Problemas no m deja instalar ningún antivirus no es una aplicacion de win32 valida

Tengo una pc la cual necesito salvar una informacion importante pero estaba full virus no poseia ningun antivirus no me dejo instalar ningun antivirus ni tampoco el malwarebytes solo pude escanear con DR web encontro virus y trojanos los neutralizo desactive restauracion del sistema le pase ccleaner reinicie pero aun sigue con el virus de acceso directo new photo day lo elimine manualmente del registro y reiicie no se esta ejecutando pero no deja instalat en avast tampoco el bit defender malwarebytes …es window xp …tengo un log de hijackthis lo dejo para que los vean y cualquier ayuda se lo agradezco

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time:      06.09.2019 - 21:08 (UTC-04:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0xC0A)
Ran by:    Usuario	(group: Administrator) on USUARIO-A9169BD, FirstRun: yes

Chrome:  49.0.2623.112
Firefox: 52.9.0.6746
Internet Explorer: 6.0.2900.5512 SP3
Default: "C:\Archivos de programa\Internet Explorer\iexplore.exe" %1 (Internet Explorer)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Archivos de programa\TeamViewer\TeamViewer_Service.exe
   1  C:\Documents and Settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe
   1  C:\WINDOWS\Explorer.EXE
   1  C:\WINDOWS\System32\smss.exe
   7  C:\WINDOWS\System32\svchost.exe
   1  C:\WINDOWS\system32\HPSIsvc.exe
   1  C:\WINDOWS\system32\HPZipm12.exe
   1  C:\WINDOWS\system32\csrss.exe
   1  C:\WINDOWS\system32\ctfmon.exe
   1  C:\WINDOWS\system32\lsass.exe
   1  C:\WINDOWS\system32\services.exe
   1  C:\WINDOWS\system32\spoolsv.exe
   1  C:\WINDOWS\system32\winlogon.exe
   1  C:\WINDOWS\system32\wscntfy.exe
   1  E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Connection Wizard: [ShellNext] = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.co.ve/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Vínculos
O2 - HKLM\..\BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre1.8.0_65\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.8.0_65\bin\ssv.dll
O3 - HKLM\..\Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [new photo today] = C:\WINDOWS\system32\wscript.exe //B "C:\Documents and Settings\Usuario\new photo today.wsf"
O4 - MSConfig\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk [backup] => C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe (2015/10/29)
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2015/10/29)
O4 - MSConfig\startupreg: GrooveMonitor [command] = C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (HKLM) (2011/10/19)
O4 - MSConfig\startupreg: HP Software Update [command] = C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe (HKLM) (2015/10/29)
O4 - MSConfig\startupreg: new photo today [command] = C:\WINDOWS\system32\wscript.exe //B "C:\Documents and Settings\Usuario\new photo today.wsf" (HKLM) (2019/09/06)
O4 - User Startup: C:\Documents and Settings\Usuario\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk    ->    C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE /tsr
O4 - User Startup: C:\Documents and Settings\Usuario\Menú Inicio\Programas\Inicio\new photo today.wsf
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 	
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			   	var monthnormal=month+1;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			   	var monthnormal=month+1;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			   	var monthnormal=month+1;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			   	var monthnormal=month+1;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    //Llenando los anos en l     case 12: return "Diciembre";
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    //Llenando los anos en l     case 12: return "Diciembre";
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    //Llenando los anos en l     case 12: return "Diciembre";
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    datestart.setMonth(datestart.getMonth()-6);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    datestart.setMonth(datestart.getMonth()-6);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    datestart.setMonth(datestart.getMonth()-6);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    t2 = 3;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    t2 = 3;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    t2 = 3;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var datestart = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var datestart = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var datestart = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var datestart = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var day = today.getDate();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var day = today.getDate();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var day = today.getDate();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var day = today.getDate();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var month = today.getMonth();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var month = today.getMonth();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var month = today.getMonth();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var month = today.getMonth();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var temp = 0;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var temp = 0;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var temp = 0;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var temp = 0;
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var today = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var today = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var today = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var today = new Date(ano, mes, dia);
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var year = today.getFullYear();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var year = today.getFullYear();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var year = today.getFullYear();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    var year = today.getFullYear();
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    }
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    }
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    }
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			    }
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			function populate(inForm, diad, mesd, anod, diah, mesh, anoh, dia, mes, ano){
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			function populate(inForm, diad, mesd, anod, diah, mesh, anoh, dia, mes, ano){
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			function populate(inForm, diad, mesd, anod, diah, mesh, anoh, dia, mes, ano){
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			function populate(inForm, diad, mesd, anod, diah, mesh, anoh, dia, mes, ano){
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			}
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			}
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			}
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt => 			}
O4 - WinNT BAT: C:\WINDOWS\System32\AutoExec.nt =>      case 12: return "Diciembre";
O4 - WinNT BAT: C:\WINDOWS\System32\Config.nt => REAM        al l¡mite de 16 KB. El valor predeterminado es 0x4000.
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - DHCP DNS 3: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Handler\ipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL
O21 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - ScheduledTask: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - ScheduledTask: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - Task (.job): (Ready) Adobe Flash Player NPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe -check plugin
O22 - Task (.job): (Ready) Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineCore.job - C:\Archivos de programa\Google\Update\GoogleUpdate.exe /c
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineUA.job - C:\Archivos de programa\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O23 - Service R2: HP SI Service - (HPSIService) - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service R2: HWDeviceService.exe - C:\Documents and Settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe -/service
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service R2: TeamViewer 10 - (TeamViewer) - C:\Archivos de programa\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: Servicio de Google Update (gupdate) - (gupdate) - C:\Archivos de programa\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Office Source Engine - (ose) - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servicio de Google Update (gupdatem) - (gupdatem) - C:\Archivos de programa\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 12.9 sec. - 24530 bytes, CRC32: FFFFFFFF. Sign: 換

Hola @Carlos_A_Aguilera_F

Hijackthis ya ha quedado un poco obsoleto para el Malware actual.

El problemas que tienes es que los programas ya casi no se ejecutan para versiones de XP.

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga UsbFix a tu escritorio :

• Conecte todos sus dispositivos extraibles, USB/Pendrive\Micro SD, etc.
• Ejecute USBFix.exe

• Una vez conectados todos sus dispositivos presione en “Ejecutar análisis.”
• Posteriormente seleccione “Full Análisis” y espere a que termine.
• En caso de detectar amenazas, seleccione todo los elementos detectados y presione “Limpiar todo”
• Si le pidiera reiniciar el sistema, Acepte .
• Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado.
• Copie y pegue entero dicho reporte en su próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio)

Una vez terminado el análisis, con todas las unidades conectadas, vuelva a ejecutar USBFix como Administrador, y vacune los mismos, siguiendo los pasos del Manual.

Luego de reiniciar:

3.- Desactiva temporalmente tu antivirus nuevamente y cualquier programa de seguridad.

4.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

• Ejecuta FRST.exe.
• En el mensaje de la ventana del Disclaimer, pulsamos Yes
• En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
• Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

5.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

# ----------------------------------------------------
# UsbFix Antivirus Free
# ----------------------------------------------------
# Versión : 11.016
# Base de datos :  
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Usuario (Administrador)
# Dispositivo : USUARIO-A9169BD
# Comenzó : 07/09/2019 06:43:04
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(57GB/77GB)	[Fixed] 
E:\	FAT32	(13GB/14GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

~ Ningún elemento detectado ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1390067357-602609370-1177238915-1003\..\Run : [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04GS - Recorte de pantalla e Inicio rápido de OneNote 2007.lnk : C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE

------------ | Tasks |


------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[01/08/2017 - 13:41:25 | A | 0 Ko] - Dir_Impresora.TXT
[30/11/2017 - 12:50:36 | A | 0 Ko] - CMRGUO3011.txt
[30/11/2017 - 12:54:02 | A | 0 Ko] - CMRGUF1512.txt
[30/11/2017 - 12:54:29 | A | 0 Ko] - CMRGUA1512.txt
[30/11/2017 - 12:54:37 | A | 0 Ko] - CMRGUC1512.txt
[30/11/2017 - 13:10:27 | A | 1 Ko] - CMRGUE1512.txt
[21/12/2017 - 13:22:38 | A | 0 Ko] - CMRGUO3112.txt
[21/12/2017 - 14:45:10 | A | 1 Ko] - CMRGUE3112.txt
[28/12/2017 - 15:49:02 | A | 0 Ko] - CMRGUA3112.txt
[29/12/2017 - 11:36:03 | A | 1 Ko] - O3112171.TXT
[05/02/2019 - 14:29:05 | A | 4 Ko] - debug1214.txt
[09/08/2019 - 09:20:22 | A | 0 Ko] - Satar.TXT
[29/08/2019 - 13:31:20 | A | 0 Ko] - AnoProceso.TXT
[06/09/2019 - 10:12:45 | A | 18 Ko] - ComboFix.txt
[16/02/2011 - 07:00:15 | RASH | 0 Ko] - IO.SYS
[16/02/2011 - 07:00:15 | A | 0 Ko] - CONFIG.SYS
[16/02/2011 - 07:00:15 | RASH | 0 Ko] - MSDOS.SYS
[07/09/2019 - 06:39:48 | ASH | 688128 Ko] - pagefile.sys
[06/09/2019 - 23:29:10 | D] - Config.Msi
[05/09/2019 - 21:05:12 | N | 4 Ko] - bootex.log
[16/02/2011 - 06:53:56 | SH | 0 Ko] - boot.ini
[13/04/2008 - 19:13:04 | RASH | 46 Ko] - NTDETECT.COM
[24/08/2001 - 09:00:00 | RASH | 5 Ko] - Bootfont.bin
[16/02/2011 - 07:00:15 | A | 0 Ko] - AUTOEXEC.BAT
[01/01/2005 - 17:20:09 | D] - found.000
[13/04/2008 - 21:01:52 | RASH | 245 Ko] - ntldr
[16/02/2011 - 07:07:46 | RD] - MSOCache
[08/07/2011 - 10:09:59 | D] - $AVG
[13/10/2014 - 12:33:03 | D] - Temp
[07/05/2015 - 08:57:07 | D] - InstallC112
[19/05/2015 - 08:55:22 | D] - Program Files
[13/08/2015 - 09:45:50 | D] - Adjustment Program
[29/10/2015 - 16:53:56 | D] - update
[30/10/2015 - 04:07:46 | D] - BBS
[30/12/2015 - 10:55:28 | D] - IVA 2015
[26/04/2016 - 09:41:56 | D] - SATAR 2015
[14/12/2016 - 13:25:23 | D] - FJP
[30/01/2017 - 10:51:35 | D] - IVA 2016
[30/01/2017 - 10:51:49 | D] - SATAR 2016
[01/02/2018 - 11:33:54 | D] - SETA 2017
[01/02/2018 - 12:38:36 | D] - SETA 2018
[14/03/2018 - 11:59:06 | D] - IVA 2017
[30/08/2019 - 08:45:03 | D] - rnom
[06/09/2019 - 10:12:47 | D] - Qoobox
[06/09/2019 - 18:36:08 | SHD] - RECYCLER
[06/09/2019 - 21:03:31 | D] - USB File Resc
[07/09/2019 - 00:06:34 | D] - WINDOWS
[07/09/2019 - 00:24:21 | D] - Documents and Settings
[07/09/2019 - 06:41:20 | D] - Archivos de programa

------------ | E:\ - Disco extraíble (FAT32) |

[06/09/2019 - 22:01:48 | A | 0 Ko] - Nuevo documento de texto.txt
[06/09/2019 - 22:03:06 | R | 0 Ko] - autoexec.nt
[07/09/2019 - 00:05:24 | A | 13 Ko] - HiJackThis.log
[07/09/2019 - 00:05:50 | A | 13 Ko] - HiJackThisa`rrrr.log
[15/09/2017 - 22:21:14 | A | 237054 Ko] - dotnetfx35.exe
[12/07/2019 - 09:05:10 | A | 6861 Ko] - adwcleaner_7.3.exe
[06/09/2019 - 18:25:06 | N | 347136 Ko] - avast_free_antivirus_setup_offline.exe
[06/09/2019 - 19:00:18 | A | 7072 Ko] - HiJackThis.exe
[06/09/2019 - 20:31:02 | A | 414 Ko] - usb-file-resc_17.2.0.0.exe
[06/09/2019 - 23:06:38 | A | 440 Ko] - FixitCenter_Run.exe
[06/09/2019 - 23:08:38 | A | 181961 Ko] - avira_antivirus_es-es.exe
[06/09/2019 - 23:23:48 | A | 24416 Ko] - NetFx20SP2_x86.exe
[07/09/2019 - 00:32:04 | A | 1417 Ko] - FRST.exe
[07/09/2019 - 00:34:12 | A | 4652 Ko] - UsbFix_2019_11.016.exe
[13/05/2018 - 04:53:16 | D] - RegSeeker
[06/09/2019 - 12:18:46 | D] - Recuperado_22282
[07/09/2019 - 00:06:54 | D] - Backups

Elemento(s) infectado(s) : 0
Elementos analizados : 51925 en 00h 00m 13s

# UsbFix-Report-01.txt [4668B]

------------ | E.O.F

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-09-2019
Ran by Usuario (administrator) on USUARIO-A9169BD (P4M80P AWRDACPI) (07-09-2019 07:05:26)
Running from C:\Documents and Settings\Usuario\Escritorio
Loaded Profiles: Usuario (Available Profiles: Usuario & Administrador)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: Español (alfabetización internacional)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company -> HP) C:\WINDOWS\system32\HPSIsvc.exe
(HUAWEI Technologies Co., Ltd. -> ) C:\Documents and Settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe
(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Windows Hardware Compatibility Publisher -> HP) C:\WINDOWS\system32\HPZipm12.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1390067357-602609370-1177238915-1003\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [1457664 2019-03-19] (Adobe Systems Incorporated) [File not signed]
HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2001-08-24] () [File not signed]
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-24] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-24] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv41] => C:\WINDOWS\system32\ir41_32.ax [848384 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2001-08-24] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [msacm.iac2] => C:\WINDOWS\system32\iac25_32.ax [199680 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv50] => C:\WINDOWS\system32\ir50_32.dll [755200 2008-04-14] (Microsoft Windows Component Publisher -> Intel Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2008-04-14] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Archivos de programa\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Archivos de programa\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Archivos de programa\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe [2016-04-12] (Google Inc -> Google Inc.)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
Startup: C:\Documents and Settings\Usuario\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk [2019-03-22]
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Archivos de programa\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{829F0B59-87B0-4DC1-8A0E-C43320E45052}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{A554CC91-8446-4862-87F3-7A0379CE438E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390067357-602609370-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.ve/
HKU\S-1-5-21-1390067357-602609370-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1390067357-602609370-1177238915-1003 - Hook de búsqueda de direcciones URL de Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Archivos de programa\Java\jre1.8.0_65\bin\ssv.dll [2015-10-29] (Oracle America, Inc. -> Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Archivos de programa\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-29] (Oracle America, Inc. -> Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Help\hxds.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Archivos comunes\System\Ole DB\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation -> Microsoft Corporation) [File not signed]

FireFox:
========
FF DefaultProfile: ciuxqc4a.default-1392828428859
FF ProfilePath: C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859 [2019-09-06]
FF user.js: detected! => C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859\user.js [2019-09-06]
FF Extension: (Application Update Service Helper) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2018-06-28] [Legacy] [not signed]
FF Extension: (Multi-process staged rollout) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2018-06-28] [Legacy] [not signed]
FF Extension: (Pocket) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2018-06-28] [Legacy] [not signed]
FF Extension: (Web Compat) - C:\Archivos de programa\Mozilla Firefox\browser\features\[email protected] [2018-06-28] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-19] () [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Archivos de programa\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Archivos de programa\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Archivos de programa\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-23] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Archivos de programa\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-23] (Google Inc -> Google LLC)
FF Plugin: Adobe Reader -> C:\Archivos de programa\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Archivos de programa\Archivos comunes\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-10-05] (Adobe Systems Incorporated -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88
CHR StartupUrls: Default -> "hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88"
CHR Profile: C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default [2019-09-06]
CHR Extension: (Documentos) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Búsqueda de Google) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Documentos de Google sin conexión) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-19] (Adobe Systems Incorporated) [File not signed]
S2 gupdate; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Archivos de programa\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc -> Google Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [99896 2010-04-07] (Hewlett-Packard Company -> HP)
R2 HWDeviceService.exe; C:\Documents and Settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe [271712 2011-03-14] (HUAWEI Technologies Co., Ltd. -> )
S3 ose; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2005-03-14] (Microsoft Windows Hardware Compatibility Publisher -> HP)
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{DCECE6DB-6966-4196-B930-1EC0E7FD3673} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [12032 2001-08-24] () [File not signed]
S3 ewusbnet; C:\WINDOWS\System32\DRIVERS\ewusbnet.sys [100992 2008-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\WINDOWS\System32\DRIVERS\ew_hwusbdev.sys [102784 2010-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\WINDOWS\System32\DRIVERS\ew_usbenumfilter.sys [11136 2010-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (Microsoft Windows Component Publisher -> VIA Technologies, Inc. )
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (Microsoft Windows Hardware Compatibility Publisher -> HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (Microsoft Windows Hardware Compatibility Publisher -> HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (Microsoft Windows Hardware Compatibility Publisher -> HP)
S3 Huawei; C:\WINDOWS\System32\DRIVERS\ewdcsc.sys [24448 2007-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Tech. Co., Ltd.)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [66688 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\System32\DRIVERS\ew_jubusenum.sys [73984 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [101376 2008-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2001-08-24] () [File not signed]
S3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
S3 massfilter; C:\WINDOWS\System32\DRIVERS\massfilter.sys [9728 2008-11-28] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [17408 2010-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-24] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [1174976 2011-04-25] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
U5 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Windows Component Publisher -> Microsoft Corporation)
R1 tidnet; C:\WINDOWS\System32\DRIVERS\tidnet.sys [19200 2008-06-12] (Telefónica I+D) [File not signed]
S3 ZTEusbMB; C:\WINDOWS\System32\DRIVERS\ZTEusbnmeaext2.sys [107776 2010-10-15] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbmdm6k; C:\WINDOWS\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbnet; C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys [114688 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Corporation)
S3 ZTEusbnmea; C:\WINDOWS\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbser6k; C:\WINDOWS\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-02-01] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 zte_massejct; C:\WINDOWS\System32\Drivers\zte_massejct.sys [15872 2010-11-19] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Corporation)
S3 46e6371d9b296008; \??\C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: ?????????????????????????????????????????????????????T??????????????????????????????????????????????????????????????E???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????!?????????????????????????????????????????????????????????????????????????????????????????????O????q????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????7aºH??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? -> no filepath.
NETSVC: ??D -> no filepath.
NETSVC: ?? -> no filepath.
NETSVC: ?????????? -> no filepath.
NETSVC: ??D -> no filepath.
NETSVC: ?? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??N??????  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ???????¶???????¶????O????????????????0?????? -> no filepath.
NETSVC: ?? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??uN?????R -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ) -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: - -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: M -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: I -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: I -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: 1 -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ?L? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ; -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: > -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: > -> no filepath.
NETSVC: ??a? -> no filepath.
NETSVC: `u??Å -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: qamzfxzh -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: e -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ???A???? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC:  -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ??? -> no filepath.
NETSVC: ip6fwhlp -> no filepath.
NETSVC: mhn -> no filepath.
NETSVC: sacsvr -> no filepath.
NETSVC: trksvr -> no filepath.

