Me apareció extensión .Fordan en algunos archivos - Stop Ransomware

Eso lo hice antes de pedir ayuda al foro, pero los siete archivos infectados que yo pude observar quedaron intactos.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2019
Ran by Gabmer (administrator) on GABMER-PC (20-06-2019 00:52:30)
Running from C:\Users\Gabmer\Downloads
Loaded Profiles: Gabmer (Available Profiles: Gabmer)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\vsnpstd3.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\System32\IoctlSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [226184 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16557632 2019-03-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [843776 2006-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {c98c15da-1545-11e8-8a3d-d050996057c9} - L:\setup.exe
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {e1da1e80-4e8f-11e9-84ec-d050996057c9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\74.0.1376.132\Installer\chrmstp.exe [2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-24]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {135C9FD3-37F7-4812-AA83-C7F1AB3E5C6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2693EC83-9D2D-42E9-914C-7B4897EFFB30} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {332ED328-9CA7-496A-9DFC-F317334DE4BF} - System32\Tasks\WebReg HP Deskjet F2200 series => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [1186304 2009-05-21] (Hewlett-Packard Company) [File not signed]
Task: {3445FC67-7466-4C27-840B-AEE79F1B4FBF} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {41C65449-5631-4254-AA92-B42608851FCB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {45393E56-A332-4D88-BB5D-DB45833B2469} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {666C14A6-15B4-40AC-98DC-8FD524E73EAE} - System32\Tasks\Avast Emergency Update
Task: {70A4288B-CC50-4A1D-AC04-883D981E3782} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7FBDCE88-81A5-4236-9BE9-5DA64AA38899} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E8C9F0-CDB4-4060-9B69-15C196244CC1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {B7B37631-8B34-4D65-847C-B55AAD96FB5D} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1398208 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {BA6E1092-089B-4BAF-8FEB-987152AB1E28} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\5.3.0\Scheduler.exe [147232 2018-01-26] (IObit Information Technology -> IObit)
Task: {BB253EB3-CFDE-4BB8-AF69-2817AB78ABB5} - System32\Tasks\Driver Booster SkipUAC (Gabmer) => C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe [6095120 2018-03-23] (IObit Information Technology -> IObit) [File not signed]
Task: {BEE1BF6A-B354-4B7E-9C0F-E7B592BD8E5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CFB3127C-8D61-4864-B3AE-C348F634F2D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1913648 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D66C714C-609F-4704-A56B-A9790E7485C1} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {DB4D9B5A-4F43-4BE6-BEE3-EE9976241AC3} - System32\Tasks\CorelUpdateHelperTaskCore
Task: {EB812888-CC9C-4F7F-B2E3-BE6613915F9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {FD5B8680-B46E-485D-8B2C-DC3F3307876E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {FF4A7420-071D-4A3B-BD5C-602F558BD8D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\WebReg HP Deskjet F2200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{0649FCB1-CFEE-4A41-8A62-4034D5607543}: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{47803BD5-405F-4097-81B5-A7211CBCFDE6}: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{87B292D6-7920-46E9-8205-675BE63DFF45}: [NameServer] 100.120.211.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ecffd0e.default-1518648877818
FF ProfilePath: C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818 [2019-06-20]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\[email protected] [2019-06-19]
FF Extension: (Avast Online Security) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\[email protected] [2019-06-19]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2018-02-09] [Legacy] [not signed]
FF HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5555320 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [359864 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [369776 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe [1079424 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [10282024 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
S4 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd -> Disc Soft Ltd)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 ICEsoundService; C:\Windows\system32\ICEsoundService.exe [513120 2019-03-08] (ICEpower a/s -> ICEpower a/s)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7038904 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
S2 symsrv; C:\Program Files\windows nt\symsrv.exe [145168 2019-05-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 rcdll; C:\Users\Gabmer\AppData\Local\Temp\rcdll.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [99240 2019-03-08] (Alcorlink Corp. -> )
