\Update\1.3.33.7\npGoogle

Update3.dll [0]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Java\jre1.8.0_101\bin\dtplugin\npD

eployJava1.dll [2016-09-20]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Archivos de 

programa\Java\jre1.8.0_101\bin\plugin2\npjp2

.dll [2016-09-20]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\GAS 

Tecnologia\GBBD\npsf_bdv.dll [2014-01-13]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Unity\WebPlayer\loader\npUnity3D

32.dll [2015-07-11]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de 

programa\Mozilla\plugins\npgoogletalk.dll 

[2013-08-27]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de 

programa\Mozilla\plugins\npgtpo3dautoplugin.

dll [2013-08-27]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de 

programa\Mozilla\plugins\npo1d.dll 

[2013-08-27]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de 

programa\TrianglePlayer\NPTrianglePlayer.dll 

[0]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - C:\Documents and 

Settings\Ana\Datos de 

programa\raidcall\plugins\nprcplugin.dll [0]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - 

C:\WINDOWS\system32\Adobe\Director\np

32dsw_1224194.dll [2016-02-19]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - c:\Archivos de 

programa\Microsoft 

Silverlight\5.1.50709.0\npctrl.dll 

[2016-07-11]
OPR Extension: (Adblock Plus - bloqueador 

de anuncios gratis) - 

c:\WINDOWS\Microsoft.NET\Framework\v

3.5\Windows Presentation 

Foundation\NPWPF.dll [2009-09-14]

==================== Services 

(Whitelisted) ====================

(If an entry is included in the fixlist, it will be 

removed from the registry. The file will not be 

moved unless listed separately.)

R2 6to4; 

C:\WINDOWS\System32\6to4svc.dll 

[100864 2010-02-12] (Microsoft 

Corporation) [File not signed]
S3 aswbIDSAgent; C:\Archivos de 

programa\AVAST 

Software\Avast\aswidsagent.exe [6799632 

2019-04-16] (AVAST Software s.r.o. -> 

AVAST Software)
R2 avast! Antivirus; C:\Archivos de 

programa\AVAST 

Software\Avast\AvastSvc.exe [324000 

2019-04-16] (AVAST Software s.r.o. -> 

AVAST Software)
S3 BITS; C:\WINDOWS\system32\qmgr.dll 

[408576 2009-11-24] (Microsoft 

Corporation) [File not signed]
S4 Browser; 

C:\WINDOWS\System32\browser.dll 

[78336 2012-07-06] (Microsoft Corporation) 

[File not signed]
R2 DcomLaunch; 

C:\WINDOWS\system32\rpcss.dll [401408 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R2 Dhcp; 

C:\WINDOWS\System32\dhcpcsvc.dll 

[126976 2009-11-24] (Microsoft 

Corporation) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Archivos de 

programa\DAEMON Tools 

Lite\DiscSoftBusService.exe [1034584 

2015-06-18] (Disc Soft Ltd -> Disc Soft Ltd)
R2 Dnscache; 

C:\WINDOWS\System32\dnsrslvr.dll [45568 

2009-11-24] (Microsoft Corporation) [File 

not signed]
S3 Dot3svc; 

C:\WINDOWS\System32\dot3svc.dll 

[133120 2009-11-24] (Microsoft 

Corporation) [File not signed]
R2 Eventlog; 

C:\WINDOWS\system32\services.exe 

[111104 2009-11-24] (Microsoft 

Corporation) [File not signed]
R3 EventSystem; 

C:\WINDOWS\system32\es.dll [253952 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R3 FastUserSwitchingCompatibility; 

C:\WINDOWS\System32\shsvcs.dll [135168 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R2 LanmanServer; 

C:\WINDOWS\System32\srvsvc.dll [99840 

2010-08-27] (Microsoft Corporation) [File 

not signed]
S3 LanmanWorkstation; 

C:\WINDOWS\System32\wkssvc.dll 

[134144 2009-11-24] (Microsoft 

Corporation) [File not signed]
S2 MBAMIService; C:\Documents and 

Settings\All Users\Datos de 

programa\MB3Install\MBAMIService.exe 

[170496 2018-05-29] (Malwarebytes) [File 

not signed]
R2 MBAMService; C:\Archivos de 

programa\Malwarebytes\Anti-Malware\mbam

service.exe [4753104 2018-05-09] 

(Malwarebytes Corporation -> 

Malwarebytes)
S4 Microsoft Office Groove Audit Service; 

C:\Archivos de programa\Microsoft 

Office\Office12\GrooveAuditService.exe 

[64856 2009-02-26] (Microsoft Corporation 

-> Microsoft Corporation)
S3 MSIServer; 

C:\WINDOWS\System32\msiexec.exe /V 

[96256 2015-06-24] (Microsoft Corporation) 

[File not signed]
S4 NovaPdfServer; C:\Archivos de 

programa\Softland\novaPDF 

8\Server\novapdfs.exe [35616 2014-12-16] 

(Softland S.R.L. -> Microsoft)
S4 odserv; C:\Archivos de programa\Archivos 

comunes\Microsoft 

Shared\OFFICE12\ODSERV.EXE [440696 

2011-07-20] (Microsoft Corporation -> 

Microsoft Corporation)
S4 ose; C:\Archivos de programa\Archivos 

comunes\Microsoft Shared\Source 

Engine\OSE.EXE [145184 2006-10-26] 

(Microsoft Corporation -> Microsoft 

Corporation)
S4 OverwolfUpdater; C:\Archivos de 

programa\Overwolf\OverwolfUpdater.exe 

[999152 2015-05-04] (Overwolf Ltd -> 

Overwolf LTD)
R2 PlugPlay; 

C:\WINDOWS\system32\services.exe 

[111104 2009-11-24] (Microsoft 

Corporation) [File not signed]
R2 RpcSs; 

C:\WINDOWS\System32\rpcss.dll [401408 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R2 seclogon; 

C:\WINDOWS\System32\seclogon.dll 

[18944 2016-02-16] (Microsoft Corporation) 

[File not signed]
R2 SharedAccess; 

C:\WINDOWS\System32\ipnathlp.dll 

[331776 2009-11-24] (Microsoft 

Corporation) [File not signed]
R2 ShellHWDetection; 

C:\WINDOWS\System32\shsvcs.dll [135168 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R2 Spooler; 

C:\WINDOWS\system32\spoolsv.exe 

[58880 2010-08-17] (Microsoft Corporation) 

[File not signed]
S3 SwPrv; 

C:\WINDOWS\system32\dllhost.exe 

/Processid:{FE6DB053-B1A7-4629-8342-5

22CF87F4B3A} [5120 2008-04-14] 

(Microsoft Windows Component Publisher -> 

Microsoft Corporation)
R3 TapiSrv; 

C:\WINDOWS\System32\tapisrv.dll [249856 

2009-11-24] (Microsoft Corporation) [File 

not signed]
R3 TermService; 

C:\WINDOWS\System32\termsrv.dll 

[298496 2009-11-24] (Microsoft 

Corporation) [File not signed]
R2 Themes; 

C:\WINDOWS\System32\shsvcs.dll [135168 

2009-11-24] (Microsoft Corporation) [File 

not signed]
S3 WinRM; 

C:\WINDOWS\system32\WsmSvc.dll 

[1107456 2009-11-24] (Microsoft 

Corporation) [File not signed]
S3 Wmi; 

C:\WINDOWS\System32\advapi32.dll 

[686080 2015-12-17] (Microsoft 

Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Archivos de 

programa\Windows Media 

Player\WMPNetwk.exe [916480 

2009-11-24] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
S4 WSearch; 

C:\WINDOWS\system32\SearchIndexer.exe 

[439808 2009-11-24] (Microsoft 

Corporation) [File not signed]
S4 WZCSVC; 

C:\WINDOWS\System32\wzcsvc.dll 

[483840 2009-11-24] (Microsoft 

Corporation) [File not signed]

FRST PARTE 2

===================== Drivers 

(Whitelisted) ======================

(If an entry is included in the fixlist, it will be 

removed from the registry. The file will not be 

moved unless listed separately.)

R1 AFD; 

C:\WINDOWS\System32\drivers\afd.sys 

[138496 2014-05-28] (Microsoft 

Corporation) [File not signed]
S3 Ambfilt; 

C:\WINDOWS\System32\drivers\Ambfilt.sys 

[1691480 2009-11-17] (Creative Labs Inc 

-> Creative)
S3 ampa; C:\WINDOWS\system32\ampa.sys 

[12656 2013-11-29] (ChengDu AoMei Tech 

Co., Ltd -> ) [File not signed]
S3 Andbus; 

C:\WINDOWS\System32\DRIVERS\lgandbu

s.sys [14336 2010-12-07] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 AndDiag; 

C:\WINDOWS\System32\DRIVERS\lganddi

ag.sys [20736 2010-12-07] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 AndGps; 

C:\WINDOWS\System32\DRIVERS\lgandgp

s.sys [20096 2010-12-07] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 ANDModem; 

C:\WINDOWS\System32\DRIVERS\lgandm

odem.sys [25088 2010-12-07] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 andnetadb; 

C:\WINDOWS\System32\Drivers\lgandnetad

b.sys [25856 2010-11-29] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Google Inc)
S3 androidusb; 

C:\WINDOWS\System32\Drivers\lgandadb.s

ys [25728 2010-08-02] (Microsoft Windows 

Hardware Compatibility Publisher -> Google 

Inc)
S3 apf003; 

C:\WINDOWS\system32\apf003.sys [13232 

2013-08-20] (Beijing Apex Weifeng 

Technology Co.,Ltd. -> ) [File not signed]
R1 aswArPot; 

C:\WINDOWS\System32\drivers\aswArPot.s

ys [167480 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R1 aswbidsdriver; 

C:\WINDOWS\System32\drivers\aswbidsdri

verx.sys [188976 2019-04-16] (AVAST 

Software s.r.o. -> AVAST Software)
R0 aswbidsh; 

C:\WINDOWS\System32\drivers\aswbidshx.

sys [165384 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R0 aswblog; 

C:\WINDOWS\System32\drivers\aswblogx.s

ys [284256 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R0 aswbuniv; 

C:\WINDOWS\System32\drivers\aswbunivx.

sys [57904 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R1 aswHdsKe; 