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-07 07:05 - 2019-09-07 07:06 - 000025452 _____ C:\Documents and Settings\Usuario\Escritorio\FRST.txt
2019-09-07 07:04 - 2019-09-07 07:05 - 000000000 ____D C:\FRST
2019-09-07 07:04 - 2019-09-07 00:32 - 001451008 _____ (Farbar) C:\Documents and Settings\Usuario\Escritorio\FRST.exe
2019-09-07 06:41 - 2019-09-07 07:03 - 000001613 _____ C:\Documents and Settings\Usuario\Escritorio\UsbFix Anti-Malware.lnk
2019-09-07 06:41 - 2019-09-07 06:41 - 000000000 ____D C:\Archivos de programa\UsbFix
2019-09-07 06:41 - 2019-09-07 00:34 - 004763232 _____ (SOSVirus) C:\Documents and Settings\Usuario\Escritorio\UsbFix_2019_11.016.exe
2019-09-07 00:24 - 2019-09-07 00:29 - 000000192 ___SH C:\Documents and Settings\Administrador.USUARIO-A9169BD\ntuser.ini
2019-09-07 00:24 - 2019-09-07 00:24 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Configuración local
2019-09-07 00:24 - 2019-09-07 00:24 - 000000000 ____D C:\Documents and Settings\Administrador.USUARIO-A9169BD\Escritorio
2019-09-07 00:24 - 2019-09-07 00:24 - 000000000 ____D C:\Documents and Settings\Administrador.USUARIO-A9169BD\Configuración local\Temp
2019-09-07 00:24 - 2019-09-07 00:24 - 000000000 ____D C:\Documents and Settings\Administrador.USUARIO-A9169BD
2019-09-07 00:24 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Administrador.USUARIO-A9169BD\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-07 00:24 - 2011-02-16 07:00 - 000001599 _____ C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio\Programas\Asistencia remota.lnk
2019-09-07 00:24 - 2011-02-16 07:00 - 000000827 _____ C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio\Programas\Reproductor de Windows Media.lnk
2019-09-07 00:24 - 2011-02-16 07:00 - 000000000 ___RD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio\Programas\Accesorios
2019-09-07 00:24 - 2011-02-16 07:00 - 000000000 ___RD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio\Programas
2019-09-07 00:24 - 2011-02-16 07:00 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Configuración local\Datos de programa
2019-09-07 00:24 - 2011-02-16 06:56 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Plantillas
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 __RHD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Datos de programa
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___SD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Configuración local\Historial
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___SD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Configuración local\Archivos temporales de Internet
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio\Programas\Inicio
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Menú Inicio
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Reciente
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Impresoras
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador.USUARIO-A9169BD\Entorno de red
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ____D C:\Documents and Settings\Administrador.USUARIO-A9169BD\Mis documentos
2019-09-07 00:24 - 2011-02-16 06:47 - 000000000 ____D C:\Documents and Settings\Administrador.USUARIO-A9169BD\Favoritos
2019-09-07 00:06 - 2019-09-07 00:06 - 000000000 ____D C:\WINDOWS\ABR
2019-09-07 00:03 - 2019-09-07 00:08 - 000136850 _____ C:\WINDOWS\ntbtlog.txt
2019-09-06 23:34 - 2019-09-06 23:08 - 186328088 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Usuario\Escritorio\avira_antivirus_es-es.exe
2019-09-06 23:30 - 2019-09-06 23:06 - 000450352 _____ (Microsoft Corporation) C:\Documents and Settings\Usuario\Escritorio\FixitCenter_Run.exe
2019-09-06 23:26 - 2019-09-06 23:23 - 025001480 _____ (Microsoft Corporation) C:\Documents and Settings\Usuario\Escritorio\NetFx20SP2_x86.exe
2019-09-06 22:55 - 2019-09-06 23:33 - 000000663 _____ C:\Documents and Settings\Usuario\Escritorio\ESET Online Scanner.lnk
2019-09-06 21:01 - 2019-09-06 21:03 - 000000000 ____D C:\USB File Resc
2019-09-06 20:49 - 2019-09-06 20:49 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\Nueva carpeta
2019-09-06 18:30 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Usuario\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-06 15:29 - 2019-09-06 15:29 - 000000000 ____D C:\WINDOWS\CSC
2019-09-06 10:24 - 2019-09-06 10:22 - 010490928 ___SH C:\Documents and Settings\Usuario\Escritorio\bitdefender_online.exe
2019-09-06 10:12 - 2019-09-07 07:06 - 000000000 ____D C:\Documents and Settings\Usuario\Configuración local\temp
2019-09-06 10:12 - 2019-09-06 10:12 - 000018619 _____ C:\ComboFix.txt
2019-09-06 10:12 - 2019-09-06 10:12 - 000000000 ____D C:\Documents and Settings\NetworkService\Configuración local\temp
2019-09-06 10:12 - 2019-09-06 10:12 - 000000000 ____D C:\Documents and Settings\LocalService\Configuración local\temp
2019-09-06 10:12 - 2019-09-06 10:12 - 000000000 ____D C:\Documents and Settings\Administrador\Configuración local\temp
2019-09-06 09:34 - 2011-06-26 02:45 - 000256000 _____ C:\WINDOWS\PEV.exe
2019-09-06 09:34 - 2010-11-07 13:20 - 000208896 _____ C:\WINDOWS\MBR.exe
2019-09-06 09:34 - 2009-04-20 00:56 - 000060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000098816 _____ C:\WINDOWS\sed.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000080412 _____ C:\WINDOWS\grep.exe
2019-09-06 09:34 - 2000-08-30 20:00 - 000068096 _____ C:\WINDOWS\zip.exe
2019-09-06 09:33 - 2019-09-06 10:12 - 000000000 ____D C:\Qoobox
2019-09-06 09:33 - 2019-09-06 10:11 - 000000000 ____D C:\WINDOWS\erdnt
2019-09-06 09:33 - 2019-09-06 09:33 - 000000000 ___RD C:\Documents and Settings\Usuario\Mis documentos\Mis vídeos
2019-09-06 09:18 - 2019-09-06 09:20 - 021073448 _____ C:\Documents and Settings\Usuario\Escritorio\DRIVER_DWA-125_AX_S0039.rar
2019-09-06 09:17 - 2011-04-25 11:01 - 001174976 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\Drt2870.sys
2019-09-06 09:17 - 2011-04-25 10:45 - 000238944 _____ (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll
2019-09-06 09:17 - 2011-04-25 10:45 - 000014119 _____ C:\WINDOWS\system32\RaCoInst.dat
2019-09-06 09:16 - 2019-09-06 09:16 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\DRIVER_DWA-125_AX_S0039
2019-09-06 09:09 - 2019-09-06 08:55 - 064660208 _____ (Malwarebytes ) C:\Documents and Settings\Usuario\Escritorio\mb3-setup-009996.009996-3.8.3.2965-1.0.613-1.0.11804.exe
2019-09-06 07:07 - 2019-09-06 07:07 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2019-09-05 22:09 - 2019-09-05 22:09 - 000000000 ____D C:\Documents and Settings\Usuario\Doctor Web
2019-09-05 22:09 - 2019-09-05 22:09 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\Doctor Web
2019-09-05 22:08 - 2019-09-05 22:08 - 000065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2019-09-05 22:01 - 2019-09-05 21:44 - 198856576 _____ C:\Documents and Settings\Usuario\Escritorio\ejevf5il.exe
2019-09-05 21:58 - 2019-09-06 10:12 - 000000000 ___HD C:\Documents and Settings\Administrador\Configuración local
2019-09-05 21:58 - 2019-09-06 09:49 - 000000000 ___SD C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet
2019-09-05 21:58 - 2019-09-05 21:59 - 000000192 ___SH C:\Documents and Settings\Administrador\ntuser.ini
2019-09-05 21:58 - 2019-09-05 21:59 - 000000000 ___HD C:\Documents and Settings\Administrador\Configuración local\Datos de programa
2019-09-05 21:58 - 2019-09-05 21:58 - 000000000 ____D C:\Documents and Settings\Administrador
2019-09-05 21:58 - 2011-02-16 07:00 - 000001599 _____ C:\Documents and Settings\Administrador\Menú Inicio\Programas\Asistencia remota.lnk
2019-09-05 21:58 - 2011-02-16 07:00 - 000000827 _____ C:\Documents and Settings\Administrador\Menú Inicio\Programas\Reproductor de Windows Media.lnk