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [173232 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225608 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [171520 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [56296 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [139352 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-04-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [404824 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783024 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [403680 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [167360 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-02-15] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [312248 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2018-02-19] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
R3 gMouUsb; C:\Windows\System32\DRIVERS\gMouUsb.sys [11520 2018-11-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2018-02-10] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2018-02-10] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [107168 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [559208 2018-02-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Sonix Co. Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2018-10-08] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-20 00:52 - 2019-06-20 00:55 - 000023329 _____ C:\Users\Gabmer\Downloads\FRST.txt
2019-06-20 00:51 - 2019-06-20 00:52 - 000000000 ____D C:\FRST
2019-06-20 00:38 - 2019-06-20 00:47 - 001770496 _____ (Farbar) C:\Users\Gabmer\Downloads\FRST.exe
2019-06-20 00:02 - 2019-06-20 00:02 - 000006502 _____ C:\Users\Gabmer\Desktop\Reporte Eset Online.txt
2019-06-19 19:29 - 2019-06-19 19:29 - 000000000 ____D C:\Users\Gabmer\AppData\Local\ESET
2019-06-19 18:56 - 2019-06-19 18:56 - 000002009 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2019-06-19 18:53 - 2019-05-20 15:12 - 000311176 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-19 03:13 - 2019-06-19 03:13 - 004972816 _____ C:\Users\Gabmer\Desktop\658562G516DO_Anexo.pdf
2019-06-18 19:47 - 2019-06-18 20:07 - 000068730 _____ C:\Users\Gabmer\Downloads\STOPDecrypter-log.txt
2019-06-18 19:47 - 2019-06-15 19:59 - 000004125 _____ C:\Users\Gabmer\Downloads\README.txt
2019-06-18 19:47 - 2019-06-15 19:34 - 002558464 _____ () C:\Users\Gabmer\Downloads\STOPDecrypter.exe
2019-06-18 19:46 - 2019-06-18 19:46 - 002458280 _____ C:\Users\Gabmer\Downloads\STOPDecrypter.zip
2019-06-18 19:21 - 2019-06-18 19:37 - 000000000 ____D C:\Program Files\Google
2019-06-18 19:21 - 2019-06-18 19:30 - 000000000 ____D C:\Users\Gabmer\AppData\Local\Google
2019-06-18 19:20 - 2019-06-18 19:20 - 005562976 _____ (Piriform Ltd) C:\Users\Gabmer\Downloads\rcsetup153.exe
2019-06-18 19:12 - 2019-06-18 19:13 - 010923240 _____ (SurfRight B.V.) C:\Users\Gabmer\Downloads\HitmanPro.exe
2019-06-18 15:47 - 2019-06-18 19:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-16 01:03 - 2019-06-16 01:03 - 000000000 ____D C:\Users\Gabmer\Downloads\res
2019-06-16 01:03 - 2017-12-02 19:13 - 007124992 _____ C:\Users\Gabmer\Downloads\HDDScan.exe
2019-06-16 01:02 - 2019-06-16 01:02 - 003830128 _____ C:\Users\Gabmer\Downloads\HDDScan.zip
2019-06-13 01:48 - 2019-06-13 01:48 - 000112420 _____ C:\Users\Gabmer\Downloads\Certificado SENA Toma de Decisiones en el Nivel Gerencial.pdf
2019-06-13 01:46 - 2019-06-13 01:46 - 000099680 _____ C:\Users\Gabmer\Downloads\Nota especial certificado Toma de Decisiones en el Nivel Gerencial.pdf
2019-06-03 17:16 - 2019-06-03 17:17 - 000013905 _____ C:\Users\Gabmer\Downloads\Chat venta cancelada disipador master cooler.html
2019-06-03 15:22 - 2019-06-03 15:22 - 000000000 _____ C:\storage.sqlite
2019-05-27 03:43 - 2019-05-27 03:43 - 000107168 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-05-27 03:22 - 2019-05-27 03:22 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-27 03:15 - 2019-05-27 03:15 - 000000000 ____D C:\Users\Gabmer\AppData\Local\mbamtray
2019-05-27 03:12 - 2019-05-27 03:12 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-27 03:12 - 2019-05-27 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-27 03:11 - 2019-05-27 03:22 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-05-24 14:04 - 2019-05-24 14:04 - 000001057 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2019-05-21 00:17 - 2019-06-07 04:58 - 000000000 ____D C:\Users\Gabmer\CmapToolsLogs
2019-05-21 00:17 - 2019-06-07 04:58 - 000000000 ____D C:\Users\Gabmer\AppData\Roaming\CmapTools
2019-05-21 00:17 - 2019-06-07 03:19 - 000000000 ____D C:\Users\Gabmer\Documents\My Cmaps
2019-05-21 00:16 - 2019-05-21 00:16 - 000002016 _____ C:\Users\Gabmer\Desktop\CmapTools.lnk
2019-05-21 00:10 - 2019-05-21 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2019-05-21 00:09 - 2019-05-21 00:10 - 000000000 ____D C:\Program Files\IHMC CmapTools
2019-05-21 00:06 - 2019-05-21 00:06 - 000000000 ____D C:\Users\Gabmer\Downloads\Cmaptools
2019-05-21 00:00 - 2019-05-21 00:01 - 000000000 ___HD C:\Program Files\Zero G Registry
2019-05-21 00:00 - 2019-05-21 00:00 - 000000000 ___HD C:\Users\Gabmer\InstallAnywhere