C:\WINDOWS\System32\drivers\aswHdsKe

.sys [138840 2019-04-16] (AVAST 

Software s.r.o. -> AVAST Software)
S3 aswHwid; 

C:\WINDOWS\System32\drivers\aswHwid.s

ys [42736 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R1 aswKbd; 

C:\WINDOWS\System32\drivers\aswKbd.sy

s [40688 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R2 aswMonFlt; 

C:\WINDOWS\System32\drivers\aswMonFlt

.sys [135200 2019-04-16] (AVAST 

Software s.r.o. -> AVAST Software)
R1 aswRdr; 

C:\WINDOWS\System32\drivers\aswRdr.sys 

[70640 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R0 aswRvrt; 

C:\WINDOWS\System32\drivers\aswRvrt.sy

s [72800 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R1 aswSnx; 

C:\WINDOWS\System32\drivers\aswSnx.sys 

[784560 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
R1 aswSP; 

C:\WINDOWS\System32\drivers\aswSP.sys 

[397992 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
S3 aswStmXP; 

C:\WINDOWS\System32\drivers\aswStmXP

.sys [146584 2019-04-16] (AVAST 

Software s.r.o. -> AVAST Software)
S3 aswTap; 

C:\WINDOWS\System32\DRIVERS\aswTa

p.sys [35144 2014-09-28] (AVAST 

Software a.s. -> The OpenVPN Project)
R0 aswVmm; 

C:\WINDOWS\System32\drivers\aswVmm.s

ys [310200 2019-04-16] (AVAST Software 

s.r.o. -> AVAST Software)
S3 CCDECODE; 

C:\WINDOWS\System32\DRIVERS\CCDE

CODE.sys [17024 2008-04-14] (Microsoft 

Windows Component Publisher -> Microsoft 

Corporation)
S3 devlower; 

C:\WINDOWS\System32\DRIVERS\devlow

er.sys [9216 2010-07-02] (Windows (R) 

Server 2003 DDK provider) [File not signed]
S3 dg_ssudbus; 

C:\WINDOWS\System32\DRIVERS\ssudbu

s.sys [80824 2012-06-04] (Samsung 

Electronics CO., LTD. -> DEVGURU Co., 

LTD.(www.devguru.co.kr))
R3 dtlitescsibus; 

C:\WINDOWS\System32\DRIVERS\dtlitesc

sibus.sys [25016 2015-07-31] (Disc Soft Ltd 

-> Disc Soft Ltd)
S1 DumpDrv; 

C:\Windows\System32\Drivers\DumpDrv.sys 

[9472 2009-11-24] (Microsoft Corporation) 

[File not signed]
R1 EfiMon; 

C:\WINDOWS\System32\Drivers\Efimon.sys 

[23624 2014-02-09] (Qihoo 360 Software 

(Beijing) Company Limited -> 360安全中心)
S4 exFat; 

C:\Windows\System32\Drivers\exFat.sys 

[133632 2009-11-24] (Microsoft 

Corporation) [File not signed]
U1 Fs_Rec; 

C:\Windows\System32\Drivers\Fs_Rec.sys 

[9216 2009-11-24] (Microsoft Corporation) 

[File not signed]
R0 GbpKm; 

C:\WINDOWS\System32\drivers\gbpkm.sys 

[47192 2014-05-08] (GAS 

INFORMATICA LTDA -> GAS 

Tecnologia)
S3 hamachi; 

C:\WINDOWS\System32\DRIVERS\hamach

i.sys [26176 2018-05-30] (LogMeIn, Inc. -> 

LogMeIn, Inc.)
R0 HookPort; 

C:\WINDOWS\System32\Drivers\Hookport.

sys [75832 2014-02-09] (Qihoo 360 

Software (Beijing) Company Limited -> 360安

全中心)
R3 HSFHWBS2; 

C:\WINDOWS\System32\DRIVERS\HSFH

WBS2.sys [254848 2006-06-12] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Conexant Systems, Inc.)
R3 HSF_DP; 

C:\WINDOWS\System32\DRIVERS\HSF_

DP.sys [990592 2006-06-12] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Conexant Systems, Inc.)
S3 HTCAND32; 

C:\WINDOWS\System32\Drivers\ANDROI

DUSB.sys [25088 2014-07-22] (HTC, 

Corporation) [File not signed]
R3 HTTP; 

C:\WINDOWS\System32\Drivers\HTTP.sys 

[265728 2009-10-20] (Microsoft 

Corporation) [File not signed]
R1 HWiNFO32; 

C:\WINDOWS\system32\drivers\HWiNFO3

2.SYS [23840 2015-08-19] (Martin Malik - 

REALiX -> REALiX(tm))
S3 hwmobile; 

C:\WINDOWS\System32\DRIVERS\hwusbs

er.sys [106624 2010-08-19] (Microsoft 

Windows Hardware Compatibility Publisher 

-> HUAWEI Incorporated)
R3 ialm; 

C:\WINDOWS\System32\DRIVERS\igxpmp

32.sys [1730272 2010-01-13] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Intel Corporation)
R1 ISODrive; C:\Archivos de 

programa\UltraISO\drivers\ISODrive.sys 

[82320 2010-01-29] (SHENZHEN YIBO 

DIGITAL SYSTEMS DEVELOPMENT 

CO. LTD. -> EZB Systems, Inc.)
S3 ManyCam; 

C:\WINDOWS\System32\DRIVERS\mcvidr

v.sys [34432 2012-07-20] (Microsoft 

Windows Hardware Compatibility Publisher 

-> ManyCam LLC)
R0 MBAMSwissArmy; 

C:\WINDOWS\System32\drivers\MBAMSw

issArmy.sys [220896 2019-05-26] 

(Malwarebytes Corporation -> 

Malwarebytes)
S3 mcaudrv_simple; 

C:\WINDOWS\System32\drivers\mcaudrv.sy

s [25088 2012-07-20] (Microsoft Windows 

Hardware Compatibility Publisher -> 

ManyCam LLC)
R2 mdmxsdk; 

C:\WINDOWS\System32\DRIVERS\mdmxs

dk.sys [12544 2005-10-05] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Conexant)
S3 Monfilt; 

C:\WINDOWS\System32\drivers\Monfilt.sys 

[1395800 2009-11-17] (Creative Labs Inc 

-> Creative Technology Ltd.)
R0 MountMgr; 

C:\Windows\System32\Drivers\MountMgr.sys 

[42752 2009-11-24] (Microsoft Corporation) 

[File not signed]
R1 MRxSmb; 

C:\WINDOWS\System32\DRIVERS\mrxsm

b.sys [457856 2011-07-15] (Microsoft 

Corporation) [File not signed]
R0 NDIS; 

C:\Windows\System32\Drivers\NDIS.sys 

[182912 2009-11-24] (Microsoft 

Corporation) [File not signed]
S3 NdisIP; 

C:\WINDOWS\System32\DRIVERS\NdisIP.

sys [10880 2008-04-14] (Microsoft 

Windows Component Publisher -> Microsoft 

Corporation)
R3 NdisTapi; 

C:\WINDOWS\System32\DRIVERS\ndistapi

.sys [10496 2011-07-08] (Microsoft 

Corporation) [File not signed]
R3 NdisWan; 

C:\WINDOWS\System32\DRIVERS\ndiswa

n.sys [91776 2009-11-24] (Microsoft 

Corporation) [File not signed]
R3 NDProxy; 

C:\Windows\System32\Drivers\NDProxy.sys 

[40960 2013-11-27] (Microsoft Corporation) 

[File not signed]
S3 nm; 

C:\WINDOWS\System32\DRIVERS\NMnt.s

ys [40320 2008-04-13] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
S3 nocashio; 

C:\WINDOWS\System32\drivers\nocashio.sy

s [4096 2012-02-28] () [File not signed]
R4 Ntfs; 

C:\Windows\System32\Drivers\Ntfs.sys 

[576512 2009-03-23] (Microsoft 

Corporation) [File not signed]
R2 NwlnkIpx; 

C:\WINDOWS\System32\DRIVERS\nwlnkip

x.sys [88320 2008-04-13] (Microsoft 

Windows Component Publisher -> Microsoft 

Corporation)
R2 NwlnkNb; 

C:\WINDOWS\System32\DRIVERS\nwlnkn

b.sys [63232 2001-08-24] (Microsoft 

Windows Component Publisher -> Microsoft 

Corporation)
R2 NwlnkSpx; 

C:\WINDOWS\System32\DRIVERS\nwlnks

px.sys [55936 2001-08-24] (Microsoft 

Windows Component Publisher -> Microsoft 

Corporation)
S3 Orinoquia; 

C:\WINDOWS\System32\DRIVERS\orinous

bser.sys [106624 2011-11-09] (Microsoft 

Windows Hardware Compatibility Publisher 

-> ORINOQUIA Incorporated)
U5 phunter; 

C:\WINDOWS\system32\unikey.sys [13816 

2017-12-04] (UAB Digiteka -> )
S3 pneteth; 

C:\WINDOWS\System32\DRIVERS\pneteth

.sys [13440 2011-11-25] (June Fabrics 

Technology Inc.) [File not signed]
S3 PortTalk; 

C:\WINDOWS\System32\Drivers\PortTalk.s

ys [3567 2002-01-12] (Beyond Logic 

hxxp://www.beyondlogic.org) [File not signed]
R3 PSched; 

C:\WINDOWS\System32\DRIVERS\psched.

sys [70272 2009-11-24] (Microsoft 

Corporation) [File not signed]
R0 pwdrvio; 

C:\WINDOWS\System32\pwdrvio.sys 

[15688 2013-09-30] (MiniTool Solution Ltd 

-> )
S3 pwdspio; 

C:\WINDOWS\system32\pwdspio.sys 

[10320 2013-09-30] (MiniTool Solution Ltd 

-> )
R3 RasPppoe; 

C:\WINDOWS\System32\DRIVERS\rasppp

oe.sys [41472 2009-11-24] (Microsoft 

Corporation) [File not signed]
R1 Rdbss; 

C:\WINDOWS\System32\DRIVERS\rdbss.s

ys [174848 2009-11-24] (Microsoft 

Corporation) [File not signed]
R3 rdpdr; 

C:\WINDOWS\System32\DRIVERS\rdpdr.s

ys [195712 2009-09-04] (Microsoft 

Corporation) [File not signed]
S3 RDPWD; 

C:\Windows\System32\Drivers\RDPWD.sys 

[139784 2012-07-04] (Microsoft 

Corporation) [File not signed]
S3 REN2CAP_DRIVER; 

C:\WINDOWS\System32\drivers\ren2cap.sy

s [39048 2011-11-07] (4Front Technologies, 

Inc. -> )
S3 rimvndis; 

C:\WINDOWS\System32\Drivers\rimvndis.sy

s [12288 2015-05-26] (BlackBerry Limited) 

[File not signed]
S3 RimVSerPort; 

C:\WINDOWS\System32\DRIVERS\RimSer

ial.sys [35840 2012-12-10] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Research in Motion Ltd)
R2 rspndr; 

C:\WINDOWS\System32\DRIVERS\rspndr.

sys [62848 2009-11-24] (Microsoft 

Corporation) [File not signed]
R1 SASDIFSV; C:\Archivos de 

programa\SUPERAntiSpyware\SASDIFSV.S

YS [12880 2011-07-22] (Support.com, Inc. 

