Malware deshabilita mis programas de protección

Hola @Jaime64

Bien, tienes ese reporte?

Tienes Google Chrome sincronizado con otros dispositivos?

Pues esto quiere decir que es una de las extensiones el problema.

Primero respondeme si lo tienes sincronizado, pues si es así hay que hacer otros pasos.

Luego vuelve a instalar una a una tus extensiones preferidas verificando cual es la que detecta el Av después de la instalación de cada una.

Nos comentas.

Salu2

 Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 8/12/19
Hora del análisis: 20:16
Archivo de registro: 355abfbe-1a19-11ea-8662-00ffdc353fda.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.770
Versión del paquete de actualización: 1.0.15880
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x86
Sistema de archivos: NTFS
Usuario: ADM-ll-PC\ADM-ll

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 172186
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 17 min, 21 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)´

Este es el informe de Malwarebites. No tengo Google Chrome sincronizado con otros dispositivos.

No puedo volver a instalar ninguna de las extensiones que tenía, sale un mensaje que dice “…Error de red…”.

Por lo visto, el mensaje aparece solo cuando abro Google Chrome, me ha salido de nuevo.

Hola @Jaime64

1.- Desinstala con Revo Uninstaller en su Modo Avanzado:

  • Google Chrome

Manual de Revo Uninstaller.

Nota:

  • Recuerda exportar tus marcadores si los utilizas.
  • No guardes nada de su configuración.

2.- Luego de Reiniciar descarga e instala nuevamente la ultima versión de Google Chrome.

Instalas tus extensiones una a una, y vas verificando si se da la detección de tu Av para intentar identificar cual es la problemática.

Nos comentas.

Salu2

Desinstalé Google Chrome con Revo Uninsraller en modo avanzado, volví a instalarlo y regresó con todos los marcadores y todas las contraseñas. Eso es normal? Instalé algunas extensiones y volvió a salir el mensaje de Avast.

Hola @Jaime64

No debería.

Vuelve a ejecutar RevoUninstaller para desinstalar Chrome.

Luego eliminas estas carpetas si están:

  1. C:\ProgramData\Google/Chrome

  2. C:\Users\All Users\Google\Chrome

  3. C:\Users\TU NOMBRE DE USUARIO\AppData\Local\Google\Chrome

  4. C:\Users\TU NOMBRE DE USUARIO\AppData\Roaming\Google\Chrome

Reinicias y reinstalas el navegador.


Recuerda que tienes que instalar una a una con mucha paciencia, para detectar cual es la que provoca el mensaje de Avast, una vez que lo detectes eliminas la extensión problemática.

Nos comentas.

Salu2

Reinstalé Google Chrome, ahora no puedo acceder a mi cuenta, pongo mi correo le doy a siguiente y no pasa nada.

Hola @Jaime64

Si que te pasan cosas raras…:thinking:


Vuelve a ejecutar FRST como la primera vez y nos traes copias frescas de FRST y Addition.

Salu2

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2019
Ran by ADM-ll (administrator) on ADM-LL-PC (BIOSTAR Group P4M89-M7B) (15-12-2019 19:32:50)
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll (Available Profiles: ADM-ll & Invitado)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Mega Limited -> Mega Limited) C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\PAStiSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.) C:\Windows\System32\VTTrayp.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.) C:\Windows\System32\VTTimer.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\Notifier.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(TEFINCOM S.A. -> ) C:\Program Files\NordVPN\nordvpn-service.exe
(TEFINCOM S.A. -> NordVPN) C:\Program Files\NordVPN\NordVPN.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTTimer] => C:\Windows\system32\VTTimer.exe [53248 2006-09-21] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\Windows\system32\VTtrayp.exe [176128 2007-02-06] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files\OkayFreedom\Notifier.exe [4528120 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [7516152 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\79.0.3945.79\Installer\chrmstp.exe [2019-12-14] (Google LLC -> Google LLC)
Startup: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-04]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {223CDF49-F75B-4D20-A61C-DFBE958CF008} - \{C019E3AC-4A62-442F-A8F9-A809428A0BCB} -> No File <==== ATTENTION
Task: {2444824D-84A0-49B5-9F76-7BF463E80C23} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {305E713F-C588-47FC-8FD6-6A24F40EA8EF} - \{930691F8-3F6D-4037-ABA4-C70E99C382F4} -> No File <==== ATTENTION
Task: {3322BD21-D023-44EC-92B6-C5DDD1684D3F} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17345144 2019-11-02] (Goversoft LLC -> Goversoft LLC)
Task: {346F6EC4-05B0-448B-A8B8-C514489E63D4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {36357D70-339B-45DA-B838-8188B1CDBC3C} - \{E239BC8F-9439-4779-B8AB-D19DC9E7F85B} -> No File <==== ATTENTION
Task: {373FB0FA-267B-4BBD-83F2-B5263AC382F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-12-14] (Google Inc -> Google Inc.)
Task: {52A7AB94-4254-418B-9E42-4D2C2AB3A111} - System32\Tasks\Opera scheduled Autoupdate 1543873804 => C:\Program Files\Opera\launcher.exe [1346584 2019-12-12] (Opera Software AS -> Opera Software)
Task: {5508A693-0760-4C04-A0C2-6A430397F8D7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707563477-1181458908-4289881501-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2576384 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6FBC92E4-931E-4DE3-8599-271592277118} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-11] (Adobe Inc. -> Adobe)
Task: {8C2AC343-FE22-4800-9B77-8B2FFA1C610C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {993B15C2-E666-4DFC-B441-077B0AA9D20D} - \{11118543-EB2F-4408-95F5-678A1332DF7D} -> No File <==== ATTENTION
Task: {AB0FBB04-47B5-4192-94BA-D758A4DBC7E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-12-14] (Google Inc -> Google Inc.)
Task: {ABAD3AE3-BA09-4B24-B3FC-E4851BA8A5C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-11] (Adobe Inc. -> Adobe)
Task: {F159A567-2F65-44DD-808D-9AFD66D52BAA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2707563477-1181458908-4289881501-1000 => C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-27] (Mega Limited -> Mega Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7CF52F30-F611-40F7-A761-0454563ED30E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A6AB16E2-95EC-4122-8C42-858AB1EBA06D}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-12-13] (McAfee, LLC -> McAfee, Inc.)