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-20 00:03 - 2019-02-22 00:03 - 000000000 ____D C:\GTA San Andreas
2019-06-20 00:03 - 2019-02-09 23:22 - 000000000 __SHD C:\found.005
2019-06-20 00:03 - 2019-02-09 19:46 - 000000000 __SHD C:\found.006
2019-06-20 00:03 - 2019-02-08 21:24 - 000000000 __SHD C:\found.004
2019-06-20 00:03 - 2019-01-26 00:06 - 000000000 __SHD C:\found.003
2019-06-20 00:03 - 2018-12-10 00:47 - 000000000 ____D C:\Temp
2019-06-20 00:03 - 2018-11-26 00:18 - 000000000 __SHD C:\found.002
2019-06-20 00:03 - 2018-11-25 23:46 - 000000000 __SHD C:\found.001
2019-06-20 00:03 - 2018-07-08 18:03 - 000000000 __SHD C:\found.000
2019-06-20 00:03 - 2018-02-21 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8
2019-06-20 00:03 - 2018-02-09 19:58 - 000000000 ____D C:\Users\Gabmer
2019-06-19 20:59 - 2018-02-10 14:38 - 000000000 ____D C:\Users\Gabmer\AppData\LocalLow\Mozilla
2019-06-19 18:59 - 2009-07-13 23:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-19 18:59 - 2009-07-13 23:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-19 18:56 - 2018-02-15 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-06-19 18:55 - 2018-02-15 00:16 - 000312248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-19 18:55 - 2018-02-15 00:16 - 000167360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-19 18:55 - 2018-02-15 00:16 - 000139352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-19 18:52 - 2018-04-11 16:38 - 000000000 ____D C:\Users\Gabmer\AppData\Local\AVAST Software
2019-06-19 18:50 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-19 17:18 - 2018-02-14 17:53 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-06-19 03:41 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2019-06-18 19:31 - 2018-02-15 23:00 - 000000000 ____D C:\Users\Gabmer\AppData\LocalLow\HPAppData
2019-06-18 19:10 - 2019-03-08 18:41 - 000000000 ____D C:\Users\Gabmer\Desktop\Cosas del escritorio
2019-06-18 18:26 - 2010-11-20 19:30 - 001957066 _____ C:\Windows\system32\perfh00A.dat
2019-06-18 18:26 - 2010-11-20 19:30 - 000553552 _____ C:\Windows\system32\perfc00A.dat
2019-06-18 18:26 - 2010-11-20 16:01 - 000006396 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-16 22:14 - 2018-02-10 01:02 - 000000000 ____D C:\Users\Gabmer\AppData\Local\ElevatedDiagnostics
2019-06-15 19:47 - 2018-02-09 22:56 - 000000000 ____D C:\Windows\system32\Macromed
2019-06-14 20:15 - 2018-02-27 19:46 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-11 13:52 - 2018-02-10 18:28 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-06-11 13:52 - 2018-02-10 18:28 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-06-11 13:10 - 2009-07-13 23:53 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-07 15:38 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2019-05-29 15:59 - 2019-05-09 00:58 - 000000000 ____D C:\ProgramData\{FC278B4D-89B6-27CC-CE94-4FABCE7316FA}
2019-05-29 15:59 - 2019-05-09 00:58 - 000000000 ____D C:\ProgramData\{D1E61DF6-1F0D-0A0D-7502-8E8675E5D7D7}
2019-05-28 14:51 - 2019-04-17 02:16 - 000002385 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-28 14:51 - 2019-04-17 02:16 - 000002342 ____H C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-05-27 00:47 - 2019-02-27 02:26 - 000000000 ____D C:\Users\Gabmer\Downloads\Telegram
2019-05-25 02:02 - 2019-05-16 04:21 - 000000000 ____D C:\Users\Gabmer\Downloads\Sena virtualActividad 1