-> SUPERAdBlocker.com and 

SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Archivos de 

programa\SUPERAntiSpyware\SASKUTIL.S

YS [67664 2011-07-12] (Support.com, Inc. 

-> SUPERAdBlocker.com and 

SUPERAntiSpyware.com)
U5 ScsiPort; 

C:\WINDOWS\system32\drivers\scsiport.sys 

[96384 2008-04-13] (Microsoft Windows 

Component Publisher -> Microsoft 

Corporation)
U5 Sdbus; 

C:\Windows\System32\Drivers\Sdbus.sys 

[80384 2009-11-24] (Microsoft Corporation) 

[File not signed]
S3 Secdrv; 

C:\WINDOWS\System32\DRIVERS\secdrv.

sys [20480 2008-04-13] (Microsoft 

Windows Component Publisher -> 

Macrovision Corporation, Macrovision 

Europe Limited, and Macrovision Japan and 

Asia K.K.)
S3 smhwdev; 

C:\WINDOWS\System32\DRIVERS\smhwd

ev.sys [100864 2010-06-24] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Huawei Technologies Co., Ltd.)
S3 smhwser; 

C:\WINDOWS\System32\DRIVERS\smhws

er.sys [108032 2010-06-24] (Microsoft 

Windows Hardware Compatibility Publisher 

-> QUALCOMM Incorporated)
S3 ssudmdm; 

C:\WINDOWS\System32\DRIVERS\ssudmd

m.sys [181432 2012-06-04] (Samsung 

Electronics CO., LTD. -> DEVGURU Co., 

LTD.(www.devguru.co.kr))
S3 ssudserd; 

C:\WINDOWS\System32\DRIVERS\ssudser

d.sys [181432 2012-06-04] (Samsung 

Electronics CO., LTD. -> DEVGURU Co., 

LTD.(www.devguru.co.kr))
S3 tap0901; 

C:\WINDOWS\System32\DRIVERS\tap090

1.sys [35288 2013-08-22] (OpenVPN 

Technologies, Inc. -> The OpenVPN Project)
S3 tapse01; 

C:\WINDOWS\System32\DRIVERS\tapse0

1.sys [33720 2016-07-14] (SurfEasy Inc -> 

The OpenVPN Project)
R1 Tcpip; 

C:\WINDOWS\System32\DRIVERS\tcpip.sy

s [361600 2015-10-13] (Microsoft 

Corporation) [File not signed]
R1 Tcpip6; 

C:\WINDOWS\System32\DRIVERS\tcpip6.

sys [226880 2015-10-13] (Microsoft 

Corporation) [File not signed]
S3 TDTCP; 

C:\Windows\System32\Drivers\TDTCP.sys 

[22024 2009-11-24] (Microsoft Corporation) 

[File not signed]
U5 UnlockerDriver5; C:\Archivos de 

programa\Unlocker\UnlockerDriver5.sys 

[4096 2010-07-04] () [File not signed]
S3 usbaudio; 

C:\WINDOWS\System32\drivers\usbaudio.sy

s [60160 2013-07-16] (Microsoft 

Corporation) [File not signed]
S3 usbbus; 

C:\WINDOWS\System32\DRIVERS\lgusbbu

s.sys [13056 2010-10-21] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 usbcamcl; 

C:\WINDOWS\System32\DRIVERS\usbcam

cl.sys [30976 2010-07-15] (usb camera) [File 

not signed]
S3 usbccgp; 

C:\WINDOWS\System32\DRIVERS\usbccg

p.sys [32384 2013-08-08] (Microsoft 

Corporation) [File not signed]
S3 UsbDiag; 

C:\WINDOWS\System32\DRIVERS\lgusbdi

ag.sys [20864 2010-10-21] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
R3 usbehci; 

C:\WINDOWS\System32\DRIVERS\usbehci

.sys [30336 2009-03-18] (Microsoft 

Corporation) [File not signed]
S3 USBModem; 

C:\WINDOWS\System32\DRIVERS\lgusbm

odem.sys [25216 2010-10-21] (Microsoft 

Windows Hardware Compatibility Publisher 

-> LG Electronics Inc.)
S3 usbser; 

C:\WINDOWS\System32\DRIVERS\usbser.

sys [26240 2013-08-28] (Microsoft 

Corporation) [File not signed]
S3 USBSTOR; 

C:\WINDOWS\System32\DRIVERS\USBS

TOR.SYS [26496 2016-01-29] (Microsoft 

Corporation) [File not signed]
S3 usbUDisc; 

C:\WINDOWS\System32\DRIVERS\USBDr

v.sys [13824 2018-05-10] (ALL WINNER 

(HONG KONG) LIMITED -> Scott)
S3 usbvideo; 

C:\WINDOWS\System32\Drivers\usbvideo.s

ys [123008 2013-07-16] (Microsoft 

Corporation) [File not signed]
S3 USB_RNDIS; 

C:\WINDOWS\System32\DRIVERS\usb802

3.sys [12928 2013-02-11] (Microsoft 

Corporation) [File not signed]
S3 usb_rndisx; 

C:\WINDOWS\System32\DRIVERS\usb802

3x.sys [12928 2013-02-11] (Microsoft 

Corporation) [File not signed]
S3 wacomrouterfilter; 

C:\WINDOWS\System32\DRIVERS\wacom

routerfilter.sys [13112 2015-08-19] (Wacom 

Technology Corp. -> Wacom Technology)
R3 winachsf; 

C:\WINDOWS\System32\DRIVERS\HSF_

CNXT.sys [727808 2006-06-12] (Microsoft 

Windows Hardware Compatibility Publisher 

-> Conexant Systems, Inc.)
R3 yukonwxp; 

C:\WINDOWS\System32\DRIVERS\yk51x8

6.sys [299488 2013-01-08] (Marvell 

Semiconductor -> Marvell)
S3 ztemtusbser; 

C:\WINDOWS\System32\DRIVERS\CT_ZT

EMT_U_USBSER.sys [105472 

2010-06-06] (Microsoft Windows Hardware 

Compatibility Publisher -> ZTEMT 

Incorporated)
S3 AndNetDiag; 

system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; 

system32\DRIVERS\lgandnetmodem.sys [X]
S3 ATP; no ImagePath
S3 EagleXNt; no ImagePath
S3 Generalusbserialser20675; 

system32\DRIVERS\CT_U_USBSER.sys 

[X]
S4 IntelIde; no ImagePath
S3 LLRING0; no ImagePath
S3 massfilter_hs; 

system32\drivers\massfilter_hs.sys [X]
S1 MoboroboAssDriver; 

system32\drivers\MoboroboAssDriver.sys 

[X]
S3 RimUsb; System32\Drivers\RimUsb.sys 

[X]
S3 USBAAPL; System32\Drivers\usbaapl.sys 

[X]
S1 WNMFLT; no ImagePath
S3 XDva407; no ImagePath
S3 XDva409; no ImagePath

==================== NetSvcs 

(Whitelisted) ===================

(If an entry is included in the fixlist, it will be 

removed from the registry. The file will not be 

moved unless listed separately.)


==================== One month 

(created) ========

(If an entry is included in the fixlist, the 

file/folder will be moved.)

2019-05-26 15:59 - 2019-05-26 16:02 - 

000048371 _____ C:\Documents and 

Settings\Ana\Escritorio\FRST.txt
2019-05-26 15:59 - 2019-05-26 15:59 - 

000000856 _____ C:\Documents and 

Settings\Ana\Escritorio\JRT.txt
2019-05-26 15:59 - 2019-05-26 15:59 - 

000000000 ____D C:\FRST
2019-05-26 15:47 - 2019-05-26 15:47 - 

000004569 _____ C:\Documents and 

Settings\Ana\Escritorio\AdwCleaner[C0].txt
2019-05-26 15:34 - 2019-05-26 15:37 - 

000000000 ____D C:\AdwCleaner
2019-05-26 15:33 - 2019-05-26 15:34 - 

004110280 _____ C:\Documents and 

Settings\Ana\Escritorio\adwcleaner_6.047.exe
2019-05-26 15:25 - 2019-05-26 15:25 - 

000013423 _____ C:\Documents and 

Settings\Ana\Escritorio\Malwarebytes.txt
2019-05-26 14:33 - 2019-05-26 14:33 - 

000220896 _____ (Malwarebytes) 

C:\WINDOWS\system32\Drivers\MBAMSw

issArmy.sys
2019-05-26 14:32 - 2019-05-26 14:32 - 

000001778 _____ C:\Documents and 

Settings\All Users\Escritorio\Malwarebytes.lnk
2019-05-26 14:32 - 2019-05-26 14:32 - 

000000000 ____D C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\Malwarebytes
2019-05-26 14:31 - 2019-05-26 14:31 - 

000000000 ____D C:\Documents and 

Settings\All Users\Datos de 

programa\Malwarebytes
2019-05-26 14:31 - 2019-05-26 14:31 - 

000000000 ____D C:\Archivos de 

programa\Malwarebytes
2019-05-26 14:31 - 2018-04-26 05:36 - 

000128736 _____ (Malwarebytes) 

C:\WINDOWS\system32\Drivers\mbae.sys
2019-05-26 14:19 - 2019-05-26 14:19 - 

000000000 ____D C:\Documents and 

Settings\All Users\Datos de 

programa\MB3Install
2019-05-26 14:17 - 2019-05-26 14:18 - 

076534856 _____ (Malwarebytes ) 