2019-09-05 21:58 - 2011-02-16 07:00 - 000000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Accesorios
2019-09-05 21:58 - 2011-02-16 07:00 - 000000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas
2019-09-05 21:58 - 2011-02-16 06:56 - 000000000 ___HD C:\Documents and Settings\Administrador\Plantillas
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 __RHD C:\Documents and Settings\Administrador\Datos de programa
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___SD C:\Documents and Settings\Administrador\Configuración local\Historial
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\Administrador\Menú Inicio
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador\Reciente
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador\Impresoras
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\Administrador\Entorno de red
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ____D C:\Documents and Settings\Administrador\Mis documentos
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ____D C:\Documents and Settings\Administrador\Favoritos
2019-09-05 21:58 - 2011-02-16 06:47 - 000000000 ____D C:\Documents and Settings\Administrador\Escritorio
2019-09-05 10:32 - 2019-09-05 10:33 - 005828782 _____ C:\Documents and Settings\Usuario\Escritorio\Maqueta AGOSTO- CONCEJO.xlsx
2019-09-05 10:31 - 2019-09-05 10:31 - 000057669 _____ C:\Documents and Settings\Usuario\Escritorio\Maqueta Concejo Septiemb.xlsx
2019-09-05 09:46 - 2019-09-05 09:56 - 000038912 _____ C:\Documents and Settings\Usuario\Escritorio\lejecucioncod.xls
2019-09-05 08:10 - 2019-09-05 08:10 - 000031744 _____ C:\Documents and Settings\Usuario\Mis documentos\Rescue.asd
2019-09-04 11:42 - 2019-09-05 09:56 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\LUIS CONCEJO
2019-08-30 08:45 - 2019-08-30 08:45 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\2da Qna de Agosto
2019-08-29 13:13 - 2019-08-29 13:13 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\administracion septiembre
2019-08-14 11:48 - 2019-08-14 11:52 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\contraloria
2019-08-13 09:06 - 2019-08-13 09:06 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\vacaci y pres
2019-08-13 09:06 - 2019-08-13 09:06 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\terceros
2019-08-13 09:06 - 2019-08-13 09:06 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\nomina
2019-08-13 09:06 - 2019-08-13 09:06 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\funcionamiento
2019-08-13 09:05 - 2019-08-13 09:05 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\matriz
2019-08-13 09:00 - 2019-08-13 09:00 - 000000000 __SHD C:\Documents and Settings\Usuario\Escritorio\estados de cuenta de 2019
2019-08-09 10:22 - 2019-08-14 10:10 - 000798182 _____ C:\Documents and Settings\Usuario\Escritorio\img134.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-07 07:05 - 2011-02-16 07:05 - 000000000 __SHD C:\Documents and Settings\Usuario\Escritorio
2019-09-07 06:58 - 2018-04-26 11:55 - 000000910 _____ C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job
2019-09-07 06:58 - 2011-02-16 06:58 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-09-07 06:46 - 2012-11-22 18:43 - 000001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2019-09-07 06:46 - 2011-02-16 07:41 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2019-09-07 06:46 - 2011-02-16 07:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-09-07 06:45 - 2011-02-16 07:05 - 000000192 ___SH C:\Documents and Settings\Usuario\ntuser.ini
2019-09-07 06:45 - 2011-02-16 07:04 - 000032508 _____ C:\WINDOWS\SchedLgU.Txt
2019-09-07 06:43 - 2011-02-16 07:05 - 000000000 ___HD C:\Documents and Settings\Usuario\Configuración local
2019-09-07 06:41 - 2011-02-16 06:47 - 000000000 ____D C:\Archivos de programa
2019-09-07 00:24 - 2011-02-16 06:46 - 000000000 ____D C:\Documents and Settings
2019-09-07 00:06 - 2011-02-16 07:05 - 000000000 ___RD C:\Documents and Settings\Usuario\Menú Inicio\Programas\Inicio
2019-09-06 23:33 - 2011-02-16 07:05 - 000000000 ___HD C:\Documents and Settings\Usuario\Configuración local\Datos de programa
2019-09-06 23:29 - 2011-02-16 06:47 - 001194640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-09-06 23:29 - 2001-08-24 09:00 - 000539056 _____ C:\WINDOWS\system32\perfh00A.dat
2019-09-06 23:29 - 2001-08-24 09:00 - 000096730 _____ C:\WINDOWS\system32\perfc00A.dat
2019-09-06 23:28 - 2011-02-16 07:41 - 000000000 ___HD C:\WINDOWS\inf
2019-09-06 23:22 - 2012-11-22 18:43 - 000001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2019-09-06 23:16 - 2013-02-28 10:44 - 000000838 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2019-09-06 22:55 - 2011-10-19 17:33 - 000000000 ____D C:\Documents and Settings\Usuario\Mis documentos\Descargas
2019-09-06 22:55 - 2011-02-25 05:58 - 000000000 ____D C:\Documents and Settings\Usuario\Configuración local\Datos de programa\ESET
2019-09-06 20:49 - 2011-02-16 07:05 - 000000000 __SHD C:\Documents and Settings\Usuario
2019-09-06 18:36 - 2011-02-16 07:05 - 000000000 ___SD C:\Documents and Settings\Usuario\Configuración local\Archivos temporales de Internet
2019-09-06 17:54 - 2011-12-20 09:11 - 000000000 ____D C:\Documents and Settings\Usuario\Mis documentos\ROMPE  CABEZAS
2019-09-06 17:52 - 2011-10-19 17:26 - 000000000 ____D C:\Archivos de programa\WinRAR
2019-09-06 17:52 - 2011-02-16 07:05 - 000000000 __SHD C:\Documents and Settings\Usuario\Mis documentos
2019-09-06 17:51 - 2011-02-16 06:46 - 000000000 ____D C:\Documents and Settings\All Users
2019-09-06 10:30 - 2017-05-25 12:21 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\AVAST Software
2019-09-06 10:12 - 2011-02-16 07:04 - 000000000 ___HD C:\Documents and Settings\LocalService\Configuración local
2019-09-06 10:12 - 2011-02-16 07:03 - 000000000 ___HD C:\Documents and Settings\NetworkService\Configuración local
2019-09-06 10:11 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
2019-09-06 10:06 - 2001-08-24 09:00 - 000000227 _____ C:\WINDOWS\system.ini
2019-09-06 09:50 - 2011-02-16 07:41 - 000000000 ____D C:\WINDOWS\system
2019-09-06 09:48 - 2011-02-16 07:05 - 000000000 __SHD C:\Documents and Settings\Usuario\Datos de programa
2019-09-06 09:48 - 2011-02-16 06:47 - 000000000 ___HD C:\Documents and Settings\All Users\Datos de programa
2019-09-06 09:44 - 2011-02-16 06:47 - 000000000 ____D C:\Archivos de programa\Archivos comunes
2019-09-06 09:33 - 2011-02-16 06:47 - 000000000 ___RD C:\Documents and Settings\All Users\Documentos
2019-09-06 09:30 - 2011-10-20 10:50 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2019-09-05 09:47 - 2011-02-16 07:43 - 000000354 _____ C:\WINDOWS\crw.ini
2019-09-04 09:09 - 2001-08-24 09:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2019-08-30 08:45 - 2011-02-18 03:57 - 000000000 ____D C:\rnom
2019-08-29 13:31 - 2017-08-01 13:41 - 000000017 _____ C:\AnoProceso.TXT
2019-08-27 11:57 - 2019-02-18 08:21 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\Contrato 2019
2019-08-22 11:29 - 2019-01-17 09:36 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\Nomina 2019
2019-08-20 08:09 - 2019-01-22 08:41 - 000020484 ____H C:\Documents and Settings\Usuario\Escritorio\~WRL0003.tmp
2019-08-19 10:35 - 2019-02-05 09:02 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\documentos de personal
2019-08-15 12:15 - 2019-02-05 09:12 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\Maquetas 2019
2019-08-09 09:20 - 2018-08-29 13:27 - 000000000 _____ C:\Satar.TXT
2019-08-08 11:24 - 2019-01-08 10:13 - 000000000 ____D C:\Documents and Settings\Usuario\Escritorio\2018