==================== Files in the root of some directories ================

2019-05-09 01:08 - 2019-05-09 01:18 - 000000004 _____ () C:\ProgramData\lock.dat
2019-05-09 01:08 - 2019-05-09 01:08 - 000000008 _____ () C:\ProgramData\ts.dat
2019-05-09 01:00 - 2019-05-09 01:00 - 000054272 _____ () C:\Users\Gabmer\AppData\Local\ApplicationHosting.dat
2019-05-09 01:00 - 2019-05-09 01:00 - 054547712 _____ (Google Inc.) C:\Users\Gabmer\AppData\Local\ChromeSetup.exe
2019-05-09 00:59 - 2019-05-09 00:59 - 000140800 _____ () C:\Users\Gabmer\AppData\Local\installer.dat
2019-02-10 02:25 - 2019-02-10 02:25 - 000000001 _____ () C:\Users\Gabmer\AppData\Local\llftool.4.40.agreement
2019-05-09 01:00 - 2019-05-09 01:00 - 000126464 _____ () C:\Users\Gabmer\AppData\Local\lobby.dat
2019-05-09 01:04 - 2019-05-09 01:04 - 000000049 _____ () C:\Users\Gabmer\AppData\Local\script.ps1
2019-05-09 00:59 - 2019-05-09 00:59 - 000722944 _____ () C:\Users\Gabmer\AppData\Local\sha.db