C:\Documents and 

Settings\Ana\Escritorio\mb3-setup-legacywos

-3.5.1.2522-1.0.365-1.0.5292.exe
2019-05-26 13:55 - 2019-05-26 13:55 - 

000119722 _____ C:\Documents and 

Settings\Ana\Mis 

documentos\cc_20190526_135456.reg
2019-05-26 13:52 - 2019-05-26 13:52 - 

000084208 _____ C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\GDIPFONTCACHEV1.DAT
2019-05-26 13:46 - 2019-05-26 13:56 - 

000000338 ____H 

C:\WINDOWS\Tasks\CCleaner Update.job
2019-05-26 13:46 - 2019-05-26 13:46 - 

000000731 _____ C:\Documents and 

Settings\All Users\Escritorio\CCleaner.lnk
2019-05-26 13:46 - 2019-05-26 13:46 - 

000000000 ____D C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\CCleaner
2019-05-26 13:46 - 2019-05-26 13:46 - 

000000000 ____D C:\Archivos de 

programa\CCleaner
2019-05-26 13:42 - 2019-05-26 13:42 - 

001794048 _____ (Farbar) C:\Documents 

and Settings\Ana\Escritorio\FRST.exe
2019-05-26 13:40 - 2019-05-26 13:40 - 

001790024 _____ (Malwarebytes) 

C:\Documents and 

Settings\Ana\Escritorio\JRT.exe
2019-05-26 13:27 - 2019-05-26 13:27 - 

021254208 _____ (Piriform Software Ltd) 

C:\Documents and 

Settings\Ana\Escritorio\ccsetup556.exe
2019-05-26 10:57 - 2019-05-26 11:03 - 

000000000 ____D C:\FSTool
2019-05-24 19:01 - 2019-05-26 13:56 - 

000000426 _____ 

C:\WINDOWS\Tasks\Opera scheduled 

Autoupdate 1464892677.job
2019-05-24 18:24 - 2019-05-26 13:56 - 

000000534 _____ 

C:\WINDOWS\Tasks\SUPERAntiSpyware 

Scheduled Task 

c75f75b2-0d39-46d4-87a1-4e734462de70.j

ob
2019-05-24 18:23 - 2019-05-26 13:56 - 

000000534 _____ 

C:\WINDOWS\Tasks\SUPERAntiSpyware 

Scheduled Task 

b151d79f-4a94-4f42-80f0-dc3774cd11ab.jo

b
2019-05-24 18:22 - 2019-05-24 18:22 - 

000000000 ____D C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Temp
2019-05-24 18:11 - 2019-05-24 18:11 - 

000000000 ____D C:\WINDOWS\ABR
2019-05-23 23:46 - 2019-05-23 23:46 - 

000001880 _____ C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\Google Chrome.lnk
2019-05-23 20:56 - 2019-05-24 12:40 - 

000000000 ____D C:\Documents and 

Settings\luis combita\Mis 

documentos\Descargas
2019-05-22 20:22 - 2019-05-25 18:15 - 

000000000 ____D C:\SUPERDelete
2019-05-22 20:08 - 2019-05-22 20:08 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de 

programa\SUPERAntiSpyware.com
2019-05-22 20:06 - 2019-05-25 19:20 - 

000000000 ____D C:\Archivos de 

programa\SUPERAntiSpyware
2019-05-22 20:06 - 2019-05-22 20:06 - 

000000000 ____D C:\Documents and 

Settings\All Users\Datos de 

programa\SUPERAntiSpyware.com
2019-05-22 19:45 - 2019-05-22 19:45 - 

000000000 ____D C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\Auto Clicker Asoftech
2019-05-22 19:45 - 2019-05-22 19:45 - 

000000000 ____D C:\Archivos de 

programa\Asoftech
2019-05-21 18:57 - 2019-05-21 18:57 - 

000000000 ___HD C:\Documents and 

Settings\Ana\Datos de programa\ShellList
2019-05-20 18:44 - 2019-05-20 19:09 - 

000000063 _____ C:\WINDOWS\data.file
2019-05-20 17:46 - 2019-05-20 20:47 - 

000000000 ____D C:\Documents and 

Settings\Ana\Mis documentos\Android_MTK
2019-05-19 16:27 - 2019-05-19 16:27 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\pyinstaller
2019-05-18 19:49 - 2019-05-18 19:49 - 

000000000 ____D C:\Documents and 

Settings\Ana\Mis documentos\NckDongle
2019-05-16 18:05 - 2019-05-16 18:05 - 

000000000 ____D C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\Auto Clicker by 

MurGee.com
2019-05-16 18:05 - 2019-05-16 18:05 - 

000000000 ____D C:\Archivos de 

programa\Auto Clicker by MurGee.com
2019-05-07 19:31 - 2019-05-07 19:32 - 

000000000 __SHD C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\.#
2019-05-05 15:10 - 2019-05-05 15:10 - 

000000000 ____D C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\SkinSoft
2019-05-04 17:52 - 2019-05-04 17:52 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\SBot
2019-05-04 17:51 - 2019-05-04 17:51 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\edxLabs
2019-05-01 20:20 - 2019-05-01 20:20 - 

000000000 ____D C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\Deployment
2019-05-01 19:15 - 2019-05-01 19:15 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\Pokémon 

Trading Card Game Online
2019-05-01 18:32 - 2019-05-01 18:32 - 

000000000 ____D C:\Archivos de 

programa\3DP Chip Lite
2019-05-01 18:18 - 2019-05-01 18:18 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\JetBrains
2019-05-01 18:16 - 2019-05-01 18:16 - 

000000000 ____D C:\Documents and 

Settings\Ana\.PyCharmCE2018.1
2019-04-29 18:24 - 2019-04-29 18:24 - 

000000000 ___HD 

C:\WINDOWS\msdownld.tmp

==================== One month 

(modified) ========

(If an entry is included in the fixlist, the 

file/folder will be moved.)

2019-05-26 16:02 - 2016-12-24 10:39 - 

000000000 ____D C:\Documents and 

Settings\Ana\Configuración local\temp
2019-05-26 15:59 - 2012-02-12 16:32 - 

000000000 ____D C:\Documents and 

Settings\Ana\Escritorio
2019-05-26 15:40 - 2011-12-27 23:41 - 

000000006 ____H 

C:\WINDOWS\Tasks\SA.DAT
2019-05-26 15:38 - 2017-09-30 13:38 - 

000031846 _____ 

C:\WINDOWS\SchedLgU.Txt
2019-05-26 15:38 - 2012-02-12 16:32 - 

000000192 ___SH C:\Documents and 

Settings\Ana\ntuser.ini
2019-05-26 15:38 - 2012-02-12 16:32 - 

000000000 ____D C:\Documents and 

Settings\Ana
2019-05-26 15:36 - 2018-01-15 19:23 - 

000000000 ____D C:\Documents and 

Settings\All Users\Datos de 

programa\Lavasoft
2019-05-26 15:36 - 2011-12-27 18:09 - 

000000000 ___HD C:\Documents and 

Settings\All Users\Datos de programa
2019-05-26 15:33 - 2012-02-12 16:32 - 

000000000 ___RD C:\Documents and 

Settings\Ana\Mis documentos
2019-05-26 15:10 - 2011-12-27 18:12 - 

000000000 ____D C:\Archivos de programa
2019-05-26 14:32 - 2011-12-27 18:11 - 

000000000 ___RD C:\Documents and 

Settings\All Users\Menú Inicio\Programas
2019-05-26 14:32 - 2011-12-27 18:11 - 

000000000 ____D C:\Documents and 

Settings\All Users\Escritorio
2019-05-26 14:03 - 2012-02-12 16:32 - 

000000000 __SHD C:\Documents and 

Settings\Ana\Configuración local\Archivos 

temporales de Internet
2019-05-26 14:00 - 2014-03-06 23:28 - 

001143808 ___SH C:\Documents and 

Settings\Ana\Escritorio\Thumbs.db
2019-05-26 13:52 - 2014-05-13 23:19 - 

000000000 ____D C:\Documents and 

Settings\All Users\Datos de 

programa\BlueStacksSetup
2019-05-26 13:52 - 2013-07-04 19:21 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\uTorrent
2019-05-26 13:52 - 2012-02-12 16:32 - 

000000000 ___HD C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa
2019-05-26 13:50 - 2012-09-14 18:20 - 

000000000 ____D 

C:\WINDOWS\Minidump
2019-05-26 13:45 - 2016-10-19 17:35 - 

000000000 ____D C:\Documents and 

Settings\Ana\Escritorio\Muchas Cositas
2019-05-26 10:32 - 2016-06-02 14:37 - 

000000000 ____D C:\Archivos de 

programa\Opera
2019-05-26 09:43 - 2011-12-27 23:44 - 

000000000 ____D C:\Documents and 

Settings\luis alberto combita
2019-05-26 08:44 - 2018-10-28 14:51 - 

000000000 ____D C:\Archivos de 

programa\VLC
2019-05-25 21:17 - 2014-03-22 13:00 - 

000000192 ___SH C:\Documents and 

Settings\luis combita\ntuser.ini
2019-05-25 21:17 - 2014-03-22 13:00 - 

000000000 ____D C:\Documents and 

Settings\luis combita
2019-05-25 21:16 - 2016-12-24 10:39 - 

000000000 ____D C:\Documents and 

Settings\luis combita\Configuración local\temp
2019-05-25 20:51 - 2015-08-03 22:29 - 