FireFox:
========
FF DefaultProfile: w5oi6h56.default-1551223974728
FF ProfilePath: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 [2019-12-15]
FF Homepage: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> hxxps://maranhesduve.club; hxxps://subtitlesplus.com; hxxps://www.abc.es; hxxps://www.youtube.com; hxxps://forospyware.com; hxxps://www.xvideos.com
FF Extension: (Avira Navegación segura) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (media-capture) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (HTTPS Everywhere) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-11-18]
FF Extension: (Español (México) Language Pack) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-13]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-15] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/aos/update.json]
FF Extension: (square red) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{8de1c33e-d562-43ef-9122-6cfb439df06c}.xpi [2019-05-13]
FF Extension: (Video DownloadHelper) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-12-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera: 
=======
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23]
OPR Extension: (Dailymotion Video Downloader) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\kagkcnmcjinolcgoanmodncaddocbahi [2019-10-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5035312 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373928 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5570712 2019-12-14] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [689872 2019-12-13] (McAfee, LLC -> McAfee, Inc.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [222240 2019-12-10] (TEFINCOM S.A. -> )
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [295944 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 UDisk Monitor Driver; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [577536 2012-09-29] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-06-15] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [411088 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (Microsoft Windows -> VIA Technologies, Inc. )
S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [183048 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [243800 2019-12-15] (Malwarebytes Inc -> Malwarebytes)
S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23552 2019-04-23] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [31496 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-15 19:32 - 2019-12-15 19:34 - 000018648 _____ C:\Users\ADM-ll\Desktop\FRST.txt
2019-12-15 19:32 - 2019-12-15 19:32 - 000000000 ____D C:\Users\ADM-ll\Desktop\FRST-OlderVersion
2019-12-15 10:55 - 2019-12-15 10:55 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Google
2019-12-15 07:32 - 2019-12-15 07:32 - 000243800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-12-15 07:32 - 2019-12-15 07:32 - 000183048 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-12-14 19:57 - 2019-12-15 11:15 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\Google
2019-12-14 19:56 - 2019-12-14 19:56 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-14 19:56 - 2019-12-14 19:56 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-14 19:56 - 2019-12-14 19:56 - 000002203 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 19:50 - 2019-12-14 20:03 - 000003460 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 19:50 - 2019-12-14 20:03 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 19:41 - 2019-12-14 19:41 - 000002079 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2019-12-14 19:41 - 2019-12-14 19:41 - 000002079 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2019-12-14 19:41 - 2019-12-14 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-12-14 19:35 - 2019-12-14 19:35 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-12-14 19:34 - 2019-12-14 19:34 - 000691528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000411088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000394856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000305032 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-12-14 19:34 - 2019-12-14 19:34 - 000277408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000224008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000176760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000174712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000169408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000145048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000095168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000073312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000059368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000041200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000036104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-12-14 19:34 - 2019-12-14 19:34 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-12-14 19:28 - 2019-12-14 19:28 - 000000000 ____D C:\Program Files\AVAST Software
2019-12-14 17:50 - 2019-12-14 17:50 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-14 17:50 - 2019-12-14 17:50 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-14 17:50 - 2019-12-14 17:50 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\mbam
2019-12-14 17:50 - 2019-12-14 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-14 17:49 - 2019-12-14 17:49 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-12-14 17:49 - 2019-12-14 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-14 17:43 - 2019-12-14 17:43 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-14 16:59 - 2019-12-14 16:59 - 175185230 _____ C:\Windows\MEMORY.DMP
2019-12-14 16:59 - 2019-12-14 16:59 - 000138568 _____ C:\Windows\Minidump\121419-40107-01.dmp
2019-12-14 16:56 - 2019-12-14 16:56 - 000265846 _____ C:\Windows\ntbtlog.txt
2019-12-13 22:49 - 2019-12-15 15:37 - 000000000 ____D C:\Users\ADM-ll\Downloads\The Heretics (2017) [BluRay] [1080p] [YTS.AM]
2019-12-13 22:14 - 2019-12-15 19:34 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\qBittorrent
2019-12-13 22:14 - 2019-12-13 22:15 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\qBittorrent
2019-12-13 22:11 - 2019-12-13 22:11 - 000001023 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2019-12-13 22:11 - 2019-12-13 22:11 - 000001023 _____ C:\ProgramData\Desktop\qBittorrent.lnk
2019-12-13 22:11 - 2019-12-13 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-12-13 22:11 - 2019-12-13 22:11 - 000000000 ____D C:\Program Files\qBittorrent
2019-12-13 16:12 - 2019-12-13 16:12 - 000000000 ____D C:\Program Files\McAfee
2019-12-13 16:10 - 2019-12-13 16:10 - 000000000 ____D C:\ProgramData\McAfee
2019-12-12 20:12 - 2019-12-12 20:12 - 000052815 _____ C:\Users\ADM-ll\Downloads\The Convent (2018) [BluRay] [1080p] [YTS.LT].torrent
2019-12-12 14:36 - 2019-12-05 21:40 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2019-12-12 14:36 - 2019-11-27 23:33 - 000069048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-12-12 14:36 - 2019-11-27 23:32 - 004061616 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-12-12 14:36 - 2019-11-27 23:32 - 003967416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-12-12 14:36 - 2019-11-27 23:32 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000138192 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-12-12 14:36 - 2019-11-27 23:31 - 001316424 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:04 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-12-12 14:36 - 2019-11-27 23:04 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-12-12 14:36 - 2019-11-27 23:04 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-12-12 14:36 - 2019-11-27 23:04 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-12-12 14:36 - 2019-11-27 23:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-12-12 14:36 - 2019-11-27 23:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-12-12 14:36 - 2019-11-27 23:02 - 002407424 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-12-12 14:36 - 2019-11-27 23:02 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-12-12 14:36 - 2019-11-27 23:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-12-12 14:36 - 2019-11-27 23:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-12-12 14:36 - 2019-11-27 22:59 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-12-12 14:36 - 2019-11-27 22:57 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-12-12 14:36 - 2019-11-27 22:57 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-12-12 14:36 - 2019-11-26 16:22 - 000532192 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-12-12 14:36 - 2019-11-23 02:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-12-12 14:36 - 2019-11-20 22:16 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-12-12 14:36 - 2019-11-19 04:17 - 020290048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-12-12 14:36 - 2019-11-19 04:11 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-12-12 14:36 - 2019-11-19 04:11 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-12-12 14:36 - 2019-11-19 03:59 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-12-12 14:36 - 2019-11-19 03:58 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-12-12 14:36 - 2019-11-19 03:58 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-12-12 14:36 - 2019-11-19 03:57 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-12-12 14:36 - 2019-11-19 03:56 - 002304000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-12-12 14:36 - 2019-11-19 03:53 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-12-12 14:36 - 2019-11-19 03:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-12-12 14:36 - 2019-11-19 03:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-12-12 14:36 - 2019-11-19 03:49 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-12-12 14:36 - 2019-11-19 03:43 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-12-12 14:36 - 2019-11-19 03:40 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-12-12 14:36 - 2019-11-19 03:36 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-12-12 14:36 - 2019-11-19 03:36 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-12-12 14:36 - 2019-11-19 03:35 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-12-12 14:36 - 2019-11-19 03:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-12-12 14:36 - 2019-11-19 03:33 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-12-12 14:36 - 2019-11-19 03:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-12-12 14:36 - 2019-11-19 03:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-12-12 14:36 - 2019-11-19 03:26 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-12-12 14:36 - 2019-11-19 03:24 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-12-12 14:36 - 2019-11-19 03:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-12-12 14:36 - 2019-11-19 03:23 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-12-12 14:36 - 2019-11-19 03:23 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-12-12 14:36 - 2019-11-19 03:22 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-12-12 14:36 - 2019-11-19 03:20 - 013838336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-12-12 14:36 - 2019-11-19 03:05 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-12-12 14:36 - 2019-11-19 03:01 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-12-12 14:36 - 2019-11-19 03:00 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-12-12 14:36 - 2019-11-14 22:32 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000479232 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-12-12 14:36 - 2019-11-14 22:13 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2019-12-12 14:36 - 2019-11-14 22:13 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2019-12-12 14:36 - 2019-11-14 22:04 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-12-12 14:36 - 2019-11-14 21:59 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-12-12 14:36 - 2019-11-14 21:59 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2019-12-12 14:36 - 2019-11-14 21:55 - 000258048 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-12-12 14:36 - 2019-11-05 17:27 - 000137144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-12-12 14:36 - 2019-10-25 20:17 - 001465344 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-12-11 22:06 - 2019-12-11 22:06 - 001397304 _____ (Google LLC) C:\Users\ADM-ll\Downloads\ChromeSetup.exe
2019-12-11 10:34 - 2019-11-14 21:58 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-12-10 10:41 - 2019-12-10 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-12-08 20:12 - 2019-12-08 20:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\cache
2019-12-08 10:48 - 2019-12-15 19:33 - 000000000 ____D C:\FRST
2019-12-08 10:48 - 2019-12-08 10:57 - 000019211 _____ C:\Users\ADM-ll\Desktop\Fixlog.txt
2019-12-08 10:47 - 2019-12-15 19:32 - 001992192 _____ (Farbar) C:\Users\ADM-ll\Desktop\FRST.exe
2019-12-08 10:18 - 2019-12-08 10:18 - 000000000 ____D C:\Windows\ERUNT
2019-12-07 01:41 - 2019-12-07 01:45 - 000029246 _____ C:\Users\ADM-ll\Desktop\mb-clean-results.txt
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2019-12-06 18:01 - 2019-12-06 18:01 - 000000000 __SHD C:\found.001
2019-12-04 10:44 - 2019-12-04 10:44 - 000000000 __SHD C:\found.000
2019-12-02 13:34 - 2019-12-02 13:35 - 000067122 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay]..1080p..[YTS.LT].torrent
2019-12-01 18:03 - 2019-12-01 18:04 - 000038179 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay].[720p].[YTS.LT].torrent
2019-11-27 18:31 - 2019-11-27 18:31 - 000017862 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Greta.2018.1080p.Dual.Lat.Cinecalidad.torrent
2019-11-18 11:34 - 2019-12-06 21:23 - 000000000 ____D C:\Program Files\Mozilla Firefox