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-12 00:25
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2019
Ran by Gabmer (20-06-2019 00:56:32)
Running from C:\Users\Gabmer\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-02-10 00:58:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-988120049-823985332-2827762242-500 - Administrator - Disabled)
Gabmer (S-1-5-21-988120049-823985332-2827762242-1000 - Administrator - Enabled) => C:\Users\Gabmer
HomeGroupUser$ (S-1-5-21-988120049-823985332-2827762242-1002 - Limited - Enabled)
Invitado (S-1-5-21-988120049-823985332-2827762242-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\uTorrent) (Version: 3.5.5.45095 - BitTorrent Inc.)
18 Wheels of Steel: American Long Haul  (HKLM\...\18 Wheels of Steel: American Long Haul) (Version:  - ValuSoft)
32 Bit HP CIO Components Installer (HKLM\...\{D36B4583-E804-406B-9D56-F97931286C5B}) (Version: 8.1.2 - Hewlett-Packard) Hidden
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Advanced WindowsCare Personal (HKLM\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.8.6 - IObit)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7475 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 74.0.1376.132 - Los creadores de Avast Secure Browser)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.438 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
AVG Driver Updater (HKLM\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (HKLM\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{FD417077-C2FE-46DB-942A-228179B308D5}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{FD417077-C2FE-46DB-942A-228179B308D5}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - BR (HKLM\...\{620C014F-CED3-4351-803A-7DE2A2207EB7}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Capture (HKLM\...\{9640A543-E423-4D8D-8E82-A1CB6BECCB9C}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Common (HKLM\...\{0622E0CF-F11D-483C-B858-7E7933996EE4}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Connect (HKLM\...\{9F15073D-56EF-4F6F-AF06-74A3B3D6C5EB}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CS (HKLM\...\{8BED1CD0-ECFC-458D-B8DA-6C3F08F4C712}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CT (HKLM\...\{304161EF-BA0D-490F-8665-7B7C9642EC61}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Custom Data (HKLM\...\{E4AF1B6B-8513-4DB7-B99D-BA2B58503829}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CZ (HKLM\...\{3C9EAE39-E5F8-49D7-8BF4-B8C98988EB2E}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - DE (HKLM\...\{DFFC36D1-8475-4C1B-A888-EEC8A0471302}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Draw (HKLM\...\{406E4433-96CF-4D4D-8317-6B8E6BDD8856}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - EN (HKLM\...\{0AAA51D9-5029-4F53-8AFC-B7A9658B4BD5}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - ES (HKLM\...\{2EC99781-9735-44BA-9261-FAF0DFA2E915}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Filters (HKLM\...\{D4C83508-8D3A-4FBC-9F4C-AEF0D02DEF33}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Font Manager (HKLM\...\{17D53EFD-57F4-43D8-96B7-46682C9C9741}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - FR (HKLM\...\{62E510B1-B9D3-438D-A6B4-769154898F9D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM (HKLM\...\{442B9D08-9F56-43FE-905A-07364D0BFE8D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM Content (HKLM\...\{D3515161-7F82-447A-9005-BDBDCC7B60AE}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IT (HKLM\...\{5673571F-23E8-471C-8292-C6F77507FCFE}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - JP (HKLM\...\{26EB0B96-0F5A-45D8-B737-BA09458B7B5F}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - NL (HKLM\...\{F801240F-FB3E-4F96-B791-2C1B3AB6C247}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - PHOTO-PAINT (HKLM\...\{7546E875-C203-4E87-8A3D-FD179944A763}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - PL (HKLM\...\{7C2BC01E-EE8B-436E-AE7B-2FFFBCD33A89}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Redist (HKLM\...\{635BA79D-FF3B-47E6-98BE-05D9FA6F884C}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - RU (HKLM\...\{D13A47D5-0A68-4300-A21B-9A6D9F2FA75D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Setup Files (HKLM\...\{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - TR (HKLM\...\{740C0A1F-4D0B-4586-96C6-3FFF416A3E89}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VBA (HKLM\...\{044AC1C1-C353-49D0-A97B-8BCCA9C4424E}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VideoBrowser (HKLM\...\{24DBD064-369D-423F-964E-6064340342CB}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Workspaces (HKLM\...\{3C68A5EA-7CBF-4CF7-9E24-3502014B3BE7}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Writing Tools (HKLM\...\{7F9E5872-B446-4ADE-A9CC-0B7D7A5D8F08}) (Version: 18.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 (HKLM\...\_{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.0.450 - Corel Corporation)
CorelDRAW Graphics Suite X8 (HKLM\...\{13D9CD72-79DB-4F0F-890D-0A3E45DCBED9}) (Version: 18.0 - Corel Corporation) Hidden
CrystalDiskInfo 7.7.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.7.0 - Crystal Dew World)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (HKLM\...\{C222566F-1C50-4ECD-A01E-77F9C4B95458}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Driver Booster 5 (HKLM\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Drive Repair 2.0.0.1016 (HKLM\...\DVD Drive Repair_is1) (Version: 2.0.0.1016 - Rizonesoft)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ENCORE Wireless LAN Driver - PCI Adaptor (HKLM\...\{46710AEB-ACE9-4386-9DFB-8B65153BFA74}) (Version: 1.00.0000 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F2200 (HKLM\...\{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
GPBaseService2 (HKLM\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{3690900F-85EA-447F-BAD1-5CA25AA9B627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IHMC CmapTools v6.03.01 (HKLM\...\IHMC CmapTools v6.03.01) (Version: 6.0.3.1 - Institute for Human & Machine Cognition)
IPM_Common_x86 (HKLM\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.9.389 - Your Company Name) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 67.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 67.0.3 (x86 es-ES)) (Version: 67.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.3.7108 - Mozilla)
MSI Star Cam 370i (HKLM\...\{19344041-26B8-403B-BC3B-6E7185AA7E76}) (Version: 100.000.070814 -  )
MSI Star Cam 370i (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.20.0.202_WQHL - Sonix)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - MSI MSI Star Cam 370i (04/22/2008 1.0.0.0) (HKLM\...\92A6E160D295A14569F57189DA2588F0A1D1CD5E) (Version: 04/22/2008 1.0.0.0 - MSI)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Scan (HKLM\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (HKLM\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.71 (HKLM\...\UltraISO_is1) (Version:  - )
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebReg (HKLM\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Gabmer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3540ba49f82ead5d\Avast Secure Browser.lnk -> C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2009-09-20 12:36 - 2009-09-20 12:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2011-04-13 16:07 - 2011-04-13 16:07 - 000045568 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2011-04-13 16:07 - 2011-04-13 16:07 - 000055808 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2009-08-18 11:24 - 2009-08-18 11:24 - 000134144 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
2003-03-18 21:12 - 2003-03-18 21:12 - 001047552 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
2003-03-19 07:20 - 2003-03-19 07:20 - 001060864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL
2006-12-19 10:30 - 2006-12-19 10:30 - 000081920 _____ (Prolific Technology Inc.) [File not signed] C:\Windows\system32\IoctlSvc.exe
2019-04-22 06:44 - 2018-09-05 21:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\.DEFAULT\...\123found.com -> 123found.com
IE restricted site: HKU\.DEFAULT\...\123keno.com -> 123keno.com
IE restricted site: HKU\.DEFAULT\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\.DEFAULT\...\1se.ru -> 1se.ru
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\2020search.com -> 2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com