==================== Files in the root of some directories ================

2011-02-16 07:35 - 2011-02-16 07:35 - 000008953 _____ () C:\Documents and Settings\Usuario\Datos de programa\SmarThruOptions.xml
2012-09-05 12:02 - 2012-09-07 11:48 - 000004322 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\C99A6AB1-1EDD-F968-52E8-3ECF2200A083.txt
2011-07-19 16:20 - 2016-03-16 10:10 - 000006656 _____ () C:\Documents and Settings\Usuario\Configuración local\Datos de programa\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-06 15:46 - 2014-08-14 12:57 - 000001289 _____ () C:\Documents and Settings\All Users\Datos de programa\hpzinstall.log
2017-07-13 09:26 - 2010-02-09 16:04 - 000024772 _____ () C:\Documents and Settings\All Users\Datos de programa\P1100DEF.css
2017-07-13 09:26 - 2017-07-13 09:26 - 000185398 _____ () C:\Documents and Settings\All Users\Datos de programa\P1100OS.HTM
2017-07-13 09:26 - 2010-02-09 16:04 - 000002944 _____ () C:\Documents and Settings\All Users\Datos de programa\P1100SIG.GIF

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-09-2019
Ran by Usuario (07-09-2019 07:08:14)
Running from C:\Documents and Settings\Usuario\Escritorio
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-02-16 11:02:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-1390067357-602609370-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrador.USUARIO-A9169BD
Asistente de ayuda (S-1-5-21-1390067357-602609370-1177238915-1000 - Limited - Disabled)
Invitado (S-1-5-21-1390067357-602609370-1177238915-501 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-1390067357-602609370-1177238915-1002 - Limited - Disabled)
Usuario (S-1-5-21-1390067357-602609370-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Usuario

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización para Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AiO_Scan_CDA (HKLM\...\{C8753E28-2680-49BF-BD48-DD38FD086EFE}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (HKLM\...\{68763C27-235D-4165-A961-FDEA228CE504}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
BufferChm (HKLM\...\{4041C245-7099-4C96-9738-5EBC23827B3C}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
CP_Package_Variety1 (HKLM\...\{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (HKLM\...\{23B35809-5E4A-4F14-8332-1CDEDDFAC089}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (HKLM\...\{B57F2FF0-5A25-4332-B503-4592B370C02F}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Desinstalador de impresoras EPSON TX130 Series (HKLM\...\EPSON TX130 Series) (Version:  - SEIKO EPSON Corporation)
Destinations (HKLM\...\{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DIGITEL 3G (HKLM\...\DIGITEL 3G) (Version: DIGITEL 3G - Huawei Technologies Co.,Ltd)
DocProc (HKLM\...\{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}) (Version: 6.0.0.0 - Hewlett-Packard) Hidden
Epson Easy Photo Print 2 (HKLM\...\{E65AE514-9C14-48DE-BAE5-64A4F9CB6FE5}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
Escritorio movistar Latam (HKLM\...\Escritorio movistar Latam) (Version:  - Movistar)
Escritorio Movistar Latam (HKLM\...\MovistarLATAM) (Version: 8.7.6.765 - Escritorio Movistar Latam)
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
F300 (HKLM\...\{05C56753-F144-44BC-BA67-83CC5DBF395C}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
F300_Help (HKLM\...\{E5966E4C-0A93-4F59-A981-BD3173D4799F}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
F300Trb (HKLM\...\{71D9B000-CD43-4DE9-9729-49434415B8F7}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
Fax_CDA (HKLM\...\{F6076EF9-08E1-442F-B6A2-BFB61B295A14}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Ayuda (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Extended Capabilities 6.1 (HKLM\...\HPExtendedCapabilities) (Version: 6.1 - HP)
HP Imaging Device Functions 6.1 (HKLM\...\HP Imaging Device Functions) (Version: 6.1 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Photosmart Essential (HKLM\...\{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}) (Version: 1.8.0.26 - HP)
HP PSC & OfficeJet 6.1.A (HKLM\...\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}) (Version:  - HP)
HP Software Update (HKLM\...\{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}) (Version: 3.0.6.003 - Hewlett-Packard)
HP Solution Center and Imaging Support Tools 6.1 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 6.1 - HP)
HPProductAssistant (HKLM\...\{DEBB2986-15B0-4D28-95FA-5C966A396589}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Ma-Config.com (HKLM\...\{7DC75AE3-5A14-4512-A337-E2C3D2C68C9A}) (Version: 7.1.2.4 - Cybelsoft)
MarketResearch (HKLM\...\{AAA11090-6E99-4655-AAF5-57EB5F677D0C}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.030.01.01.197 - Huawei Technologies Co.,Ltd)
MODEM Mobile Connection (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Mozilla Firefox 52.9.0 ESR (x86 es-ES) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 es-ES)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Nero 7 v7.5.7.0 (HKLM\...\Nero 7_is1) (Version:  - Nero AG)
NewCopy_CDA (HKLM\...\{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Presupuesto (HKLM\...\ST5UNST #1) (Version:  - )
ProductContextNPI (HKLM\...\{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
Readme (HKLM\...\{736C803C-DD3B-4015-BC51-AFB9E67B9076}) (Version: 51.0.230.000 - Hewlett-Packard) Hidden
Samsung Universal Print Driver (HKLM\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Scan (HKLM\...\{C6812939-B117-48E6-A3BA-1709C14A3C8C}) (Version: 6.0.0.0 - Hewlett-Packard) Hidden
ScannerCopy (HKLM\...\{31263605-FC84-4787-B847-BA445B147E24}) (Version: 6.0.0.0 - Hewlett-Packard) Hidden
SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SolutionCenter (HKLM\...\{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{1E1F1E70-14D8-4380-8652-BD1A895A7D65}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Toolbox (HKLM\...\{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
Unload (HKLM\...\{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}) (Version: 6.0.0 - Hewlett-Packard) Hidden
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.1.6 - SOSVirus (SOSVirus.Net))
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VIA/S3G UniChrome Family Win2K/XP/Server2003 Display (HKLM\...\UChromeP) (Version:  - )
Visual Basic 5.0 Edición Profesional (HKLM\...\VB5) (Version:  - )
WebFldrs XP (HKLM\...\{350C9C0A-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{EC2715CE-C182-483C-84CC-81D7D914CF14}) (Version: 61.0.163.000 - Hewlett-Packard) Hidden
ZTE Drivers v1.2050.0.10 (HKLM\...\{66239456-F8B1-49EC-818C-822603C5B712}) (Version: 1.0.0.10 - ZTE Corporation)
ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.31_TME - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8503296 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2019-09-06] () [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2019-09-06] () [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Archivos de programa\WinRAR\rarext.dll [2019-09-06] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']

Shortcut: C:\Documents and Settings\Usuario\Entorno de red\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2011-10-19 17:26 - 2019-09-06 17:52 - 000141312 _____ () [File not signed] C:\Archivos de programa\WinRAR\rarext.dll
2009-07-11 20:11 - 2009-07-11 20:11 - 000097280 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-09-06 09:49 - 2019-09-06 13:54 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1390067357-602609370-1177238915-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
sharedaccess => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Archivos de programa\Epson Software\Event Manager\EEventManager.exe] => Enabled:EEventManager Application

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:76.68 GB) (Free:56.7 GB) (74%)

==================== Faulty Device Manager Devices =============

Name: Controladora de vídeo (compatible VGA)
Description: Controladora de vídeo (compatible VGA)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Controladora de sonido multimedia
Description: Controladora de sonido multimedia
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 08:40:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: nomina.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [nomina.exe!ws!]

Error: (06/30/2015 08:07:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: nomina.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [nomina.exe!ws!]

Error: (07/01/2015 07:59:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: nomina.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [nomina.exe!ws!]

Error: (06/30/2015 01:56:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: nomina.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [nomina.exe!ws!]

Error: (06/19/2015 09:27:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: presupuesto.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [presupuesto.exe!ws!]

Error: (06/18/2015 04:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: presupuesto.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [presupuesto.exe!ws!]

Error: (06/12/2015 10:56:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplicación con errores: nomina.exe, versión: 1.0.0.0, módulo con error: crystl32.ocx, versión 4.6.37.14, dirección de error 0x000127fb.
Procesando suceso específico de medio para [nomina.exe!ws!]

Error: (06/10/2015 11:34:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplicación que no responde: WinRAR.exe, versión 3.90.0.0, módulo que no responde hungapp, versión 0.0.0.0, dirección que no responde 0x00000000.