000002143 _____ C:\Documents and 

Settings\luis combita\Escritorio\Google 

Chrome.lnk
2019-05-25 20:49 - 2012-01-05 13:57 - 

000000000 ____D C:\Archivos de 

programa\WinRar
2019-05-25 20:45 - 2016-11-17 18:40 - 

000000000 ____D C:\Archivos de 

programa\Mozilla Firefox
2019-05-25 19:20 - 2018-01-15 19:22 - 

000000000 ____D C:\Documents and 

Settings\luis combita\Datos de 

programa\uTorrent
2019-05-25 19:20 - 2012-03-11 05:22 - 

000000000 ____D C:\Archivos de 

programa\Microsoft ActiveSync
2019-05-25 19:03 - 2015-08-13 12:35 - 

000001580 _____ C:\Documents and 

Settings\Ana\Escritorio\Opera.lnk
2019-05-24 20:24 - 2011-12-27 18:15 - 

000000000 ___DC 

C:\WINDOWS\system32\dllcache
2019-05-24 20:23 - 2015-08-03 22:29 - 

000001880 _____ C:\Documents and 

Settings\luis combita\Menú 

Inicio\Programas\Google Chrome.lnk
2019-05-24 20:14 - 2014-06-11 12:58 - 

000000000 ____D C:\Documents and 

Settings\Ana\Escritorio\Accesos Directos
2019-05-24 18:15 - 2015-08-27 18:21 - 

000000000 ____D C:\Documents and 

Settings\Ana\Configuración local\Datos de 

programa\MEGAsync
2019-05-24 18:12 - 2012-09-16 17:34 - 

000000000 ____D C:\WINDOWS\pss
2019-05-24 18:12 - 2011-12-27 18:11 - 

000000000 ___RD C:\Documents and 

Settings\All Users\Menú 

Inicio\Programas\Inicio
2019-05-24 13:33 - 2019-03-29 13:03 - 

000001874 _____ C:\Documents and 

Settings\Ana\Escritorio\Google Chrome.lnk
2019-05-23 23:42 - 2014-03-22 13:00 - 

000000000 ___HD C:\Documents and 

Settings\luis combita\Configuración 

local\Datos de programa
2019-05-23 23:42 - 2012-07-09 18:42 - 

000000000 ____D C:\Archivos de 

programa\Google
2019-05-23 23:29 - 2012-06-16 18:57 - 

000000000 ____D 

C:\WINDOWS\system32\Macromed
2019-05-23 23:24 - 2011-12-27 23:21 - 

000000000 ____D C:\Archivos de 

programa\Windows Desktop Search
2019-05-23 20:56 - 2014-03-22 13:00 - 

000000000 ___RD C:\Documents and 

Settings\luis combita\Mis documentos
2019-05-23 20:54 - 2014-03-22 13:00 - 

000000000 __RHD C:\Documents and 

Settings\luis combita\Reciente
2019-05-23 20:33 - 2014-03-22 13:00 - 

000000000 __SHD C:\Documents and 

Settings\luis combita\Configuración 

local\Archivos temporales de Internet
2019-05-23 13:12 - 2013-12-08 18:08 - 

000000000 ____D C:\Archivos de 

programa\Cheating-Death
2019-05-22 20:24 - 2012-08-07 18:00 - 

000000000 ____D C:\Archivos de 

programa\Unlocker
2019-05-22 20:23 - 2017-09-30 13:38 - 

000000000 __SHD C:\Documents and 

Settings\LocalService.NT 

AUTHORITY.000\Configuración 

local\Archivos temporales de Internet
2019-05-22 20:23 - 2017-09-30 13:38 - 

000000000 ____D C:\Documents and 

Settings\LocalService.NT 

AUTHORITY.000\Configuración local\Temp
2019-05-22 20:23 - 2016-12-28 00:13 - 

000000000 ___HD C:\Documents and 

Settings\Administrador\Configuración 

local\Archivos temporales de Internet
2019-05-22 20:23 - 2016-12-28 00:13 - 

000000000 ____D C:\Documents and 

Settings\Administrador\Configuración 

local\temp
2019-05-22 20:23 - 2011-12-28 16:27 - 

000000000 __SHD C:\Documents and 

Settings\Invitado\Configuración local\Archivos 

temporales de Internet
2019-05-22 20:23 - 2011-12-27 23:41 - 

000000000 ___HD C:\Documents and 

Settings\NetworkService\Configuración 

local\Archivos temporales de Internet
2019-05-22 20:23 - 2011-12-27 18:11 - 

000000000 __SHD C:\Documents and 

Settings\Default User\Configuración 

local\Archivos temporales de Internet
2019-05-22 20:08 - 2012-02-12 16:32 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa
2019-05-22 19:55 - 2016-12-28 00:13 - 

000000192 ___SH C:\Documents and 

Settings\Administrador\ntuser.ini
2019-05-21 21:14 - 2011-12-27 18:15 - 

000000000 ___HD C:\WINDOWS\inf
2019-05-21 19:05 - 2011-12-27 17:53 - 

000000000 ____D C:\Documents and 

Settings
2019-05-21 19:01 - 2017-09-30 13:38 - 

000000000 __SHD C:\Documents and 

Settings\LocalService.NT AUTHORITY.000
2019-05-21 19:01 - 2016-12-28 00:13 - 

000000000 ____D C:\Documents and 

Settings\Administrador
2019-05-21 19:01 - 2011-12-28 16:27 - 

000000000 ____D C:\Documents and 

Settings\Invitado
2019-05-21 19:01 - 2011-12-27 23:41 - 

000000000 __SHD C:\Documents and 

Settings\NetworkService
2019-05-21 19:00 - 2011-12-27 23:22 - 

000000000 ____D 

C:\WINDOWS\Registration
2019-05-21 18:55 - 2015-07-31 17:03 - 

000000000 ____D C:\Games
2019-05-21 18:50 - 2011-12-27 23:29 - 

000000000 ____D C:\Archivos de 

programa\Microsoft Silverlight
2019-05-21 14:03 - 2001-08-24 06:00 - 

000002206 _____ 

C:\WINDOWS\system32\wpa.dbl
2019-05-20 20:57 - 2018-08-22 19:16 - 

000000000 ____D C:\Archivos de 

programa\7-Zip
2019-05-20 20:30 - 2016-06-01 17:45 - 

000000000 ____D C:\Documents and 

Settings\Ana\Mis documentos\Descargas
2019-05-20 20:05 - 2015-12-12 14:44 - 

000000000 ____D C:\Archivos de 

programa\DIFX
2019-05-20 19:39 - 2015-08-12 11:47 - 

000000000 ____D C:\Archivos de 

programa\UltraISO
2019-05-20 19:39 - 2015-07-06 15:55 - 

000000000 ____D C:\Archivos de 

programa\Notepad++
2019-05-20 18:21 - 2012-02-12 16:32 - 

000000000 ____D C:\Documents and 

Settings\Ana\Menú Inicio\Programas
2019-05-18 20:46 - 2014-12-28 18:55 - 

000000000 ____D C:\Documents and 

Settings\Ana\Escritorio\AK433
2019-05-18 18:22 - 2016-09-08 00:48 - 

000000000 _____ 

C:\WINDOWS\system32\last.dump
2019-05-18 18:10 - 2011-12-31 22:02 - 

000000000 ___HD C:\Archivos de 

programa\InstallShield Installation Information
2019-05-18 09:43 - 2014-03-22 13:01 - 

000000000 ___RD C:\Documents and 

Settings\luis combita\Mis documentos\Mis 

imágenes
2019-05-15 17:06 - 2015-09-06 18:08 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\vlc
2019-05-08 19:27 - 2019-01-19 19:08 - 

000000000 ____D C:\Documents and 

Settings\Ana\Escritorio\Argelis
2019-05-08 19:27 - 2012-02-12 16:42 - 

000000000 ____D C:\Documents and 

Settings\Ana\Datos de programa\Adobe
2019-05-06 12:18 - 2011-12-27 18:12 - 

001336958 ____C 

C:\WINDOWS\system32\PerfStringBackup.I

NI
2019-05-06 12:18 - 2001-08-24 06:00 - 

000598658 _____ 

C:\WINDOWS\system32\perfh00A.dat
2019-05-06 12:18 - 2001-08-24 06:00 - 

000123456 _____ 

C:\WINDOWS\system32\perfc00A.dat
2019-05-05 16:27 - 2014-07-13 13:20 - 

000000000 ___RD C:\Documents and 

Settings\Ana\Escritorio\Android
2019-05-04 17:21 - 2011-12-27 18:52 - 

000000250 ___SH C:\boot.ini
2019-05-04 17:21 - 2001-08-24 06:00 - 

000000769 _____ C:\WINDOWS\win.ini
2019-05-04 17:21 - 2001-08-24 06:00 - 

000000275 _____ C:\WINDOWS\system.ini
2019-05-02 19:33 - 2011-12-27 18:15 - 

000000000 ____D C:\WINDOWS\Network 

Diagnostic
2019-05-02 18:10 - 2017-01-03 00:47 - 

000000000 ____D C:\Archivos de 

programa\EviSoft
2019-05-01 18:16 - 2018-01-04 18:42 - 

000002345 _____ C:\Documents and 

Settings\Ana\cookie.txt
2019-04-30 11:17 - 2018-09-05 21:59 - 

000000000 ____D C:\Documents and 

Settings\luis combita\Datos de programa\vlc
2019-04-29 18:26 - 2011-12-27 23:27 - 

000000000 ____D 

C:\WINDOWS\system32\DirectX

==================== Files in the root 

of some directories =======

2013-07-14 11:30 - 2013-05-15 11:30 - 

000000032 ___RC () C:\Documents and 

Settings\All Users\hash.dat
2018-11-20 20:07 - 2018-11-20 20:07 - 

000000257 _____ () C:\Documents and 

Settings\Ana\mdatac.dat
2012-03-11 05:22 - 2012-03-11 05:22 - 

000002528 ____C () C:\Documents and 

Settings\Ana\Datos de 

programa\$_hpcst$.hpc
2017-01-07 00:51 - 2017-01-07 02:29 - 

000000035 _____ () C:\Documents and 

Settings\All Users\Datos de 

programa\droidcam-settings
2016-03-18 12:10 - 2016-03-18 12:11 - 

000000376 _____ () C:\Documents and 

Settings\All Users\Datos de 

programa\IpodRescue.ini
2015-01-01 14:46 - 2015-01-01 14:46 - 

000000016 ____C () C:\Documents and 

Settings\All Users\Datos de programa\mntemp
2014-09-30 20:34 - 2014-09-30 20:34 - 

005392384 ____C (CipSoft GmbH) 

C:\Documents and Settings\All Users\Datos 

de programa\Tibia.bak
2014-09-30 20:33 - 2014-09-30 20:33 - 

003973756 ____C () C:\Documents and 

Settings\All Users\Datos de 

programa\Tibia_pic.bak
2014-09-30 20:32 - 2014-09-30 20:32 - 

120118012 ____C () C:\Documents and 

Settings\All Users\Datos de 

programa\Tibia_spr.bak

==================== SigCheck 

===============================

(There is no automatic fix for files that do not 

pass verification.)