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-15 19:30 - 2019-01-02 14:25 - 000000000 ____D C:\Users\ADM-ll\AppData\LocalLow\Mozilla
2019-12-15 18:59 - 2019-05-28 11:30 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\CrashDumps
2019-12-15 11:39 - 2019-03-02 15:52 - 000000189 _____ C:\Users\ADM-ll\Documents\cl.txt
2019-12-15 09:01 - 2019-06-24 11:49 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\AVAST Software
2019-12-15 07:43 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-15 07:43 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-15 07:31 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-14 19:56 - 2018-12-03 17:54 - 000000000 ____D C:\Program Files\Google
2019-12-14 19:41 - 2019-08-16 15:38 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\AVAST Software
2019-12-14 19:34 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2019-12-14 19:27 - 2019-06-24 11:38 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-14 19:11 - 2018-12-02 22:18 - 000001912 _____ C:\Windows\epplauncher.mif
2019-12-14 17:44 - 2018-12-03 17:49 - 000000000 ____D C:\Program Files\Opera
2019-12-14 17:38 - 2009-07-14 00:53 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-12-14 16:59 - 2018-12-02 20:58 - 000000000 ____D C:\Windows\Minidump
2019-12-14 10:52 - 2019-06-25 13:36 - 000000950 _____ C:\Users\Public\Desktop\Bandicam.lnk
2019-12-14 10:52 - 2019-06-25 13:36 - 000000950 _____ C:\ProgramData\Desktop\Bandicam.lnk
2019-12-14 10:51 - 2019-06-25 13:36 - 000000000 ____D C:\Program Files\BandiMPEG1
2019-12-14 10:51 - 2019-06-25 13:36 - 000000000 ____D C:\Program Files\Bandicam
2019-12-13 22:52 - 2011-04-11 21:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-12-13 22:52 - 2011-04-11 21:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-12-13 22:52 - 2010-11-20 17:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-12-13 22:41 - 2019-08-19 14:02 - 000000000 ____D C:\Users\ADM-ll\Downloads\Nueva carpeta
2019-12-13 16:10 - 2019-10-01 20:00 - 000001120 _____ C:\Users\Public\Desktop\PotPlayer.lnk
2019-12-13 16:10 - 2019-10-01 20:00 - 000001120 _____ C:\ProgramData\Desktop\PotPlayer.lnk
2019-12-13 09:14 - 2018-12-03 17:50 - 000003844 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1543873804
2019-12-12 22:44 - 2019-08-01 11:09 - 000000000 _____ C:\Windows\system32\last.dump
2019-12-12 16:29 - 2019-08-12 22:27 - 000425304 _____ (Secure By Design Inc.) C:\Users\ADM-ll\Downloads\Ninite Chrome Installer.exe
2019-12-12 15:26 - 2019-11-02 22:10 - 000267528 _____ C:\Windows\system32\FNTCACHE.DAT
2019-12-11 13:29 - 2018-12-03 08:00 - 000000000 ____D C:\Windows\system32\MRT
2019-12-11 13:29 - 2018-12-03 07:59 - 126061744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-12-11 12:53 - 2018-12-02 22:16 - 000000000 ____D C:\Users\ADM-ll\Documents\Programas
2019-12-11 04:46 - 2019-07-10 23:01 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-12-11 04:46 - 2019-07-10 23:01 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-12-11 04:46 - 2019-07-10 23:01 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-11 04:46 - 2019-07-10 23:01 - 000004290 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-12-11 04:46 - 2019-07-10 23:01 - 000000000 ____D C:\Windows\system32\Macromed
2019-12-10 21:20 - 2019-10-07 14:15 - 000004454 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-10 17:59 - 2019-05-20 07:32 - 000003086 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2019-12-10 16:18 - 2019-09-26 14:45 - 000000075 _____ C:\Users\ADM-ll\Documents\Taurus.txt
2019-12-10 10:41 - 2019-11-07 13:48 - 000001944 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-12-10 10:41 - 2019-11-07 13:48 - 000001944 _____ C:\ProgramData\Desktop\NordVPN.lnk
2019-12-10 10:41 - 2019-09-30 16:44 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\NordVPN
2019-12-10 10:41 - 2019-09-30 15:12 - 000000000 ____D C:\Program Files\NordVPN
2019-12-08 10:19 - 2019-10-01 13:48 - 000000000 ____D C:\Users\ADM-ll\Documents\Nueva carpeta
2019-12-08 10:19 - 2019-02-26 17:41 - 000000482 _____ C:\DelFix.txt
2019-12-07 17:28 - 2019-10-28 10:43 - 000000048 _____ C:\Users\ADM-ll\Documents\spm.txt
2019-12-06 22:57 - 2018-12-04 16:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\PrivaZer
2019-12-06 21:23 - 2019-01-03 12:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-12-06 19:35 - 2018-12-03 18:03 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Foxit Software
2019-12-06 19:34 - 2019-10-21 14:25 - 000000000 ____D C:\ProgramData\Foxit Software
2019-12-06 13:23 - 2018-12-11 10:55 - 000000079 _____ C:\Windows\wininit.ini
2019-12-04 13:24 - 2019-11-04 11:28 - 000000000 ____D C:\Users\ADM-ll\Downloads\Doom
2019-11-27 23:23 - 2019-07-10 22:59 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\Adobe
2019-11-19 12:43 - 2009-07-13 22:04 - 000454085 ____R C:\Windows\system32\Drivers\etc\hosts.20191202-161054.backup