System errors:
=============
Error: (05/19/2015 08:57:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DIGITEL. OUC no pudo iniciarse debido al siguiente error: 
El servicio no ha respondido a la petición o inicio del control en un tiempo adecuado.

Error: (05/19/2015 08:57:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Intervalo de espera (30000 ms.) para la conexión con el servicio DIGITEL. OUC.

Error: (05/19/2015 08:55:43 AM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (05/19/2015 08:55:43 AM) (Source: 0) (EventID: 5) (User: )
Description: Event-ID 5

Error: (05/19/2015 08:54:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio DIGITEL. OUC no pudo iniciarse debido al siguiente error: 
El sistema no puede hallar el archivo especificado.

Error: (05/19/2015 08:53:56 AM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (05/19/2015 08:53:52 AM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (05/19/2015 08:53:52 AM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11


==================== Memory info =========================== 

BIOS: Phoenix Technologies, LTD P4M80P - 42302e31 11/24/2005
Motherboard:   P4M800CE-8237
Processor:  Intel(R) Pentium(R) 4 CPU 2.66GHz
Percentage of memory in use: 99%
Total physical RAM: 1214.42 MB
Available physical RAM: 9.86 MB
Total Virtual: 1749.24 MB
Available Virtual: 498.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.68 GB) (Free:56.7 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (UUI) (Removable) (Total:14.4 GB) (Free:12.78 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 76.7 GB) (Disk ID: FDB6FDB6)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: DF8CDF8C)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=512 KB) - (Type=EF)

==================== End of Addition.txt ============================

Hola @Carlos_A_Aguilera_F

Mientras analizo los reportes y te preparo el paso a paso a seguir veo que has ejecutado Combofix, necesito ese reporte, lo encuentras en C:\Combofix.txt

Lo pegas en tu próxima respuesta.

Salu2

Buenas noches, gracias por tu valiosa colaboración ya te dejo el log del combofix

ComboFix 18-08-08.01 - Usuario 06/09/2019   9:37.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.34.3082.18.1214.816 [GMT -4:00]
Running from: c:\documents and settings\Usuario\Mis documentos\Descargas\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\archivos de programa\ma-config.com
c:\archivos de programa\ma-config.com\config.xml
c:\archivos de programa\ma-config.com\CPUID\cpuidsdk.dll
c:\archivos de programa\ma-config.com\Drivers\ma-config.inf
c:\archivos de programa\ma-config.com\Drivers\ma-config_amd64.cat
c:\archivos de programa\ma-config.com\Drivers\ma-config_amd64.sys
c:\archivos de programa\ma-config.com\Drivers\ma-config_x86.cat
c:\archivos de programa\ma-config.com\Drivers\ma-config_x86.sys
c:\archivos de programa\ma-config.com\Langues\LangueMC.ar.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.de.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.en.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.es.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.fr.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.pt.resx
c:\archivos de programa\ma-config.com\Langues\LangueMC.ru.resx
c:\archivos de programa\ma-config.com\ma-config.html
c:\archivos de programa\ma-config.com\MaConfigAgent.exe
c:\archivos de programa\ma-config.com\MCBCL.dll
c:\archivos de programa\ma-config.com\MCDetection.exe
c:\archivos de programa\ma-config.com\MCNoyau.dll
c:\archivos de programa\ma-config.com\MCrypt.dll
c:\archivos de programa\ma-config.com\MCSettings.exe
c:\archivos de programa\ma-config.com\MCStubUser.exe
c:\archivos de programa\ma-config.com\sqlite3.dll
c:\archivos de programa\Program Files
c:\archivos de programa\Program Files\HP\Non Driver CIO Components\Uninst.isu
c:\documents and settings\All Users\Datos de programa\ma-config.com
c:\documents and settings\All Users\Datos de programa\ma-config.com\Logs\activex.txt
c:\documents and settings\All Users\Datos de programa\ma-config.com\Logs\maconfservice.txt
c:\documents and settings\All Users\Datos de programa\ma-config.com\Logs\mcdetection.txt
c:\documents and settings\All Users\Datos de programa\ma-config.com\Logs\mcstubuser.txt
c:\documents and settings\All Users\Datos de programa\ma-config.com\Logs\websocketpp.log
c:\documents and settings\All Users\Datos de programa\ma-config.com\mcbase.db
c:\documents and settings\All Users\Datos de programa\ma-config.com\server.pem
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents and settings\Usuario\Cookies.lnk
c:\documents and settings\Usuario\Datos de programa\Toolbar4
c:\documents and settings\Usuario\Escritorio\Internet Explorer.lnk
c:\documents and settings\Usuario\Mis documentos\~WRL0001.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0002.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0003.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0004.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0005.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0006.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0007.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0008.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0211.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL0362.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL3126.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL3823.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL3925.tmp
c:\documents and settings\Usuario\Mis documentos\~WRL3941.tmp
c:\documents and settings\Usuario\pgn.com
c:\documents and settings\Usuario\raaxua.exe
c:\windows\Explorermgr.exe
c:\windows\ST6UNST.000
c:\windows\system\TAPI.DLL
c:\windows\system\WFWNET.DRV
c:\windows\system\WINSPOOL.DRV
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
c:\windows\winhelp.ini
c:\windows\wininit.ini
.
c:\windows\inf\unregmp2.exe . . . is infected!!
.
c:\windows\system32\bootcfg.exe . . . is infected!!
.
c:\windows\system32\dxdiag.exe . . . is infected!!
.
c:\windows\system32\eudcedit.exe . . . is infected!!
.
c:\windows\system32\eventcreate.exe . . . is infected!!
.
c:\windows\system32\w32tm.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2019-08-06 to 2019-09-06  )))))))))))))))))))))))))))))))
.
.
2019-09-06 13:17 . 2011-04-25 14:45	238944	----a-w-	c:\windows\system32\RaCoInst.dll
2019-09-06 13:17 . 2011-04-25 15:01	1174976	----a-w-	c:\windows\system32\drivers\Drt2870.sys
2019-09-06 02:09 . 2019-09-06 02:09	--------	d-----w-	c:\documents and settings\All Users\Datos de programa\Doctor Web
2019-09-06 02:09 . 2019-09-06 02:09	--------	d-----w-	c:\documents and settings\Usuario\Doctor Web
2019-09-06 01:58 . 2019-09-06 01:58	--------	d-----w-	c:\documents and settings\Administrador
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2001-08-24 13:00 . 9BF66996674F69EC2F3303B64E477194 . 12032 . . [------] . . c:\windows\system32\drivers\acpiec.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"new photo today"="wscript.exe" [2008-04-14 155648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"new photo today"="wscript.exe" [2008-04-14 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"436132099"="c:\documents and settings\All Users\msczvgba.exe" [2008-04-14 87767808]
"1764075473"="c:\documents and settings\All Users\mszxurb.exe" [2008-04-14 89006208]
"1926443024"="c:\documents and settings\All Users\msrus.exe" [2008-04-14 103891200]
"1692381455"="c:\documents and settings\All Users\msrrjppq.exe" [2008-04-14 67632000]
"783390920"="c:\documents and settings\All Users\msrdstdl.exe" [2008-04-14 104607744]
"388179523"="c:\documents and settings\All Users\mszqk.exe" [2008-04-14 97384192]
"758296176"="c:\documents and settings\All Users\mseojsja.exe" [2008-04-14 76413184]
"1593735951"="c:\documents and settings\All Users\mswomn.exe" [2008-04-14 88255104]
"778476044"="c:\documents and settings\All Users\mssioffy.exe" [2008-04-14 77308288]
"141361049"="c:\documents and settings\All Users\msrmico.exe" [2008-04-14 87550720]
"1053966845"="c:\documents and settings\All Users\msjoxdjx.exe" [2008-04-14 84661504]
"833475911"="c:\documents and settings\All Users\msvle.exe" [2008-04-14 76000768]
"2010957141"="c:\documents and settings\All Users\mslrqo.exe" [2008-04-14 104313984]
"2062524798"="c:\documents and settings\All Users\mssufgzd.exe" [2008-04-14 80937600]
"271504752"="c:\documents and settings\All Users\mswvub.exe" [2008-04-14 81665664]
"1106306397"="c:\documents and settings\All Users\msedcbab.exe" [2008-04-14 67403904]
"988869439"="c:\documents and settings\All Users\mstlxgnln.exe" [2008-04-14 104107776]
"64664161"="c:\documents and settings\All Users\mshtoilup.exe" [2008-04-14 68510976]
"520404623"="c:\documents and settings\All Users\mstufu.exe" [2008-04-14 88424448]
"763737042"="c:\documents and settings\All Users\msdebm.exe" [2008-04-14 81716352]
.
c:\documents and settings\Usuario\Menú Inicio\Programas\Inicio\
hsokgvhv.exe [2019-9-6 90112]
new photo today.wsf [2016-5-3 371160]
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-09-14 13:55	1045720	------w-	c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 15:48	143872	----a-w-	c:\archivos de programa\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [12/06/2008 6:24 19200]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [25/07/2011 11:27 99896]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe [14/03/2011 11:27 271712]
S3 46e6371d9b296008;46e6371d9b296008;\??\c:\docume~1\Usuario\CONFIG~1\Temp\cda651c1.sys --> c:\docume~1\Usuario\CONFIG~1\Temp\cda651c1.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [19/05/2015 8:56 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [19/05/2015 8:56 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27/08/2018 13:48 100992]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [27/08/2018 13:48 24448]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [19/05/2015 8:56 89856]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [19/05/2015 8:56 66688]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [19/05/2015 8:56 73984]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [19/05/2015 8:56 26624]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/01/2013 9:24 9728]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [25/07/2011 11:25 17408]
S3 zte_massejct;ZTEMassEjctServ;c:\windows\system32\drivers\zte_massejct.sys [15/01/2013 9:24 15872]
S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\ZTEusbnmeaext2.sys [15/01/2013 9:24 107776]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [15/01/2013 9:24 114688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
?????????????????????????????????????????????????????T??????????????????????????????????????????????????????????????E???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????!?????????????????????????????????????????????????????????????????????????????????????????????O????q????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????7aºH???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
??D
??
??????????
??D
??
???
???
???
???
???
???
???
???