There are 1540 more sites.

IE trusted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\20x2p.com -> 20x2p.com

There are 1540 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gabmer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.33 - 190.157.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gabmer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                               
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"                                                                                                                                                                                                                
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun                                                                                                                                                                                                               
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe                                                                                                                                                                                                                     
MSCONFIG\startupreg: iPScan5x => C:\Windows\iPScan5x.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe                                                                                                                                                                                                                    
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s                                                                                                                                                                                                                     
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: tsnpstd3 => C:\Windows\tsnpstd3.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{369F83A7-C3E3-4968-AE48-6B0E77E04841}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07FE5FD3-1EDA-47AC-AC8D-DFA36273BEE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C1FC6C7-E285-49A0-B416-99B2D6E86A15}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{714E8B01-BE6F-4A26-8F00-8B8D65775F62}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E54FC876-AB51-4AB9-AA67-977D3F1E2F5E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{0CEDFF09-AC48-446C-A73C-DDBDC4B8A3D9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{08456143-67BE-4634-B568-5939A8790D95}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7655ECB2-E29B-4375-BCD0-8FE7ABBEF7EB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{6B2ED917-53E3-42DA-8C76-71BBC1E1E392}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{490F0306-9E8C-4CB8-A55F-CC8E372B4A6C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{A2B17CFB-34B2-48FA-BF78-6F49F476BBC5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{1BBB9F29-EDD3-4EFF-B8BD-88AB27E24F97}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{33AC16AD-649D-4283-8F9E-C143C5A469B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{1D86F836-0998-4AA6-8144-CE74E74E9C02}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{21330556-7607-4A02-B69C-2A13EEFD835C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{1AEA29CD-EEFE-49BD-9D8C-CC523BF1A683}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D1854DC3-299A-4188-B148-29DE0713AA13}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{3CD12C69-F3A0-4C27-BF4E-0ADD909C48CF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{157590AF-27B5-4CE4-9B03-7F63B20DE0CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{44F7D694-BA18-426A-9103-7A39A7EB0101}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{E7D9263D-0CE7-47C1-92E8-40F126A757C9}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{9D0F9DE1-C0F9-409B-8370-277E750C54EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68B1BD1A-2BCB-4F7A-939F-2AD0E6C1B4C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1132674-78B6-4785-83CE-E0E5312E4B35}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE0C99AC-34DC-48FC-93C6-D70478C296E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42E34D5B-76A5-4C7D-8F6A-424906D76670}] => (Allow) C:\Users\Gabmer\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1F1BF0A2-2049-44C6-9201-D84552CF777B}] => (Allow) C:\Users\Gabmer\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{79525CC8-6D81-4C8A-944E-AA52C86BCD4D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12E888BD-C4BB-4BC0-9DE9-89701B2D35ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2E86F5C0-8D97-4006-8BE9-90F4CFF26D94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A96F15D-5B0C-440D-911B-CD76A52CC95E}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{EF765D7A-320E-4347-B17E-F9C8E56597B3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{FED91EC7-05ED-41F5-93B3-9C88D08F4783}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe (IObit Information Technology -> IObit) [File not signed]
FirewallRules: [{4298F2AA-D3C0-45DF-ADF1-75BCDF016348}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe (IObit Information Technology -> IObit) [File not signed]
FirewallRules: [{AF12CE52-645C-4F74-BE85-D907F4E95E74}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{7B983A65-418D-40CC-AD64-4ACBCE1E56FA}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{3F23FECD-BE8B-4C05-A0C4-F07EC7A91CE3}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{CD777242-17B2-4800-A259-7E433676311E}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [TCP Query User{7A43A415-F241-4ABB-9FC8-9F6345786A2C}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{4746C90D-3C1D-4B6E-8540-BC7C5C3E1DC9}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [{9F8556E5-DC7E-4FF1-9E96-27DBEC8BF8E2}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

15-06-2019 20:13:16 Punto de control programado
18-06-2019 19:22:26 Punto de comprobación por HitmanPro
18-06-2019 19:23:25 Punto de comprobación por HitmanPro
18-06-2019 19:26:04 Punto de comprobación por HitmanPro
19-06-2019 19:07:07 Removed Skype™ 7.3

==================== Faulty Device Manager Devices =============

Name: NIC de la tarjeta de red LAN inalámbrica 802.11n (Mini-)PCI Realtek RTL8190
Description: NIC de la tarjeta de red LAN inalámbrica 802.11n (Mini-)PCI Realtek RTL8190
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: rtl819xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2019 06:53:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: \Device\NetBT_Tcpip_{47803BD5-405F-4097-81B5-A7211CBCFDE6}

Error: (06/19/2019 06:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/19/2019 05:26:57 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: \Device\NetBT_Tcpip_{47803BD5-405F-4097-81B5-A7211CBCFDE6}

Error: (06/19/2019 05:22:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/19/2019 03:42:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
.

Error: (06/19/2019 03:42:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
]

Error: (06/18/2019 07:26:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000368,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,017BF898.64). HR = 0x80070005, Acceso denegado.
.

Error: (06/18/2019 07:26:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000518,(null),0,REG_BINARY,044AEA7C.64). HR = 0x80070005, Acceso denegado.
.


Operación:
   Evento BackupShutdown

Contexto:
   Contexto de ejecución: Writer
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {ffd0a75d-bb24-499a-b0b7-e1efa0e8f1c8}


System errors:
=============
Error: (06/20/2019 12:50:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/20/2019 12:20:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/20/2019 12:06:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/19/2019 11:48:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (06/19/2019 11:48:16 PM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AADS-11M2B1

Firmware Version: 80.0

Serial Number:      WD-WCAV53257266

Port: 0

Error: (06/19/2019 11:48:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (06/19/2019 11:48:14 PM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AADS-11M2B1

Firmware Version: 80.0

Serial Number:      WD-WCAV53257266

Port: 0

Error: (06/19/2019 11:48:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.10 10/13/2014
Motherboard: ASRock N68C-GS4 FX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 60%
Total physical RAM: 1791.24 MB
Available physical RAM: 704.11 MB
Total Virtual: 3646.48 MB
Available Virtual: 705.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:63.11 GB) NTFS
Drive d: () (Fixed) (Total:319.18 GB) (Free:120.01 GB) NTFS
Drive l: () (Fixed) (Total:298.09 GB) (Free:297.62 GB) NTFS

\\?\Volume{476432d2-0dfc-11e8-9a1c-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 00042F59)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 72706D6F)
No partition Table on disk 1.