C:\WINDOWS\explorer.exe
[2009-11-24 10:32] - [2009-11-24 10:32] - 

001036288 _____ (Microsoft Corporation) 

CA36EA502EDC55F0BB553F35CEEFDE

D1

C:\WINDOWS\system32\winlogon.exe
[2009-11-24 10:33] - [2009-11-24 10:33] - 

000512512 _____ (Microsoft Corporation) 

DF9D6523F0260D050F91145E329CB754

C:\WINDOWS\system32\svchost.exe
[2009-11-24 10:33] - [2009-11-24 10:33] - 

000014848 _____ (Microsoft Corporation) 

67E38B4A549833E02D4D1617B5DBC318

C:\WINDOWS\system32\services.exe
[2009-11-24 10:32] - [2009-11-24 10:32] - 

000111104 _____ (Microsoft Corporation) 

AA6E1769469F9D15603A619FC1FB9E18

C:\WINDOWS\system32\rpcss.dll
[2009-11-24 10:32] - [2009-11-24 10:32] - 

000401408 _____ (Microsoft Corporation) 

AEF41FC6F108CC4F94F9B4E96AFA9C7

0

C:\WINDOWS\system32\dnsapi.dll
[2009-11-24 10:32] - [2011-03-03 02:53] - 

000149504 _____ (Microsoft Corporation) 

7C6CB9B5FABFBBD708299C67C848061

4

==================== End of 

FRST.txt 

============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-05-2019
Ran by Ana (26-05-2019 16:02:53)
Running from C:\Documents and Settings\Ana\Escritorio
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-12-28 03:40:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1960408961-73586283-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrador
Ana (S-1-5-21-1960408961-73586283-1801674531-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ana
Asistente de ayuda (S-1-5-21-1960408961-73586283-1801674531-1000 - Limited - Disabled)
ASPNET (S-1-5-21-1960408961-73586283-1801674531-1003 - Limited - Enabled)
Invitado (S-1-5-21-1960408961-73586283-1801674531-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Invitado
luis alberto combita (S-1-5-21-1960408961-73586283-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\luis alberto combita
luis combita (S-1-5-21-1960408961-73586283-1801674531-1277 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\luis combita
SUPPORT_388945a0 (S-1-5-21-1960408961-73586283-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.flow 0.10 Eng (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\.flow 0.10 Eng) (Version:  - )
µTorrent (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
3DP Chip Lite v19.04 (HKLM\...\3DP Chip Lite) (Version: v19.04 - 3DP)
3DP Chip v16.11 (HKLM\...\3DP Chip) (Version: v16.11 - 3DP)
7-Zip 18.05 (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Activador XP (HKLM\...\Activador XP) (Version:  - WCPCGAMES)
Actualización de seguridad para Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2862772) (HKLM\...\KB2862772-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3078071) (HKLM\...\KB3078071-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3087038) (HKLM\...\KB3087038-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3087985) (HKLM\...\KB3087985-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3093983) (HKLM\...\KB3093983-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3100773) (HKLM\...\KB3100773-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3104002) (HKLM\...\KB3104002-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3124275) (HKLM\...\KB3124275-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3148198) (HKLM\...\KB3148198-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3154070) (HKLM\...\KB3154070-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3160005) (HKLM\...\KB3160005-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3170106) (HKLM\...\KB3170106-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3175443) (HKLM\...\KB3175443-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3185319-v2) (HKLM\...\KB3185319-v2-IE8) (Version: 2 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB3191492) (HKLM\...\KB3191492-IE8) (Version: 1 - Microsoft Corporation)
Actualización de seguridad para Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Actualización para Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Actualización para Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Actualización para Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Aion (HKLM\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Akamai NetSession Interface (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\Akamai) (Version:  - Akamai Technologies, Inc)
Analizador de MSXML 6.0 (HKLM\...\{5661DB2D-A5AF-4D0F-B34E-3CD45EC6B607}) (Version: 6.10.1129.0 - Microsoft Corporation)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32 bits) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asesor de actualizaciones de Windows 7 (HKLM\...\{E45FA4DF-3F59-4250-92B9-8CB10F1D22C3}) (Version: 2.0.5000.0 - Microsoft Corporation)
Auto Clicker Asoftech (HKLM\...\{ED013718-12A9-4D72-A20C-F998EDDE881D}) (Version: 2.00.000 - )
Auto Clicker v15.1 (HKLM\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 15.1 - MurGee.com)
AutoHotkey 1.1.30.00 (HKLM\...\AutoHotkey) (Version: 1.1.30.00 - Lexikos)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitcoin (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\Bitcoin) (Version: 0.8.6 - Bitcoin project)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camouflage (HKLM\...\Camouflage) (Version:  - )
Camtasia Studio 8 (HKLM\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Charles 3.6.5 (HKLM\...\{E9812BB4-0DDA-44F7-A069-1D5C127D837D}) (Version: 3.6.5.6 - XK72 Ltd)
Charles 3.9.3 (HKLM\...\{98E06378-34FA-47A7-B94C-9AD7E434F152}) (Version: 3.9.3.3 - XK72 Ltd)
Cheat Engine 6.8.2 (HKLM\...\Cheat Engine 6.8.2_is1) (Version:  - Cheat Engine)
Cliente de Windows Rights Management con Service Pack 2 (HKLM\...\{9850E3EB-69A6-428C-9A23-C64E650809CB}) (Version: 5.2.95 - Microsoft)
CodeBlocks (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
Comneon Mobile Highspeed Modem v3.46.0.0 (HKLM\...\Comneon Mobile Highspeed Modem v3.46.0.0) (Version: 3.46.0.0 - Comneon)
Conexión Orinoquia (HKLM\...\Conexión Orinoquia) (Version: 12.08.109 - Industrial Electronic Orinoquia S.A.)
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dead Frontier (HKLM\...\{24EBCC93-0875-473D-A317-0E1D355900A8}_is1) (Version: 28 - Creaky Corpse Ltd)
doPDF (HKLM\...\{56DB15C3-27E0-4CD3-83FE-FFB6FB71FE45}) (Version: 8.1.921 - Softland) Hidden
doPDF 8 (HKLM\...\{203bca4f-9d36-4620-8b62-818eeaa51227}) (Version: 8.1.921 - Softland)
emuFiles Pcsxr (HKLM\...\emuFiles.Pcsxr_is1) (Version: r82102 - emuFiles)
emuFiles VBA-M (HKLM\...\emuFiles.VBA-M_is1) (Version: 1149 - emuFiles)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Game Launcher (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\Game Launcher) (Version: 12345.0.0.0 - Splitscreen Studios GmbH)
Google Talk Plugin (HKLM\...\{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}) (Version: 4.5.3.14917 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Half-Life (HKLM\...\Half-Life_is1) (Version: Half-Life - No Steam - KingSOFT DVD)
Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
HiAlgo BOOST 5.0 (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\HiAlgoBOOST) (Version: 5.0 - HiAlgo Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HSF2014 56K Data Fax Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_201414F1) (Version:  - )
HxD Hex Editor 2.2 (HKLM\...\HxD_is1) (Version: 2.2 - Maël Hörz)
IIS 7.5 Express (HKLM\...\{B2709A19-511D-4368-AAFF-880FC0DB1B0B}) (Version: 7.5.1190 - Microsoft Corporation)
IIS6 Manager (HKLM\...\{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}) (Version: 0 - Microsoft Corporation)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JetBrains PyCharm Community Edition 2018.1.4 (HKLM\...\PyCharm Community Edition 2018.1.4) (Version: 181.5087.37 - JetBrains s.r.o.)
JetBrains Toolbox (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\JetBrainsToolbox) (Version: 1.9.3935 - JetBrains s.r.o.)
Junk Mail filter update (HKLM\...\{8E5233E1-7495-44FB-8DEB-4BE906D59619}) (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KH Ultra Trainer (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\f315b0c15991a77c) (Version: 0.1.0.64 - KongHack)
K-Lite Mega Codec Pack 13.8.5 (HKLM\...\KLiteCodecPack_is1) (Version: 13.8.5 - KLCP)
League of Legends (HKLM\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 2.2 - LG Electronics)
Lineage II (HKLM\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Malwarebytes versión 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
MapleStory (HKLM\...\MapleStory) (Version:  - )
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
MediBang Paint Pro 13.0 (32-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 13.0 - Medibang)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.3.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30730 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}) (Version: 3.5.30730 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ActiveSync (HKLM\...\{99052DB7-9592-4522-A558-5417BBAD48EE}) (Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{91CC3B1F-1ECE-4BA2-9C72-7AB23D1B3E4A}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{e6edaf4d-f9a1-4023-be00-d6189343feb9}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{26d3efd6-ca22-4f93-bf78-c422efaf105d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseServer version 1.5.2.0 (HKLM\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.2.0 - Necta Co.)
Mozilla Firefox 52.9.0 ESR (x86 es-ES) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 es-ES)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiStage Recovery 4 (HKLM\...\MultiStage Recovery_is1) (Version:  - Enplase Research)
music2pc 2.23 (HKLM\...\music2pc_is1) (Version:  - MP3 Download)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{7614A4A9-34CC-441D-A121-0C9C178B6102}) (Version: 8.1.921 - Softland)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Overwolf (HKLM\...\Overwolf) (Version: 0.85.190.0 - Overwolf Ltd.)
Panda USB Vaccine 1.0.1.16 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Paquete de controladores de Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (HKLM\...\D947C5B44B9016AE0921E60FC8B6B15EEBB7E850) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - Marvell (yukonwxp) Net  (01/08/2013 12.10.14.3) (HKLM\...\BBA267AF4D1E13E3BBDCDB16C94F3CD39E8FBAB0) (Version: 01/08/2013 12.10.14.3 - Marvell)
Paquete de controladores de Windows - Marvell Net  (01/08/2013 12.10.14.3) (HKLM\...\06BDD3905ACEC4280F6CC56D905FFAE293874EB8) (Version: 01/08/2013 12.10.14.3 - Marvell)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (01/05/2012 2.0000.0.1) (HKLM\...\49D9ABA9270C5BDFD7AE1BEB607D36B26BB90235) (Version: 01/05/2012 2.0000.0.1 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Paquete de controladores de Windows - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Paquete de idioma de Microsoft .NET Framework 1.1 Service Pack 1 - ESN (HKLM\...\{83169D43-4660-4347-BC95-E9D6E6BE65CE}) (Version: 1.1.4322 - Microsoft)
Paquete de idioma de Microsoft .NET Framework 2.0 Service Pack 2 - ESN (HKLM\...\{85AC0FFA-643D-3103-9310-7086ECB0C36C}) (Version: 2.2.30729 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 3.0 Service Pack 2 - ESN (HKLM\...\{BDEDB104-4067-3D5E-81F0-DBEBFE856B45}) (Version: 3.2.30729 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn (HKLM\...\{92E4A65F-7007-3357-A69A-167F71A337BD}) (Version: 3.5.30730 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PdaNet+ for Android 4.19 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Poket Script 1.2 (HKLM\...\Poket Script) (Version: 1.2 - Poket Witch Studios)
Python 2.7 libxml2-python-2.7.7 (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\libxml2-python-py2.7) (Version:  - )
Python 2.7.8 (HKLM\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.4.4 (HKLM\...\{50F37472-CBAB-47C6-A318-4C2BAE04D8EB}) (Version: 3.4.16789 - Python Software Foundation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7514 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recover My Files 5.1.0(1824) (HKLM\...\Recover My Files 5.1.0(1824)) (Version:  - )
Recursos de Windows Mobile (HKLM\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Segoe UI (HKLM\...\{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}) (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SP2 con compatibilidad hacia atrás con cliente de Windows Rights Management (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.95 - Microsoft)
Sprite Backup (HKLM\...\{ABC5404F-F0F3-4221-8DB9-5D34DD866E50}) (Version: 5.10 - )
StealthCORE version 4.2.3 (HKLM\...\{32164BD2-3483-4A2A-BA17-222509BD6A79}_is1) (Version: 4.2.3 - Infamous Joe)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 8.0.1038 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Telerik Fiddler (HKLM\...\Fiddler2) (Version: 4.6.20171.14978 - Telerik)
Terraria v1.3.5.3 Rus (HKLM\...\vsetop.com Terraria v1.3.5.3 Rus_is1) (Version: 1.3.5.3 Rus - VseTop.Com)
Total Uninstall 6.21.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.21.0 - Gavrila Martau)
UltraISO Premium V9.36 (HKLM\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Extractor 1.6.1 (HKLM\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 PC CAMERA (HKLM\...\{58D4FB3A-98E9-4B9B-B01E-7F005AEFE019}) (Version: 1.00.0000 - USB 2.0 PC CAMERA)
USB Storage Driver (HKLM\...\GENEUIDE) (Version:  - )
VC_CRT_x86 (HKLM\...\{8054D734-39C7-463D-B764-9C883982B8F9}) (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VirtualDJ Home FREE (HKLM\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Warcraft III (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\Warcraft III) (Version:  - )
Warspear Online (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\Warspear Online) (Version: 5.7.0 - AIGRIND LLC)
WebFldrs XP (HKLM\...\{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebM Project Directshow Filters (HKU\S-1-5-21-1960408961-73586283-1801674531-1007\...\webmdshow) (Version: 1.0.4.1 - WebM Project)
WEBZEN Browser Extension (HKLM\...\{95723791-2C44-454B-9220-C65D47D70E9C}) (Version: 1.01.020 - WEBZEN)
Window Title Changer version 1.0 (HKLM\...\{F530C1D7-2F76-497A-934C-2C55F57BBB37}_is1) (Version: 1.0 - MurGee.com)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Asistente para el inicio de sesión (HKLM\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
WinDS PRO 2016.04.08 (HKLM\...\{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}_is1) (Version: 2016.04.08 - WinDS PRO Central)
WinDS PRO Apps 2.0 (HKLM\...\{92C4C953-5CE1-4DC3-97D5-BBD1A63EF706}_is1) (Version: 2.0 - WinDS PRO Central)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WL Server (HKLM\...\{0660E701-9F34-47CA-A3F9-6E741350EE64}) (Version: 1.1.15 - Blackcaret)
Wondershare Video Editor(Build 3.5.1) (HKLM\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XAMPP (HKLM\...\xampp) (Version: 1.8.2-6 - Bitnami)
XP Repair Pro (HKLM\...\{D950B7AF-0EBC-4990-8696-9FCF03FF0866}) (Version: 5.6.0 - DDX Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0017}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\GAS Tecnologia\GBBD\npsf_bdv.dll (Banco de Venezuela SA Banco Universal -> GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0017}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\GAS Tecnologia\GBBD\npsf_bdv.dll (Banco de Venezuela SA Banco Universal -> GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command -> "C:\Documents and Settings\Ana\Configuración local\Datos de programa\Akamai\ControlPanel.exe"
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Google Talk Plugin\googletalkax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\psuser.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Archivos de programa\Windows Desktop Search\deskbar.dll (Microsoft Corporation) [File not signed]
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Google Talk Plugin\o1dax.dll (Google Inc -> Google)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe (Google Inc -> Google Inc.)
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Ana\Configuración local\Datos de programa\Google\Update\1.3.21.153\psuser.dll (Google Inc -> Google Inc.)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) [File not signed]
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) [File not signed]
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2019-04-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Archivos de programa\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Archivos de programa\Notepad++\NppShell_06.dll [2015-04-15] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2019-04-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers1: [Notepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Archivos de programa\Notepad++\NppShell_06.dll [2015-04-15] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Archivos de programa\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2019-04-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Archivos de programa\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Archivos de programa\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2010-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Archivos de programa\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Archivos de programa\AVAST Software\Avast\ashShell.dll [2019-04-16] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Archivos de programa\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Archivos de programa\UltraISO\isoshell.dll [2014-01-02] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']