???
???
???
???
??N?????? 
???
???
????"???¶????"???¶????O????????????????0??????
??
???
???
???
???
???
???
???
???

???
???
???
??uN?????R
???
)
???
-
???
???
M
???
I
???
I
???

???

???
1
???
???
?L?
???
???

???

???
;
???
>
???
>
??a?
`u??Å
???

qamzfxzh
???
???

???

???

???

???
e
???
e
???
???
e
???
e
???
???
e
???
e
???

???

???

???
???

???
?

???
?

???

???A????
???

???
???

???

???
???
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
uploadmgr
TermService
ip6fwhlp
mhn
sacsvr
trksvr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 16:12	1106072	----a-w-	c:\archivos de programa\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2019-06-15 c:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe [2019-03-19 14:19]
.
2019-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 14:19]
.
2019-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-11-22 14:09]
.
2019-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-11-22 14:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.ve/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 192.168.1.1
FF - ProfilePath - c:\documents and settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C99A6AB1-1EDD-F968-52E8-3ECF2200A083} - (no file)
HKCU-Run-raaxua - c:\documents and settings\Usuario\raaxua.exe
c:\documents and settings\Usuario\Menú Inicio\Programas\Inicio\m.lnk - c:\documents and settings\Usuario\Datos de programa\eeYwKimAEc.exe
c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\Actualizar la licencia de ESET.lnk - c:\archivos de programa\ESET\MiNODLogin\launcher.exe  -d 10000
AddRemove-EPSON Scanner - c:\archivos de programa\epson\escndv\setup\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2019-09-06 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_156_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_156_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\HPZipm12.exe
c:\archivos de programa\TeamViewer\TeamViewer_Service.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscript.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
c:\archivos de programa\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2019-09-06  10:12:44 - machine was rebooted
ComboFix-quarantined-files.txt  2019-09-06 14:12
.
Pre-Run: 49,409,908,736 bytes libres
Post-Run: 56,654,880,768 bytes libres
.
- - End Of File - - 7CBA23584323EE249AD3FADD9974AC29
792F61657FECE3D17A9122B4EE282847

Hola @Carlos_A_Aguilera_F

Ni que decirte que tu equipo esta muy muy infectado.

Por el momento vamos a hechar mano de las herramientas que tenemos disponibles:

Hijackthis:

Con todos los programas cerrados ejecuta HijackThis, marcas las casillas y le das Fix a:

O4 - HKLM..\Run: [new photo today] = C:\WINDOWS\system32\wscript.exe //B “C:\Documents and Settings\Usuario\new photo today.wsf”

O4 - MSConfig\startupreg: new photo today [command] = C:\WINDOWS\system32\wscript.exe //B “C:\Documents and Settings\Usuario\new photo today.wsf” (HKLM) (2019/09/06)

Sin reiniciar:

Combofix:

Con mucha atención realizas lo siguiente:

1.-Abrir el Notepad (Bloc de Notas)

• Ir a INICIO >>> EJECUTAR >>>Escribir notepad.exe presionas ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad:

KillAll::

ClearJavaCache:: 

File:: 
c:\documents and settings\All Users\msczvgba.exe
c:\documents and settings\All Users\mszxurb.exe
c:\documents and settings\All Users\msrus.exe
c:\documents and settings\All Users\msrrjppq.exe
c:\documents and settings\All Users\msrdstdl.exe
c:\documents and settings\All Users\mszqk.exe
c:\documents and settings\All Users\mseojsja.exe
c:\documents and settings\All Users\mswomn.exe
c:\documents and settings\All Users\mssioffy.exe
c:\documents and settings\All Users\msrmico.exe
c:\documents and settings\All Users\msjoxdjx.exe
c:\documents and settings\All Users\msvle.exe
c:\documents and settings\All Users\mslrqo.exe
c:\documents and settings\All Users\mssufgzd.exe
c:\documents and settings\All Users\mswvub.exe
c:\documents and settings\All Users\msedcbab.exe
c:\documents and settings\All Users\mstlxgnln.exe
c:\documents and settings\All Users\mshtoilup.exe
c:\documents and settings\All Users\mstufu.exe
c:\documents and settings\All Users\msdebm.exe
c:\documents and settings\Usuario\Menú Inicio\Programas\Inicio\hsokgvhv.exe
C:\Documents and Settings\Usuario\Menú Inicio\Programas\Inicio\new photo today.wsf
C:\Documents and Settings\Usuario\new photo today.wsf
c:\docume~1\Usuario\CONFIG~1\Temp\cda651c1.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"new photo today"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"new photo today"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"436132099"=-
"1764075473"=-
"1926443024"=-
"1692381455"=-
"783390920"=-
"388179523"=-
"758296176"=-
"1593735951"=-
"778476044"=-
"141361049"=-
"1053966845"=-
"833475911"=-
"2010957141"=-
"2062524798"=-
"271504752"=-
"1106306397"=-
"988869439"=-
"64664161"=-
"520404623"=-
"763737042"=-

Driver::
46e6371d9b296008
cda651c1

3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.- Arrastrar y soltar el archivo CFScript.txt sobre el archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

• Reinicia tu PC y

FRST:

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

• Descarga DelFix en el escritorio de Windows.
• Clic Derecho, “Ejecutar como Administrador”.
• En la ventana principal, marca solamente la casilla “Create Registry Backup”.
• Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus o programa de seguridad si tuvieras instalado

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1390067357-602609370-1177238915-1003 - Hook de búsqueda de direcciones URL de Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll => No File
FF user.js: detected! => C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859\user.js [2019-09-06]
CHR HomePage: Default -> hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88
CHR StartupUrls: Default -> "hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88"
S3 46e6371d9b296008; \??\C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys [X]
C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys
2019-09-07 00:24 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Administrador.USUARIO-A9169BD\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-06 23:34 - 2019-09-06 23:08 - 186328088 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Usuario\Escritorio\avira_antivirus_es-es.exe
2019-09-06 18:30 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Usuario\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-06 09:09 - 2019-09-06 08:55 - 064660208 _____ (Malwarebytes ) C:\Documents and Settings\Usuario\Escritorio\mb3-setup-009996.009996-3.8.3.2965-1.0.613-1.0.11804.exe
2019-09-05 22:01 - 2019-09-05 21:44 - 198856576 _____ C:\Documents and Settings\Usuario\Escritorio\ejevf5il.exe
2019-09-06 10:30 - 2017-05-25 12:21 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\AVAST Software
2019-08-30 08:45 - 2011-02-18 03:57 - 000000000 ____D C:\rnom
2019-08-29 13:31 - 2017-08-01 13:41 - 000000017 _____ C:\AnoProceso.TXT
2019-08-20 08:09 - 2019-01-22 08:41 - 000020484 ____H C:\Documents and Settings\Usuario\Escritorio\~WRL0003.tmp
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

• Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

• Ejecutas Frst.exe.
• Presionas el botón Fix y aguardas a que termine.
• La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
• Lo pegas en tu próxima respuesta.

Aun después de estos pasos restan varios archivos de Sistema infectados, por lo cual luego de reiniciar realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

• Este no da reporte cuando te encuentres, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Nos comentas como sigue el problema, y nos pegas todos los reportes, por tu seguridad puedes imprimir los pasos.

Salu2.