==================== End of Addition.txt ============================

:thinking: Ahí estan los reportes pedidos, los publiqué a los pocos minutos de haber sido pedidos por la moderadora, por si hay alguien que quiera y pueda dar su opinión y analisis en base a esos reportes.

Gracias

Hola @Antioisco

Disculpa la demora en responder, se me paso tu notificación.

Solo los Miembros del Staff podemos analizar esos reportes.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…


Ejecutaste FRST desde un lugar incorrecto:

Corta el ejecutable y pegalo en el escritorio.

Running from C:\Users\Gabmer\Downloads

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {c98c15da-1545-11e8-8a3d-d050996057c9} - L:\setup.exe
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {e1da1e80-4e8f-11e9-84ec-d050996057c9} - F:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 rcdll; C:\Users\Gabmer\AppData\Local\Temp\rcdll.exe [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
2019-06-20 00:03 - 2019-02-09 23:22 - 000000000 __SHD C:\found.005
2019-06-20 00:03 - 2019-02-09 19:46 - 000000000 __SHD C:\found.006
2019-06-20 00:03 - 2019-02-08 21:24 - 000000000 __SHD C:\found.004
2019-06-20 00:03 - 2019-01-26 00:06 - 000000000 __SHD C:\found.003
2019-06-20 00:03 - 2018-12-10 00:47 - 000000000 ____D C:\Temp
2019-06-20 00:03 - 2018-11-26 00:18 - 000000000 __SHD C:\found.002
2019-06-20 00:03 - 2018-11-25 23:46 - 000000000 __SHD C:\found.001
2019-06-20 00:03 - 2018-07-08 18:03 - 000000000 __SHD C:\found.000
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Al margen de tu infección tu disco duro podría estar en problemas.

Has ejecutado Scandisk o Checkdisk últimamente?

Salu2.

Si, tambien CrystalDiskInfo y me dice que el disco duro esta en riesgo, muestra la temperatura en 38 grados, tal vez esa es la razon que a veces se queda congelado el pc y no reacciona, en muchos casos tengo que reiniciar el pc, demora mucho en cerrar sesion, la navegación en internet es lenta, etc. Estoy pensando en hacer un formateo de bajo nivel si la situación sigue así, pero haciendo calculos, creo demora en formatear las 500GB en 10 o 12 horas.

No seria mejor volver a realizar el analisis nuevamente?

Hola:

No es necesario, solo corta el ejecutable y pegarlo en el escritorio y luego sigue los pasos.

Salu2

Solamente dejo chuleada esa casilla?, al abrir el programa viene con la casilla “remove desinfection tools” marcada.

Hola:

Si solo la indicada.

Destilda la que no necesitamos por ahora.

Salu2

Ok, y pego el reporte?

Hola:

De Delfix no es necesario. El Fixlog si.

Salu2

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-06-2019
Ran by Gabmer (22-06-2019 02:05:56) Run:1
Running from C:\Users\Gabmer\Desktop
Loaded Profiles: Gabmer (Available Profiles: Gabmer)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {c98c15da-1545-11e8-8a3d-d050996057c9} - L:\setup.exe
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {e1da1e80-4e8f-11e9-84ec-d050996057c9} - F:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 rcdll; C:\Users\Gabmer\AppData\Local\Temp\rcdll.exe [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
2019-06-20 00:03 - 2019-02-09 23:22 - 000000000 __SHD C:\found.005
2019-06-20 00:03 - 2019-02-09 19:46 - 000000000 __SHD C:\found.006
2019-06-20 00:03 - 2019-02-08 21:24 - 000000000 __SHD C:\found.004
2019-06-20 00:03 - 2019-01-26 00:06 - 000000000 __SHD C:\found.003
2019-06-20 00:03 - 2018-12-10 00:47 - 000000000 ____D C:\Temp
2019-06-20 00:03 - 2018-11-26 00:18 - 000000000 __SHD C:\found.002
2019-06-20 00:03 - 2018-11-25 23:46 - 000000000 __SHD C:\found.001
2019-06-20 00:03 - 2018-07-08 18:03 - 000000000 __SHD C:\found.000
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => removed successfully.
HKU\S-1-5-21-988120049-823985332-2827762242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c98c15da-1545-11e8-8a3d-d050996057c9} => removed successfully.
HKLM\Software\Classes\CLSID\{c98c15da-1545-11e8-8a3d-d050996057c9} => not found
HKU\S-1-5-21-988120049-823985332-2827762242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1da1e80-4e8f-11e9-84ec-d050996057c9} => removed successfully.
HKLM\Software\Classes\CLSID\{e1da1e80-4e8f-11e9-84ec-d050996057c9} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully.
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\System\CurrentControlSet\Services\HuaweiHiSuiteService.exe => removed successfully.
HuaweiHiSuiteService.exe => service removed successfully.
HKLM\System\CurrentControlSet\Services\rcdll => removed successfully.
rcdll => service removed successfully.
HKLM\System\CurrentControlSet\Services\Partizan => removed successfully.
Partizan => service removed successfully.
C:\found.005 => moved successfully
C:\found.006 => moved successfully
C:\found.004 => moved successfully
C:\found.003 => moved successfully
C:\Temp => moved successfully
C:\found.002 => moved successfully
C:\found.001 => moved successfully
C:\found.000 => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows


Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   V¡nculo: direcci¢n IPv6 local. . . : fe80::58b6:eb47:aa3c:dc7e%12
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.0.15
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : 192.168.0.1

Adaptador de t£nel isatap.{0649FCB1-CFEE-4A41-8A62-4034D5607543}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{47803BD5-405F-4097-81B5-A7211CBCFDE6}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {E0AAA0A5-0180-4C74-AC9D-EFB76855DC15}.
Unable to cancel {AFC421CE-D462-49A9-AB7A-A43EA8FA0E62}.
{76FB0F41-419E-4F2E-88A6-6727B4810689} canceled.
1 out of 3 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.
"HKU\S-1-5-21-988120049-823985332-2827762242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully.
"HKU\S-1-5-21-988120049-823985332-2827762242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully.


========= End of RemoveProxy: =========

Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27366623 B
Java, Flash, Steam htmlcache => 1185 B
Windows/system/drivers => 5514798 B
Edge => 0 B
Chrome => 0 B
Firefox => 203944490 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 49120 B
Public => 0 B
ProgramData => 0 B
systemprofile => 905001015 B
LocalService => 66228 B
NetworkService => 72628 B
Gabmer => 36751566 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 02:08:59 ====

Al terminar el analisis, el programa pidio reiniciar el computador, y todas las sesiones activas se desabilitaron, por ejemplo aquí en el foro tuve que escribir nuevamente mi correo y contraseña para entrar nuevamente. En el reporte vi algo que hace un programa llamado WinsockFix Win, o me equivoco??

Hola @Antioisco

Es normal deberías haberlo ejecutado con todos los programas cerrados.

No te equivocas, no es un programa es un comando de Windows.


En cuanto el tema de las infecciones tu equipo ya esta limpio.

Para eliminar las herramientas utilizadas:

Descargas >> Delfix, a tu escritorio.

  • Doble clic para ejecutarlo.(Si usas Windows Vista/7 /8 /10,presiona clic derecho y selecciona >> “Ejecutar como Administrador”)
  • Marca las casilla Remove disinfection tools y Purgue Sistem Restore
  • Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.


En cuanto al Rasomware cada tanto se actualiza la herramienta por si quisieras desencriptar los dos archivos que te faltaron puedes suscribirte al tema:

STOP Ransomware - descifrador gratuito (STOPDecryp


Sobre el disco duro te recomiendo hagas un backup en una unidad externa de tus archivos por seguridad.

También puedes abrir un nuevo tema consultando sobre el problema del estado real de tu Disco así no se desvirtuá este tema.


Nos comentas si ya podemos dar por Solucionado este post.

Salu2.

Eliminé esos archivos del pc.

Entonces para dar el tema por solucionado me podrías dar un pequeño informe de lo que sucedió con la infeccion en el computador y el por que de que el disco duro esta en serios problemas, en que lo afectó el ransomware?. Gracias.

Hola @Antioisco

La mayoría de lo encontrado por Eset fueron las notas de rescate.

Con FRST eliminamos toda la basura de tu Pc, claves obsoletas, restos de desinstalaciones y algunos bloqueos que te dejaron las infecciones.


El Rasomware en Nada. No afecta al hardware, evidentemente tu disco se estaba dañando ya con anterioridad.

Veo que por el tema ya has recibido ayuda en:

Ahora si solo resta que comentes si ya están resueltas tus dudas.

Salu2

Así seras conduciendo?, veo que te gusta la velocidad, te agradezco por la gran ayuda que me brindaste. Ya todo está solucionado, puedes tener el placer de cerrar el tema. :rofl:

Hola @Antioisco

Pues te equivocas soy una Sra. Grande que no le gusta la velocidad ni el la vida ni en los temas.

Abriste un tema especifico por un problema especifico (Rasomware) te ayude con ello, te pedí un reporte de FRST para asegurarme que no quedara basura en tu equipo, y de paso detecte y te avise que se reportaba un daño en tu disco duro.

Mas que cumplir con las reglas de este Foro para que no se desvirtúen los temas no puedo hacer.

De todas maneras fue un placer ayudarte y ya sabes donde encontrarnos.

Salu2