==================== Files in the root of some directories ========

2018-12-03 18:53 - 2018-12-03 18:53 - 000001111 _____ () C:\Users\ADM-ll\AppData\Local\gamma_ramp.reg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2019
Ran by ADM-ll (15-12-2019 19:35:27)
Running from C:\Users\ADM-ll\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-12-03 00:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADM-ll (S-1-5-21-2707563477-1181458908-4289881501-1000 - Administrator - Enabled) => C:\Users\ADM-ll
Administrador (S-1-5-21-2707563477-1181458908-4289881501-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2707563477-1181458908-4289881501-1002 - Limited - Enabled)
Invitado (S-1-5-21-2707563477-1181458908-4289881501-501 - Limited - Disabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version:  - )
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bandicam (HKLM\...\Bandicam) (Version: 4.5.3.1608 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandicam.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.7.0.29455 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 79.0.3945.79 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.57 - McAfee, LLC.)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 71.0 (x86 en-US) (HKLM\...\Mozilla Firefox 71.0 (x86 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NordVPN (HKLM\...\{47FBE712-2DFF-4298-8F97-70D88FF5A58E}) (Version: 6.26.6 - NordVPN) Hidden
NordVPN (HKLM\...\NordVPN 6.26.6) (Version: 6.26.6 - NordVPN)
NordVPN network TAP (HKLM\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.7 - Steganos Software GmbH)
Opera Stable 65.0.3467.72 (HKLM\...\Opera 65.0.3467.72) (Version: 65.0.3467.72 - Opera Software)
PeaZip 6.9.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.9.1 - Giorgio Tani)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.) Hidden
PotPlayer (HKLM\...\PotPlayer) (Version: 191211 - Kakao Corp.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.81.0 - Goversoft LLC)
qBittorrent 4.2.0 (HKLM\...\qBittorrent) (Version: 4.2.0 - The qBittorrent project)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VIA/S3G Display Driver 6.14.10.0359 (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version:  - )
Yu-Gi-Oh! MythOfAtem v 3.0 (HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Yu-Gi-Oh! MythOfAtem v 3.0) (Version:  - )
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (HKLM\...\{336DD6B4-B100-4048-B2B7-FBA7059FD959}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (HKLM\...\{485C9280-B899-4D46-86F3-B3E459636EE5}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY 2.0 (HKLM\...\{7F23ED88-D755-4A3A-AB04-E909C7C0330A}) (Version: 2.00.0000 - KONAMI)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

Aqui están los infornes de Farbar. Disculpa la denora.

Hola @Jaime64

Revisa el reporte de Addition que colocaste por que al final le falta una parte.

Salu2

El informe finaliza allí, en determinado momento Farbar se colgó, tal vez deba reinstalarlo e intentarlo de nuevo…

Hola @Jaime64

Elimina el ejecutable de Frst de tu escritorio, vuelve a descargarlo y ejecutarlo.

Pegas los reportes de acuerdo a la Guía Como pegar los reportes, pero esta vez utiliza el Método 4.

Salu2.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2019
Ran by ADM-ll (administrator) on ADM-LL-PC (BIOSTAR Group P4M89-M7B) (19-12-2019 20:56:53)
Running from C:\Users\ADM-ll\Desktop
Loaded Profiles: ADM-ll (Available Profiles: ADM-ll & Invitado)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Mega Limited -> Mega Limited) C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\PAStiSvc.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.) C:\Windows\System32\VTTrayp.exe
(Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.) C:\Windows\System32\VTTimer.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\Notifier.exe
(Steganos Software GmbH -> Steganos Software GmbH) C:\Program Files\OkayFreedom\OkayFreedomService.exe
(TEFINCOM S.A. -> ) C:\Program Files\NordVPN\nordvpn-service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VTTimer] => C:\Windows\system32\VTTimer.exe [53248 2006-09-21] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics, Inc.)
HKLM\...\Run: [VTTrayp] => C:\Windows\system32\VTtrayp.exe [176128 2007-02-06] (Microsoft Windows Hardware Compatibility Publisher -> S3 Graphics Co., Ltd.)
HKLM\...\Run: [snpstd] => C:\Windows\vsnpstd.exe [339968 2005-10-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [OKAYFREEDOM Notifier] => C:\Program Files\OkayFreedom\Notifier.exe [4528120 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files\OkayFreedom\OkayFreedomClient.exe [7516152 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-17] (Google LLC -> Google LLC)
Startup: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-06-04]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {223CDF49-F75B-4D20-A61C-DFBE958CF008} - \{C019E3AC-4A62-442F-A8F9-A809428A0BCB} -> No File <==== ATTENTION
Task: {2444824D-84A0-49B5-9F76-7BF463E80C23} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1542536 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {305E713F-C588-47FC-8FD6-6A24F40EA8EF} - \{930691F8-3F6D-4037-ABA4-C70E99C382F4} -> No File <==== ATTENTION
Task: {3322BD21-D023-44EC-92B6-C5DDD1684D3F} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files\PrivaZer\PrivaZer.exe [17345144 2019-11-02] (Goversoft LLC -> Goversoft LLC)
Task: {346F6EC4-05B0-448B-A8B8-C514489E63D4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe [1457720 2019-12-10] (Adobe Inc. -> Adobe)
Task: {36357D70-339B-45DA-B838-8188B1CDBC3C} - \{E239BC8F-9439-4779-B8AB-D19DC9E7F85B} -> No File <==== ATTENTION
Task: {373FB0FA-267B-4BBD-83F2-B5263AC382F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-12-14] (Google Inc -> Google Inc.)
Task: {5508A693-0760-4C04-A0C2-6A430397F8D7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2707563477-1181458908-4289881501-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2576384 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {6FBC92E4-931E-4DE3-8599-271592277118} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_303_pepper.exe [1453112 2019-12-11] (Adobe Inc. -> Adobe)
Task: {993B15C2-E666-4DFC-B441-077B0AA9D20D} - \{11118543-EB2F-4408-95F5-678A1332DF7D} -> No File <==== ATTENTION
Task: {AB0FBB04-47B5-4192-94BA-D758A4DBC7E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2019-12-14] (Google Inc -> Google Inc.)
Task: {ABAD3AE3-BA09-4B24-B3FC-E4851BA8A5C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-12-11] (Adobe Inc. -> Adobe)
Task: {D56AB6EB-AC6B-4CA2-9937-7044979DD940} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {D8D58DF4-C4D3-46EF-A1E9-DE57246303C4} - System32\Tasks\Opera scheduled Autoupdate 1543873804 => c:\program files\opera\launcher.exe [1346584 2019-12-19] (Opera Software AS -> Opera Software)
Task: {F159A567-2F65-44DD-808D-9AFD66D52BAA} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2707563477-1181458908-4289881501-1000 => C:\Users\ADM-ll\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-09-27] (Mega Limited -> Mega Limited)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7CF52F30-F611-40F7-A761-0454563ED30E}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A6AB16E2-95EC-4122-8C42-858AB1EBA06D}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{DC353FDA-719D-4262-8E14-F5FB49B22199}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-12-13] (McAfee, LLC -> McAfee, Inc.)