Saludos hice todo al pie de la letra excepto analizar con Eset Online Scaner o con Karspesky …Con el eset no se actualizaba el modulo me daba error y kaspersky me indicaba que me logueraa intente con otros tales como f-prot y bitdefender me daban error decia "no es una aplicación Win32 válida…Lo realice con Panda cloud pero no pude tomar u capture y tampoco dejo ul log… encontró infecciones de popup Te dejp el fixlog.txt

Ran by Usuario (09-09-2019 09:08:57) Run:1
Running from C:\Documents and Settings\Usuario\Escritorio
Loaded Profiles: Usuario (Available Profiles: Usuario & Recuperacion & Administrador)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1390067357-602609370-1177238915-1003 - Hook de bsqueda de direcciones URL de Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll => No File
FF user.js: detected! => C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859\user.js [2019-09-06]
CHR HomePage: Default -> hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88
CHR StartupUrls: Default -> "hxxp://search.iminent.com/?appId=030E909B-8E6C-4EBA-A104-09DC9A6CFF88"
S3 46e6371d9b296008; \??\C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys [X]
C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys
2019-09-07 00:24 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Administrador.USUARIO-A9169BD\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-06 23:34 - 2019-09-06 23:08 - 186328088 _____ (Avira Operations GmbH & Co. KG) C:\Documents and Settings\Usuario\Escritorio\avira_antivirus_es-es.exe
2019-09-06 18:30 - 2019-09-06 18:25 - 355466904 _____ (AVAST Software) C:\Documents and Settings\Usuario\Escritorio\avast_free_antivirus_setup_offline.exe
2019-09-06 09:09 - 2019-09-06 08:55 - 064660208 _____ (Malwarebytes ) C:\Documents and Settings\Usuario\Escritorio\mb3-setup-009996.009996-3.8.3.2965-1.0.613-1.0.11804.exe
2019-09-05 22:01 - 2019-09-05 21:44 - 198856576 _____ C:\Documents and Settings\Usuario\Escritorio\ejevf5il.exe
2019-09-06 10:30 - 2017-05-25 12:21 - 000000000 ____D C:\Documents and Settings\All Users\Datos de programa\AVAST Software
2019-08-30 08:45 - 2011-02-18 03:57 - 000000000 ____D C:\rnom
2019-08-29 13:31 - 2017-08-01 13:41 - 000000017 _____ C:\AnoProceso.TXT
2019-08-20 08:09 - 2019-01-22 08:41 - 000020484 ____H C:\Documents and Settings\Usuario\Escritorio\~WRL0003.tmp
WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']


CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page" => removed successfully.
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1390067357-602609370-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => removed successfully.
HKLM\Software\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} => removed successfully.
C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\ciuxqc4a.default-1392828428859\user.js => moved successfully
"Chrome HomePage" => removed successfully.
"Chrome StartupUrls" => removed successfully.
46e6371d9b296008 => service not found.
"C:\DOCUME~1\Usuario\CONFIG~1\Temp\cda651c1.sys" => not found
C:\Documents and Settings\Administrador.USUARIO-A9169BD\Escritorio\avast_free_antivirus_setup_offline.exe => moved successfully
C:\Documents and Settings\Usuario\Escritorio\avira_antivirus_es-es.exe => moved successfully
C:\Documents and Settings\Usuario\Escritorio\avast_free_antivirus_setup_offline.exe => moved successfully
C:\Documents and Settings\Usuario\Escritorio\mb3-setup-009996.009996-3.8.3.2965-1.0.613-1.0.11804.exe => moved successfully
C:\Documents and Settings\Usuario\Escritorio\ejevf5il.exe => moved successfully
C:\Documents and Settings\All Users\Datos de programa\AVAST Software => moved successfully
C:\rnom => moved successfully
C:\AnoProceso.TXT => moved successfully
C:\Documents and Settings\Usuario\Escritorio\~WRL0003.tmp => moved successfully
"\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"" => removed successfully.
"Microsoft WMI Updating Consumer Scenario Control" => removed successfully.

========= ipconfig /flushdns =========



Configuración IP de Windows



Se vació con éxito la caché de resolución de DNS.


========= End of CMD: =========


========= ipconfig /renew =========



Configuración IP de Windows



No se puede realizar ninguna operación en Conexión de área local mientras los medios estén desconectados.



Adaptador Ethernet Conexión de área local          :



        Estado de los medios. . . .: medios desconectados



Adaptador Ethernet Conexiones de red inalámbricas          :



        Sufijo de conexión específica DNS : 

        Dirección IP. . . . . . . . . . . : 192.168.1.3

        Máscara de subred . . . . . . . . : 255.255.255.0

        Puerta de enlace predeterminada   : 192.168.1.1


========= End of CMD: =========


========= bitsadmin /reset /allusers =========

"bitsadmin" no se reconoce como un comando interno o externo,
programa o archivo por lotes ejecutable.

========= End of CMD: =========


========= netsh winsock reset =========


Restablecer satisfactoriamente el cat logo Winsock.
Debe reiniciar el equipo para finalizar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

No se encuentra el comando: advfirewall reset

========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

No se encuentra el comando: advfirewall set allprofiles state ON

========= End of CMD: =========


========= netsh int ipv4 reset =========

No se encuentra el comando: int ipv4 reset

========= End of CMD: =========


========= netsh int ipv6 reset =========

IPv6 no est  instalado.


========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
HKU\S-1-5-21-1390067357-602609370-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-1390067357-602609370-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-1390067357-602609370-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 65520 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 48323 B
Java, Flash, Steam htmlcache => 1609 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 1721712 B
Firefox => 32055338 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 49780 B
All Users => 0 B
systemprofile => 98932 B
LocalService => 33128 B
NetworkService => 65829 B
Usuario => 921751 B
Recuperacion => 51447 B
Administrador.USUARIO-A9169BD => 82548 B

RecycleBin => 0 B
EmptyTemp: => 33.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:13:57 ====

Hola @Carlos_A_Aguilera_F

Perfecto…

Veamos como sigue ese equipo:

Hijackthis.

Lo ejecutas nuevamente y nos traes un reporte fresco.

Combofix.

Lo ejecutas de la siguiente manera:

Desactive temporalmente su Antivirus o programa de seguridad si tuvieras instalado:

• Cómo deshabilitar temporalmente su Antivirus, .

Ejecute la herramienta: ComboFix

• Desde el escritorio. >>> Esto es Muy Importante

Nota Antes de ejecutar ComboFix asegurarse de :

• Cerrar TODOS los programas y/o ventanas abiertas.

• Si está utilizando Windows Vista o Windows 7/8. Haga click derecho sobre el archivo ComboFix.exe y seleccionar Ejecutar como Administrador.:

Paso 1:

• Ejecute el archivo ComboFix.exe
• Acepte los términos de licencia.
• Si ComboFix le avisa que hay una versión nueva del programa deberá descargarla.
• Si ComboFix le pide instalar la Consola de Recuperación (Recovery Console) hay que instalarla.

Paso 2:

• Copiar y pegar el reporte que ComboFix generó. Si no aparece lo encontrará en C:\ComboFix.txt

• Comentar cómo sigue su sistema, en relación al problema planteado.

Importante :

• Mientras esté trabajando ComboFix no ejecutar ningún software hasta que termine.
• No reiniciar su PC, ComboFix lo hará de ser necesario.
• Mientras ComboFix esté trabajando, no mover el mouse ya que pararía su proceso.

VirusTotal:

Siguiendo la ruta sube alguno de los siguientes archivos a VirusTotal:

• c:\windows\inf\unregmp2.exe
• c:\windows\system32\bootcfg.exe
• c:\windows\system32\dxdiag.exe
• c:\windows\system32\eudcedit.exe
• c:\windows\system32\eventcreate.exe
• c:\windows\system32\w32tm.exe

Manual de VirusTotal.

No olvides seleccionar la opción “Analizar de Nuevo la muestra”

Nos pegas el enlace a los resultados en tu próxima respuesta.

FRST Opción Search:

Ejecuta nuevamente desde tu escritorio FRST.exe.

• En el mensaje de la ventana del Disclaimer , pulsa en Yes
• En la ventana principal del programa (al lado de Search) en tu caso escribes:

unregmp2.exe

• Y presionas en Search Files.

Imagen de ejemplo:

• Al finalizar se abrirá un archivo llamado Search.txt que quedará grabado en tu escritorio

Cuando termines haces los mismos pasos para los siguientes archivos:

bootcfg.exe

dxdiag.exe

eudcedit.exe

eventcreate.exe

w32tm.exe

Después de cada ejecución deberás cambiarle el nombre al archivos Search.txt por ejemplo por Search_1.txt, Search_2.txt, etc, para que no se sobreescriban.

Como son varios reportes puedes utilizar mas de un mensaje.

Esperamos tus resultados.

Guía : ¿Como Pegar reportes en el Foro?

Salu2.

Hola SanMar, te cuento que logre salvar los archivos que tenia en esa PC naturalmente gracias a tu valiosa colaboración entonces no habiendo mas nada de importancia para mi, opte por formatear y colocarle un sistema operativo mas nuevo como windows 7 …Me despido muy agradecido podrias indicarme que debo hacer si debo valorar tu respuesta o algo parecido y cerrar el post

Hola @Carlos_A_Aguilera_F

Era lo mas lógico, una vez que pudieras recuperar archivos Formatear, ya que tenias muchos archivos de sistema Infectados.

No tienes nada que hacer, ya con solo comentarlo es suficiente.

Para otros problemas, ya sabes donde encontrarnos…

Salu2.