==================== Memory info =========================== 

BIOS: LENOVO LENOVO - 20080829 08/29/2008
Motherboard: LENOVO LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 3062.17 MB
Available physical RAM: 1661.89 MB
Total Virtual: 5963.31 MB
Available Virtual: 4780.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:35.35 GB) NTFS ==>[drive with boot components (Windows XP)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: CD357750)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Gracias por tu apoyo @JavierHF. Lo otro que pude notar fue que, en las Opciones de Carpeta, una de las casillas fue modificada.

Anteriormente me dejaba modificar esa casilla, tildándola o destildándola, pero ahora no.

Hola.

Por favor, revisa los dos informes que has puesto de FRST, algo has hecho mal al ponerlos, ninguno de ellos están bien “colocados” NO me sirven para poder analizarlos. :woozy_face:

Mira si puedes poner mejor todo ese informe siguiendo estas indicaciones :arrow_right: Adjuntar archivos en un tema

Saludos.

1 me gusta

FRST

FRST.txt (64,9 KB)

Listo, @JavierHF.

Por cierto, solo era un informe dividido en dos partes, porque era demasiado largo para un solo post.

Bien… y ahora sigue estos pasos, :arrow_forward: MUY Importante :arrow_backward: Realiza una copia de seguridad del registro :

  • Para hacerlo descarga :arrow_forward: DelFix.exe(en tu escritorio).

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).

  • Atención, ahora marca/selecciona únicamente la casilla :white_check_mark: Create registry backup, las demás casillas NO. :face_with_monocle:

  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

:warning: Con los demás programas cerrados ve a :arrow_forward: Inicio :arrow_forward: Ejecutar :arrow_forward: y escribe Notepad.exe.

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) [File not signed]
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1960408961-73586283-1801674531-1007 -> DefaultScope {84EA543E-D14F-4962-9CBC-965C63F8630B} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1960408961-73586283-1801674531-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-20] (Oracle America, Inc. -> Oracle Corporation)
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
OPR Extension: (SafeBrowse) - C:\Documents and Settings\Ana\Datos de programa\Opera Software\Opera Stable\Extensions\klmnkkadejnkpgnibphjeoancnmmjkef [2015-08-07]
S3 nocashio; C:\WINDOWS\System32\drivers\nocashio.sys [4096 2012-02-28] () [File not signed]
S3 Orinoquia; C:\WINDOWS\System32\DRIVERS\orinousbser.sys [106624 2011-11-09] (Microsoft Windows Hardware Compatibility Publisher -> ORINOQUIA Incorporated)
U5 phunter; C:\WINDOWS\system32\unikey.sys [13816 2017-12-04] (UAB Digiteka -> )
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 ATP; no ImagePath
S3 EagleXNt; no ImagePath
S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
S4 IntelIde; no ImagePath
S3 LLRING0; no ImagePath
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 MoboroboAssDriver; system32\drivers\MoboroboAssDriver.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S1 WNMFLT; no ImagePath
S3 XDva407; no ImagePath
S3 XDva409; no ImagePath
2013-07-14 11:30 - 2013-05-15 11:30 - 000000032 ___RC () C:\Documents and Settings\All Users\hash.dat
2018-11-20 20:07 - 2018-11-20 20:07 - 000000257 _____ () C:\Documents and Settings\Ana\mdatac.dat
2012-03-11 05:22 - 2012-03-11 05:22 - 000002528 ____C () C:\Documents and Settings\Ana\Datos de programa\$_hpcst$.hpc
2017-01-07 00:51 - 2017-01-07 02:29 - 000000035 _____ () C:\Documents and Settings\All Users\Datos de programa\droidcam-settings
2016-03-18 12:10 - 2016-03-18 12:11 - 000000376 _____ () C:\Documents and Settings\All Users\Datos de programa\IpodRescue.ini
2015-01-01 14:46 - 2015-01-01 14:46 - 000000016 ____C () C:\Documents and Settings\All Users\Datos de programa\mntemp
2014-09-30 20:34 - 2014-09-30 20:34 - 005392384 ____C (CipSoft GmbH) C:\Documents and Settings\All Users\Datos de programa\Tibia.bak
2014-09-30 20:33 - 2014-09-30 20:33 - 003973756 ____C () C:\Documents and Settings\All Users\Datos de programa\Tibia_pic.bak
2014-09-30 20:32 - 2014-09-30 20:32 - 120118012 ____C () C:\Documents and Settings\All Users\Datos de programa\Tibia_spr.bak
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio :arrow_backward: Esto es muy importante.