FireFox:
========
FF DefaultProfile: w5oi6h56.default-1551223974728
FF ProfilePath: C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 [2019-12-19]
FF Homepage: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728 -> hxxps://maranhesduve.club; hxxps://subtitlesplus.com; hxxps://www.abc.es; hxxps://www.youtube.com; hxxps://forospyware.com; hxxps://www.xvideos.com
FF Extension: (Avira Navegación segura) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (media-capture) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (HTTPS Everywhere) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-11-18]
FF Extension: (Español (México) Language Pack) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-06]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-13]
FF Extension: (TrafficLight) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-18]
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-14]
FF Extension: (square red) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{8de1c33e-d562-43ef-9122-6cfb439df06c}.xpi [2019-05-13]
FF Extension: (Video DownloadHelper) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-07-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-12-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-10] (Adobe Inc. -> )
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Profile: C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default [2019-12-19]
CHR Extension: (TrafficLight) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2019-12-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\ADM-ll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera: 
=======
OPR Extension: (TrafficLight) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfnpidifppmenkapgihekkeednfoenal [2019-12-18]
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2019-11-23]
OPR Extension: (Simple Video Downloader) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\hjcafkocoibofnjmeggflaafoimajanb [2019-12-19]
OPR Extension: (Dailymotion Video Downloader) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\kagkcnmcjinolcgoanmodncaddocbahi [2019-10-08]
OPR Extension: (Install Chrome Extensions) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [373928 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5570712 2019-12-14] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [689872 2019-12-13] (McAfee, LLC -> McAfee, Inc.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [222240 2019-12-19] (TEFINCOM S.A. -> )
R2 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [295944 2019-11-04] (Steganos Software GmbH -> Steganos Software GmbH)
R2 STI Simulator; C:\Windows\System32\PAStiSvc.exe [53248 2005-01-14] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 UDisk Monitor Driver; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [577536 2012-09-29] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [45528 2018-06-15] (AnchorFree Inc -> The OpenVPN Project)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [411088 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-02-27] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-13] (Microsoft Windows -> VIA Technologies, Inc. )
S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2011-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [183048 2019-12-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [243800 2019-12-19] (Malwarebytes Inc -> Malwarebytes)
S3 PAC207; C:\Windows\System32\DRIVERS\pfc027.sys [162176 2005-04-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23552 2019-04-23] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [31496 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [281856 2007-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Copyright (C) VIA/S3 Graphics Co, Ltd.)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [9216 2007-03-29] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-19 20:56 - 2019-12-19 20:58 - 000019386 _____ C:\Users\ADM-ll\Desktop\FRST.txt
2019-12-19 20:52 - 2019-12-19 20:52 - 001992192 _____ (Farbar) C:\Users\ADM-ll\Desktop\FRST.exe
2019-12-19 20:27 - 2019-12-14 19:34 - 000305032 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-12-19 20:22 - 2019-12-19 20:22 - 000243800 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-12-19 18:50 - 2019-12-19 18:50 - 000000000 ____D C:\Program Files\Faronics
2019-12-19 16:56 - 2019-12-19 16:56 - 000138760 _____ C:\Windows\Minidump\121919-43992-01.dmp
2019-12-19 16:49 - 2019-12-19 16:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2019-12-19 09:49 - 2019-12-19 09:49 - 000183048 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-12-15 23:16 - 2019-12-15 23:16 - 000138760 _____ C:\Windows\Minidump\121519-37674-01.dmp
2019-12-15 10:55 - 2019-12-15 10:55 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Google
2019-12-14 19:57 - 2019-12-15 11:15 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\Google
2019-12-14 19:56 - 2019-12-17 16:10 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-14 19:56 - 2019-12-17 16:10 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-14 19:56 - 2019-12-17 16:10 - 000002127 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-14 19:50 - 2019-12-18 23:24 - 000003460 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 19:50 - 2019-12-18 23:24 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-14 19:41 - 2019-12-19 20:28 - 000002079 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2019-12-14 19:41 - 2019-12-19 20:28 - 000002079 _____ C:\ProgramData\Desktop\Avast Premium Security.lnk
2019-12-14 19:41 - 2019-12-14 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-12-14 19:35 - 2019-12-18 23:24 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-12-14 19:34 - 2019-12-19 20:27 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-12-14 19:34 - 2019-12-14 19:34 - 000691528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000411088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000394856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000277408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000224008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000176760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000174712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000169408 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000145048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000095168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000073312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000059368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000041200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000036104 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2019-12-14 19:34 - 2019-12-14 19:34 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-12-14 19:28 - 2019-12-14 19:28 - 000000000 ____D C:\Program Files\AVAST Software
2019-12-14 17:50 - 2019-12-14 17:50 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-12-14 17:50 - 2019-12-14 17:50 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-12-14 17:50 - 2019-12-14 17:50 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\mbam