:o: Nota :o: Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora inicia tu equipo desde el :arrow_forward: Modo Seguro – con funciones de Red, de Windows

  • Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).

  • Presionar el botón FIX y aguardar a que termine.

  • La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta. :+1:

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.

Bueno, @JavierHF, aquí te dejo el log que se generó.

Fixlog

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-05-2019
Ran by Ana (26-05-2019 18:53:28) Run:1
Running from C:\Documents and Settings\Ana\Escritorio
Loaded Profiles: Ana (Available Profiles: luis alberto combita & Ana & luis combita & Administrador & Invitado)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
START
CREATERESTOREPOINT:
CLOSEPROCESSES:
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) [File not signed]
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] ->
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-1960408961-73586283-1801674531-1007 -> DefaultScope {84EA543E-D14F-4962-9CBC-965C63F8630B} URL =
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1960408961-73586283-1801674531-1007 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-20] (Oracle America, Inc. -> Oracle Corporation)
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
OPR Extension: (SafeBrowse) - C:\Documents and Settings\Ana\Datos de programa\Opera Software\Opera Stable\Extensions\klmnkkadejnkpgnibphjeoancnmmjkef [2015-08-07]
S3 nocashio; C:\WINDOWS\System32\drivers\nocashio.sys [4096 2012-02-28] () [File not signed]
S3 Orinoquia; C:\WINDOWS\System32\DRIVERS\orinousbser.sys [106624 2011-11-09] (Microsoft Windows Hardware Compatibility Publisher -> ORINOQUIA Incorporated)
U5 phunter; C:\WINDOWS\system32\unikey.sys [13816 2017-12-04] (UAB Digiteka -> )
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X]
S3 ATP; no ImagePath
S3 EagleXNt; no ImagePath
S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [X]
S4 IntelIde; no ImagePath
S3 LLRING0; no ImagePath
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S1 MoboroboAssDriver; system32\drivers\MoboroboAssDriver.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S1 WNMFLT; no ImagePath
S3 XDva407; no ImagePath
S3 XDva409; no ImagePath
2013-07-14 11:30 - 2013-05-15 11:30 - 000000032 ___RC () C:\Documents and Settings\All Users\hash.dat
2018-11-20 20:07 - 2018-11-20 20:07 - 000000257 _____ () C:\Documents and Settings\Ana\mdatac.dat
2012-03-11 05:22 - 2012-03-11 05:22 - 000002528 ____C () C:\Documents and Settings\Ana\Datos de programa\$_hpcst$.hpc
2017-01-07 00:51 - 2017-01-07 02:29 - 000000035 _____ () C:\Documents and Settings\All Users\Datos de programa\droidcam-settings
2016-03-18 12:10 - 2016-03-18 12:11 - 000000376 _____ () C:\Documents and Settings\All Users\Datos de programa\IpodRescue.ini
2015-01-01 14:46 - 2015-01-01 14:46 - 000000016 ____C () C:\Documents and Settings\All Users\Datos de programa\mntemp
2014-09-30 20:34 - 2014-09-30 20:34 - 005392384 ____C (CipSoft GmbH) C:\Documents and Settings\All Users\Datos de programa\Tibia.bak
2014-09-30 20:33 - 2014-09-30 20:33 - 003973756 ____C () C:\Documents and Settings\All Users\Datos de programa\Tibia_pic.bak
2014-09-30 20:32 - 2014-09-30 20:32 - 120118012 ____C () C:\Documents and Settings\All Users\Datos de programa\Tibia_spr.bak
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => removed successfully.
HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => removed successfully.
HKU\S-1-5-21-1960408961-73586283-1801674531-1007_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder" => removed successfully.
HKLM\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9} => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray" => removed successfully.
HKLM\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153} => removed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully.
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully.
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
HKLM\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} => removed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} => removed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} => removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully.
"HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-1960408961-73586283-1801674531-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml => removed successfully.
HKLM\Software\Classes\CLSID\{807563E5-5146-11D5-A672-00B0D022E945} => not found
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-20] (Oracle America, Inc." => not found
C:\Archivos de programa\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2 -> C:\Archivos de programa\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-20] (Oracle America, Inc." => not found
C:\Archivos de programa\Java\jre1.8.0_101\bin\plugin2\npjp2.dll => moved successfully
"Chrome DefaultSearchURL" => removed successfully.
"Chrome DefaultSuggestURL" => removed successfully.
C:\Documents and Settings\Ana\Datos de programa\Opera Software\Opera Stable\Extensions\klmnkkadejnkpgnibphjeoancnmmjkef => moved successfully
HKLM\System\CurrentControlSet\Services\nocashio => removed successfully.
nocashio => service removed successfully.
HKLM\System\CurrentControlSet\Services\Orinoquia => removed successfully.
Orinoquia => service removed successfully.
HKLM\System\CurrentControlSet\Services\phunter => removed successfully.
phunter => service removed successfully.
HKLM\System\CurrentControlSet\Services\AndNetDiag => removed successfully.
AndNetDiag => service removed successfully.
HKLM\System\CurrentControlSet\Services\ANDNetModem => removed successfully.
ANDNetModem => service removed successfully.
HKLM\System\CurrentControlSet\Services\ATP => removed successfully.
ATP => service removed successfully.
HKLM\System\CurrentControlSet\Services\EagleXNt => removed successfully.
EagleXNt => service removed successfully.
HKLM\System\CurrentControlSet\Services\Generalusbserialser20675 => removed successfully.
Generalusbserialser20675 => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\LLRING0 => removed successfully.
LLRING0 => service removed successfully.
HKLM\System\CurrentControlSet\Services\massfilter_hs => removed successfully.
massfilter_hs => service removed successfully.
HKLM\System\CurrentControlSet\Services\MoboroboAssDriver => removed successfully.
MoboroboAssDriver => service removed successfully.
HKLM\System\CurrentControlSet\Services\RimUsb => removed successfully.
RimUsb => service removed successfully.
HKLM\System\CurrentControlSet\Services\USBAAPL => removed successfully.
USBAAPL => service removed successfully.
HKLM\System\CurrentControlSet\Services\WNMFLT => removed successfully.
WNMFLT => service removed successfully.
HKLM\System\CurrentControlSet\Services\XDva407 => removed successfully.
XDva407 => service removed successfully.
HKLM\System\CurrentControlSet\Services\XDva409 => removed successfully.
XDva409 => service removed successfully.
C:\Documents and Settings\All Users\hash.dat => moved successfully
C:\Documents and Settings\Ana\mdatac.dat => moved successfully
C:\Documents and Settings\Ana\Datos de programa\$_hpcst$.hpc => moved successfully
C:\Documents and Settings\All Users\Datos de programa\droidcam-settings => moved successfully
C:\Documents and Settings\All Users\Datos de programa\IpodRescue.ini => moved successfully
C:\Documents and Settings\All Users\Datos de programa\mntemp => moved successfully
C:\Documents and Settings\All Users\Datos de programa\Tibia.bak => moved successfully
C:\Documents and Settings\All Users\Datos de programa\Tibia_pic.bak => moved successfully
C:\Documents and Settings\All Users\Datos de programa\Tibia_spr.bak => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1960408961-73586283-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========


========= netsh winsock reset =========


Restablecer satisfactoriamente el cat logo Winsock.
Debe reiniciar el equipo para finalizar el restablecimiento.


========= End of CMD: =========


========= ipconfig /renew =========



Configuración IP de Windows





Adaptador Ethernet Conexión de área local          :



        Sufijo de conexión específica DNS : 

        Dirección IP. . . . . . . . . . . : 192.168.1.10

        Máscara de subred . . . . . . . . : 255.255.224.0

        Dirección IP. . . . . . . . . . . : fe80::221:97ff:fe30:f9ac%4

        Puerta de enlace predeterminada   : 192.168.1.1



Adaptador de túnel Teredo Tunneling Pseudo-Interface          :



        Sufijo de conexión específica DNS : 

        Dirección IP. . . . . . . . . . . : fe80::ffff:ffff:fffd%5

        Puerta de enlace predeterminada   : 


========= End of CMD: =========


========= ipconfig /flushdns =========



Configuración IP de Windows



Se vació con éxito la caché de resolución de DNS.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

"bitsadmin" no se reconoce como un comando interno o externo,
programa o archivo por lotes ejecutable.

========= End of CMD: =========


========= netsh advfirewall reset =========

No se encuentra el comando: advfirewall reset

========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

No se encuentra el comando: advfirewall set allprofiles state ON

========= End of CMD: =========


========= netsh int ipv4 reset =========

No se encuentra el comando: int ipv4 reset

========= End of CMD: =========


========= netsh int ipv6 reset =========

Aceptar


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 102356 B
Java, Flash, Steam htmlcache => 1699 B
Windows/system/dllcache/drivers => 149456 B
Edge => 0 B
Chrome => 750367716 B
Firefox => 23512323 B
Opera => 176695589 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 16674 B
All Users => 0 B
systemprofile => 147880 B
LocalService.NT AUTHORITY.000 => 33326 B
NetworkService => 16674 B
luis alberto combita => 0 B
Ana => 137377874 B
luis combita => 4015772 B
Administrador => 98744 B
Invitado => 246050 B

RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:56:20 ====

Faltaría hacer algo, @JavierHF?
Aún tenemos pendiente el problema que te comenté con las Opciones de Carpeta. De resto vamos a darle un día de prueba al sistema a ver cómo funciona. Estoy agradecido con tu atención.

Entendido :+1: y ahora ejecuta un análisis con :arrow_forward: ESET Online y cuando te salga esta pantalla :


Debes seguir estos pasos :

  • 1.- Marcas :ballot_box_with_check: todas esas opciones.
  • 2.- Pulsar sobre " Cambiar……" y seleccionas todas las unidades de disco y/o usb que tengas.
  • 3.- Pulsar en “Iniciar” y comenzara el análisis.

Con esto realizaras un análisis completo de todo el equipo, cuando termines todo el proceso, guardas el informe, que veras la opción para exportar/guardar en TXT y lo dejas guardado en tu escritorio para ponerlo en tu próxima respuesta.

Finalizas el proceso desinfectando los elementos encontrados y Reinicia tu PC, y nos pones el informe en tu próxima respuesta.

Y coméntanos como funciona tu equipo.

Saludos.