2019-12-14 17:50 - 2019-12-14 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-12-14 17:49 - 2019-12-18 10:01 - 000129056 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-12-14 17:49 - 2019-12-14 17:49 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-12-14 17:43 - 2019-12-14 17:43 - 000000000 ____D C:\Program Files\Malwarebytes
2019-12-14 16:59 - 2019-12-14 16:59 - 000138568 _____ C:\Windows\Minidump\121419-40107-01.dmp
2019-12-14 16:56 - 2019-12-14 16:56 - 000265846 _____ C:\Windows\ntbtlog.txt
2019-12-13 22:49 - 2019-12-15 15:37 - 000000000 ____D C:\Users\ADM-ll\Downloads\The Heretics (2017) [BluRay] [1080p] [YTS.AM]
2019-12-13 22:14 - 2019-12-15 23:04 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\qBittorrent
2019-12-13 22:14 - 2019-12-13 22:15 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\qBittorrent
2019-12-13 22:11 - 2019-12-13 22:11 - 000001023 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2019-12-13 22:11 - 2019-12-13 22:11 - 000001023 _____ C:\ProgramData\Desktop\qBittorrent.lnk
2019-12-13 22:11 - 2019-12-13 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2019-12-13 22:11 - 2019-12-13 22:11 - 000000000 ____D C:\Program Files\qBittorrent
2019-12-13 16:12 - 2019-12-13 16:12 - 000000000 ____D C:\Program Files\McAfee
2019-12-13 16:10 - 2019-12-13 16:10 - 000000000 ____D C:\ProgramData\McAfee
2019-12-12 20:12 - 2019-12-12 20:12 - 000052815 _____ C:\Users\ADM-ll\Downloads\The Convent (2018) [BluRay] [1080p] [YTS.LT].torrent
2019-12-12 14:36 - 2019-12-05 21:40 - 000472064 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2019-12-12 14:36 - 2019-11-27 23:33 - 000069048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-12-12 14:36 - 2019-11-27 23:32 - 004061616 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2019-12-12 14:36 - 2019-11-27 23:32 - 003967416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-12-12 14:36 - 2019-11-27 23:32 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000191416 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000138192 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2019-12-12 14:36 - 2019-11-27 23:32 - 000137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-12-12 14:36 - 2019-11-27 23:31 - 001316424 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 001072640 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000307200 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 23:04 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-12-12 14:36 - 2019-11-27 23:04 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-12-12 14:36 - 2019-11-27 23:04 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-12-12 14:36 - 2019-11-27 23:04 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-12-12 14:36 - 2019-11-27 23:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-12-12 14:36 - 2019-11-27 23:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-12-12 14:36 - 2019-11-27 23:02 - 002407424 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-12-12 14:36 - 2019-11-27 23:02 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-12-12 14:36 - 2019-11-27 23:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-12-12 14:36 - 2019-11-27 23:01 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-12-12 14:36 - 2019-11-27 22:59 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-12-12 14:36 - 2019-11-27 22:58 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-12-12 14:36 - 2019-11-27 22:57 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-12-12 14:36 - 2019-11-27 22:57 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-12-12 14:36 - 2019-11-27 22:57 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-12-12 14:36 - 2019-11-27 22:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-12-12 14:36 - 2019-11-26 16:22 - 000532192 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-12-12 14:36 - 2019-11-23 02:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-12-12 14:36 - 2019-11-20 22:16 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-12-12 14:36 - 2019-11-19 04:17 - 020290048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-12-12 14:36 - 2019-11-19 04:11 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-12-12 14:36 - 2019-11-19 04:11 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-12-12 14:36 - 2019-11-19 03:59 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-12-12 14:36 - 2019-11-19 03:58 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-12-12 14:36 - 2019-11-19 03:58 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-12-12 14:36 - 2019-11-19 03:57 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-12-12 14:36 - 2019-11-19 03:56 - 002304000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-12-12 14:36 - 2019-11-19 03:53 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-12-12 14:36 - 2019-11-19 03:52 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-12-12 14:36 - 2019-11-19 03:50 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000662528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-12-12 14:36 - 2019-11-19 03:49 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-12-12 14:36 - 2019-11-19 03:49 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-12-12 14:36 - 2019-11-19 03:43 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-12-12 14:36 - 2019-11-19 03:40 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-12-12 14:36 - 2019-11-19 03:36 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-12-12 14:36 - 2019-11-19 03:36 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-12-12 14:36 - 2019-11-19 03:35 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-12-12 14:36 - 2019-11-19 03:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-12-12 14:36 - 2019-11-19 03:33 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-12-12 14:36 - 2019-11-19 03:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-12-12 14:36 - 2019-11-19 03:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-12-12 14:36 - 2019-11-19 03:26 - 004112384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-12-12 14:36 - 2019-11-19 03:24 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-12-12 14:36 - 2019-11-19 03:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-12-12 14:36 - 2019-11-19 03:23 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-12-12 14:36 - 2019-11-19 03:23 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-12-12 14:36 - 2019-11-19 03:22 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-12-12 14:36 - 2019-11-19 03:20 - 013838336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-12-12 14:36 - 2019-11-19 03:05 - 004387840 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-12-12 14:36 - 2019-11-19 03:01 - 001331712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-12-12 14:36 - 2019-11-19 03:00 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-12-12 14:36 - 2019-11-14 22:32 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 001425920 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 001330176 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000583680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000479232 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-12-12 14:36 - 2019-11-14 22:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-12-12 14:36 - 2019-11-14 22:13 - 000448000 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2019-12-12 14:36 - 2019-11-14 22:13 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2019-12-12 14:36 - 2019-11-14 22:04 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2019-12-12 14:36 - 2019-11-14 21:59 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-12-12 14:36 - 2019-11-14 21:59 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2019-12-12 14:36 - 2019-11-14 21:55 - 000258048 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2019-12-12 14:36 - 2019-11-05 17:27 - 000137144 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-12-12 14:36 - 2019-10-25 20:17 - 001465344 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-12-11 22:06 - 2019-12-11 22:06 - 001397304 _____ (Google LLC) C:\Users\ADM-ll\Downloads\ChromeSetup.exe
2019-12-11 10:34 - 2019-11-14 21:58 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-12-08 20:12 - 2019-12-08 20:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\cache
2019-12-08 10:48 - 2019-12-19 20:57 - 000000000 ____D C:\FRST
2019-12-08 10:18 - 2019-12-08 10:18 - 000000000 ____D C:\Windows\ERUNT
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000002095 _____ C:\ProgramData\Desktop\Foxit Reader.lnk
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2019-12-06 19:35 - 2019-12-06 19:35 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2019-12-06 18:01 - 2019-12-06 18:01 - 000000000 __SHD C:\found.001
2019-12-04 10:44 - 2019-12-04 10:44 - 000000000 __SHD C:\found.000
2019-12-02 13:34 - 2019-12-02 13:35 - 000067122 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay]..1080p..[YTS.LT].torrent
2019-12-01 18:03 - 2019-12-01 18:04 - 000038179 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Rambo.Last.Blood..2019..[BluRay].[720p].[YTS.LT].torrent
2019-11-27 18:31 - 2019-11-27 18:31 - 000017862 _____ C:\Users\ADM-ll\Downloads\[limetorrents.info]Greta.2018.1080p.Dual.Lat.Cinecalidad.torrent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-12-19 20:32 - 2018-12-03 17:50 - 000003836 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1543873804
2019-12-19 20:32 - 2018-12-03 17:49 - 000000000 ____D C:\Program Files\Opera
2019-12-19 20:29 - 2019-06-24 11:49 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\AVAST Software
2019-12-19 20:29 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-12-19 20:29 - 2009-07-14 00:34 - 000021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-12-19 20:21 - 2009-07-14 00:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-12-19 17:03 - 2019-08-01 11:09 - 000000000 _____ C:\Windows\system32\last.dump
2019-12-19 17:02 - 2019-05-28 11:30 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\CrashDumps
2019-12-19 16:56 - 2018-12-02 20:58 - 000000000 ____D C:\Windows\Minidump
2019-12-19 16:49 - 2019-11-07 13:48 - 000001944 _____ C:\Users\Public\Desktop\NordVPN.lnk
2019-12-19 16:49 - 2019-11-07 13:48 - 000001944 _____ C:\ProgramData\Desktop\NordVPN.lnk
2019-12-19 16:49 - 2019-09-30 16:44 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\NordVPN
2019-12-19 16:49 - 2019-09-30 15:12 - 000000000 ____D C:\Program Files\NordVPN
2019-12-19 11:19 - 2011-04-11 21:30 - 000747396 _____ C:\Windows\system32\perfh00A.dat
2019-12-19 11:19 - 2011-04-11 21:30 - 000158868 _____ C:\Windows\system32\perfc00A.dat
2019-12-19 11:19 - 2010-11-20 17:01 - 001676890 _____ C:\Windows\system32\PerfStringBackup.INI
2019-12-19 11:19 - 2009-07-13 22:37 - 000000000 ____D C:\Windows\inf
2019-12-18 23:24 - 2019-10-07 14:15 - 000004454 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-18 23:24 - 2019-07-10 23:01 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2019-12-18 23:24 - 2019-07-10 23:01 - 000004290 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-12-18 23:24 - 2019-05-20 07:32 - 000003086 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2019-12-18 20:32 - 2019-01-02 14:25 - 000000000 ____D C:\Users\ADM-ll\AppData\LocalLow\Mozilla
2019-12-16 07:55 - 2019-03-02 15:52 - 000000187 _____ C:\Users\ADM-ll\Documents\cl.txt
2019-12-16 00:04 - 2018-12-04 16:12 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\PrivaZer
2019-12-14 19:56 - 2018-12-03 17:54 - 000000000 ____D C:\Program Files\Google
2019-12-14 19:41 - 2019-08-16 15:38 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\AVAST Software
2019-12-14 19:27 - 2019-06-24 11:38 - 000000000 ____D C:\ProgramData\AVAST Software
2019-12-14 19:11 - 2018-12-02 22:18 - 000001912 _____ C:\Windows\epplauncher.mif
2019-12-14 17:38 - 2009-07-14 00:53 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-12-14 10:52 - 2019-06-25 13:36 - 000000950 _____ C:\Users\Public\Desktop\Bandicam.lnk
2019-12-14 10:52 - 2019-06-25 13:36 - 000000950 _____ C:\ProgramData\Desktop\Bandicam.lnk
2019-12-14 10:51 - 2019-06-25 13:36 - 000000000 ____D C:\Program Files\BandiMPEG1
2019-12-14 10:51 - 2019-06-25 13:36 - 000000000 ____D C:\Program Files\Bandicam
2019-12-13 22:41 - 2019-08-19 14:02 - 000000000 ____D C:\Users\ADM-ll\Downloads\Nueva carpeta
2019-12-13 16:10 - 2019-10-01 20:00 - 000001120 _____ C:\Users\Public\Desktop\PotPlayer.lnk
2019-12-13 16:10 - 2019-10-01 20:00 - 000001120 _____ C:\ProgramData\Desktop\PotPlayer.lnk
2019-12-12 16:29 - 2019-08-12 22:27 - 000425304 _____ (Secure By Design Inc.) C:\Users\ADM-ll\Downloads\Ninite Chrome Installer.exe
2019-12-12 15:26 - 2019-11-02 22:10 - 000267528 _____ C:\Windows\system32\FNTCACHE.DAT
2019-12-11 13:29 - 2018-12-03 08:00 - 000000000 ____D C:\Windows\system32\MRT
2019-12-11 13:29 - 2018-12-03 07:59 - 126061744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-12-11 12:53 - 2018-12-02 22:16 - 000000000 ____D C:\Users\ADM-ll\Documents\Programas
2019-12-11 04:46 - 2019-07-10 23:01 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-12-11 04:46 - 2019-07-10 23:01 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-12-11 04:46 - 2019-07-10 23:01 - 000000000 ____D C:\Windows\system32\Macromed
2019-12-10 16:18 - 2019-09-26 14:45 - 000000075 _____ C:\Users\ADM-ll\Documents\Taurus.txt
2019-12-08 10:19 - 2019-10-01 13:48 - 000000000 ____D C:\Users\ADM-ll\Documents\Nueva carpeta
2019-12-08 10:19 - 2019-02-26 17:41 - 000000482 _____ C:\DelFix.txt
2019-12-07 17:28 - 2019-10-28 10:43 - 000000048 _____ C:\Users\ADM-ll\Documents\spm.txt
2019-12-06 21:23 - 2019-11-18 11:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-06 21:23 - 2019-01-03 12:38 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-12-06 19:35 - 2018-12-03 18:03 - 000000000 ____D C:\Users\ADM-ll\AppData\Roaming\Foxit Software
2019-12-06 19:34 - 2019-10-21 14:25 - 000000000 ____D C:\ProgramData\Foxit Software
2019-12-06 13:23 - 2018-12-11 10:55 - 000000079 _____ C:\Windows\wininit.ini
2019-12-04 13:24 - 2019-11-04 11:28 - 000000000 ____D C:\Users\ADM-ll\Downloads\Doom
2019-11-27 23:23 - 2019-07-10 22:59 - 000000000 ____D C:\Users\ADM-ll\AppData\Local\Adobe
2019-11-19 12:43 - 2009-07-13 22:04 - 000454085 ____R C:\Windows\system32\Drivers\etc\hosts.20191202-161054.backup

==================== Files in the root of some directories ========

2018-12-03 18:53 - 2018-12-03 18:53 - 000001111 _____ () C:\Users\ADM-ll\AppData\Local\gamma_ramp.reg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-10-20 17:44
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-12-2019
Ran by ADM-ll (19-12-2019 20:59:17)
Running from C:\Users\ADM-ll\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-12-03 00:31:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADM-ll (S-1-5-21-2707563477-1181458908-4289881501-1000 - Administrator - Enabled) => C:\Users\ADM-ll
Administrador (S-1-5-21-2707563477-1181458908-4289881501-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2707563477-1181458908-4289881501-1002 - Limited - Enabled)
Invitado (S-1-5-21-2707563477-1181458908-4289881501-501 - Limited - Disabled) => C:\Users\Invitado

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(Street-Boy) All Cards Unlocker (HKLM\...\(Street-Boy) All Cards Unlocker) (Version: 2.0 - )
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version:  - )
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bandicam (HKLM\...\Bandicam) (Version: 4.5.3.1608 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - Bandicam.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.7.0.29455 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.57 - McAfee, LLC.)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.8 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 71.0 (x86 en-US) (HKLM\...\Mozilla Firefox 71.0 (x86 en-US)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0.0.7275 - Mozilla)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version:  - )
NordVPN (HKLM\...\{1F65DF2C-97B0-402F-A484-FDEC48DB63A1}) (Version: 6.26.7 - NordVPN) Hidden
NordVPN (HKLM\...\NordVPN 6.26.7) (Version: 6.26.7 - NordVPN)
NordVPN network TAP (HKLM\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.8.7 - Steganos Software GmbH)
Opera Stable 65.0.3467.78 (HKLM\...\Opera 65.0.3467.78) (Version: 65.0.3467.78 - Opera Software)
PeaZip 6.9.1 (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.9.1 - Giorgio Tani)
Platform (HKLM\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.) Hidden
PotPlayer (HKLM\...\PotPlayer) (Version: 191211 - Kakao Corp.)
PrivaZer (HKLM\...\PrivaZer) (Version: 3.0.81.0 - Goversoft LLC)
qBittorrent 4.2.0 (HKLM\...\qBittorrent) (Version: 4.2.0 - The qBittorrent project)
Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Administrador de dispositivos de plataforma (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.24 - VIA Technologies, Inc.)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
VIA/S3G Display Driver 6.14.10.0359 (HKLM\...\VIA/S3G UniChrome Family Win2K/XP/Server2003 Display) (Version:  - )
Yu-Gi-Oh! MythOfAtem v 3.0 (HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\Yu-Gi-Oh! MythOfAtem v 3.0) (Version:  - )
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (HKLM\...\{336DD6B4-B100-4048-B2B7-FBA7059FD959}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE (HKLM\...\{485C9280-B899-4D46-86F3-B3E459636EE5}) (Version: 1.00.0000 - KONAMI)
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY 2.0 (HKLM\...\{7F23ED88-D755-4A3A-AB04-E909C7C0330A}) (Version: 2.00.0000 - KONAMI)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ADM-ll\AppData\Local\MEGAsync\ShellExtX32.dll [2019-09-27] (Mega Limited -> )
ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-12-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2019-09-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-40DE-9C87-4D6EBCC76682} => C:\Program Files\PrivaZer\PrivaMenu6.dll [2019-09-29] (Goversoft LLC -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ADM-ll\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-10-16 00:32 - 2019-10-16 00:32 - 000262656 _____ () [File not signed] C:\Program Files\NordVPN\x86\Liberation.Native.Firewall.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qgif.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000033280 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qicns.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qico.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qjpeg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qsvg.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000020992 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qtga.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000316416 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qtiff.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000019968 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qwbmp.dll
2017-09-14 02:42 - 2017-09-14 02:42 - 000322560 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\imageformats\qwebp.dll
2017-09-14 02:37 - 2017-09-14 02:37 - 001010688 _____ (The Qt Company Ltd) [File not signed] C:\Users\ADM-ll\AppData\Local\MEGAsync\platforms\qwindows.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DFServ => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.

IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\...\123simsen.com -> www.123simsen.com

There are 7945 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-08 10:57 - 2019-12-08 10:57 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2707563477-1181458908-4289881501-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADM-ll\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{018DEE5B-7D1F-4E54-B96B-83114FAFC76A}] => (Allow) C:\Program Files\Opera\65.0.3467.72\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7FBFA8B4-B7B2-4D2F-8BFA-FBA3FD2A0417}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{FBD73643-1A6F-4C4C-8ED4-26C4E7EE613E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0BAE9A1C-EE2E-4DB4-955F-131ADEBFC2DF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CEA0AD92-2E7B-41C2-B063-8B547D6AF230}] => (Allow) c:\program files\opera\65.0.3467.78\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

13-12-2019 21:24:28 Revo Uninstaller's restore point - qBittorrent 3.0.5
13-12-2019 21:26:39 Revo Uninstaller's restore point - Google Chrome
13-12-2019 21:27:05 Removed Google Chrome
14-12-2019 04:06:50 Revo Uninstaller's restore point - VLC media player
14-12-2019 10:38:23 Revo Uninstaller's restore point - Google Chrome
14-12-2019 10:38:54 Removed Google Chrome
14-12-2019 17:03:35 Revo Uninstaller's restore point - Malwarebytes version 4.0.4.49
14-12-2019 17:06:37 Revo Uninstaller's restore point - Avast Secure Browser
14-12-2019 18:22:07 Revo Uninstaller's restore point - Avast Premium Security

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/19/2019 08:58:27 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 08:50:29 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 08:42:27 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 08:37:38 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: No se pueden leer los datos de rendimiento para el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 08:36:28 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 08:34:07 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: No se pueden leer los datos de rendimiento para el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 06:49:50 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: No se pueden leer los datos de rendimiento de la cola del servidor desde el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.

Error: (12/19/2019 06:43:54 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: No se pueden leer los datos de rendimiento para el servicio del servidor. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de estado, los próximos cuatro bytes contienen IOSB.Status y los siguientes cuatro bytes contienen IOSB.Information.


System errors:
=============
Error: (12/19/2019 08:23:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Escucha de Grupo Hogar depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Escucha de Grupo Hogar depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Escucha de Grupo Hogar depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

Error: (12/19/2019 08:23:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: El servicio Examinador de equipos depende del servicio Servidor, el cual no pudo iniciarse debido al siguiente error: 
No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.


Windows Defender:
===================================
Date: 2019-03-16 21:37:27.074
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{374B5416-D844-4399-94CB-322BA1FE902A}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:ADM-ll-PC\ADM-ll

Date: 2019-03-04 05:43:31.745
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen:{62CCDAC8-1779-4BF6-B58B-81DABFDC7351}
Tipo de examen:AntiSpyware
Parámetros de examen:Examen rápido
Usuario:NT AUTHORITY\Servicio de red

Date: 2019-07-13 11:03:38.989
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

Date: 2019-05-28 13:57:15.412
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará restablecer un conjunto de firmas conocidas.
Firmas intentadas:Actual
Código de error:0x80070002
Descripción de error:El sistema no puede encontrar el archivo especificado. 
Versión de firma:0.0.0.0
Versión de motor:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 10:00:46.297
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.155
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-21 09:57:28.140
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2019-07-17 05:29:35.754
Description: 
Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info =========================== 

BIOS: Phoenix Technologies, LTD 6.00 PG 08/02/2007
Motherboard: BIOSTAR Group P4M89-M7B
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 72%
Total physical RAM: 1982.49 MB
Available physical RAM: 549.97 MB
Total Virtual: 3964.98 MB
Available Virtual: 2199.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:79.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: CFBBCFBB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Aquí están los informes de Farbar,

Hola @Jaime64

Mientras analizo los reportes, confirma si aun sigues teniendo problemas con el navegador?

Salu2

Pude iniciar sesión en Google Chrome, pero mis marcadores y contraseñas desaparecieron.No ha vuelto a salir el mensaje de Avast.

Hola @Jaime64

Oportunamente te indique:

Si no los exportaste se pierden.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:

Start
CloseProcesses:
CreateRestorePoint:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {223CDF49-F75B-4D20-A61C-DFBE958CF008} - \{C019E3AC-4A62-442F-A8F9-A809428A0BCB} -> No File <==== ATTENTION
Task: {305E713F-C588-47FC-8FD6-6A24F40EA8EF} - \{930691F8-3F6D-4037-ABA4-C70E99C382F4} -> No File <==== ATTENTION
Task: {36357D70-339B-45DA-B838-8188B1CDBC3C} - \{E239BC8F-9439-4779-B8AB-D19DC9E7F85B} -> No File <==== ATTENTION
Task: {993B15C2-E666-4DFC-B441-077B0AA9D20D} - \{11118543-EB2F-4408-95F5-678A1332DF7D} -> No File <==== ATTENTION
FF Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Mozilla\Firefox\Profiles\w5oi6h56.default-1551223974728\Extensions\[email protected] [2019-12-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
OPR Extension: (Avast Online Security) - C:\Users\ADM-ll\AppData\Roaming\Opera Software\Opera Stable\Extensions

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Nos comentas como sigue el equipo para ir dando por resuelto el tema.

Salu2.