Me apareció extensión .Fordan en algunos archivos - Stop Ransomware

Ok, muchas gracias, voy a probar y mas tarde aviso.

Hola, se recuperaron algunos archivos, otros no. Eran como siete archivos, dos no se pudieron recuperar. Lo que no entiendo es por que no se infectaron los demas archivos del pc. Gracias.

Hola @Antioisco

Que bueno que fueran tan pocos los afectados.

No se decirte el porque, algo detuvo la infección.


Se que corriste Malwarebytes pero si quieres asegurarte realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso

Guía: Como pegar Reportes en el Foro?

Salu2.

Ok, voy a realizar un escaneo con eset online escanner. Ayer hice un escaneo con mi antivirus Avast y detecto un par de virus o infecciones.

Mas tarde te aviso del resultado del eset. Gracias!!!

Hola @Antioisco

Perfecto por acá siempre estamos…:coffee:

Salu2

C:\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0000.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0001.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0002.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0003.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0004.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.000\dir0005.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.001\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.002\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.003\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\dir0000.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\dir0001.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\dir0002.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\dir0003.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.004\dir0004.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.005\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.005\dir0000.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.005\dir0001.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.005\dir0002.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.006\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.006\dir0000.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.006\dir0001.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\found.006\dir0002.chk\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\anim\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\audio\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\data\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\models\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\movies\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\ReadMe\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\SAMP\_readme.txt	Win32/Filecoder.STOP troyano	
C:\GTA San Andreas\text\_readme.txt	Win32/Filecoder.STOP troyano	
C:\Nueva carpeta\_readme.txt	Win32/Filecoder.STOP troyano	
C:\Program Files\_readme.txt	Win32/Filecoder.STOP troyano	
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplorеr (Nо Add-ons).lnk	Win32/Adware.ICLoader.MK aplicación	
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8\Vidеo Tutoriаls X8.lnk	Win32/Adware.ICLoader.MK aplicación	
C:\Temp\_readme.txt	Win32/Filecoder.STOP troyano	
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplorеr (Nо Add-ons).lnk	Win32/Adware.ICLoader.MK aplicación	
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8\Vidеo Tutoriаls X8.lnk	Win32/Adware.ICLoader.MK aplicación	
C:\Users\Gabmer\_readme.txt	Win32/Filecoder.STOP troyano	
C:\Windows\System32\drivers\etc\hosts	Win32/Qhost troyano	
D:\_readme.txt	Win32/Filecoder.STOP troyano	
Ubicaciones de inicio automático	varias amenazas,está correcto,Win32/Adware.ICLoader.MK aplicación,Win32/Qhost troyano	


Ese es el reporte que arrojo el escaneo con Eset Online Scaner

Algo que no entiendo es por que el Malwarebites Antimalware no detectó esa infección?
Será que esta perdiendo efectividad??

Hola @Antioisco

En realidad si revisas bien cualquiera de las lineas:

  • C:\Nueva carpeta_readme.txt Win32/Filecoder.STOP troyano

Como sabes los Rasomware cifran archivos, y en las carpetas donde estos están cifrados también hay una nota de rescate.

Por ello te marca que el .txt (que es la nota de rescate) le pertenece al tipo de infección Stop Rasomware

En síntesis lo que te elimino son las notas de rescate.

Estas seguro que solo tenias 7 archivos cifrados??


Para asegurarnos que no quede nada realiza lo siguiente:

1.- Desactiva temporalmente su antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abriran dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2.

Ok, voy a realizar lo indicado. Ayer tambien hice un analisis con HitmanPro y tambien detecto unas amenazas.

Y lo de los siete archivos lo digo por que eran los unicos con la extensión .Fordan en el disco local D.

Hola @Antioisco

Seria interesante que también pegues ese reporte.

Salu2

Hace un par de horas desisntale ese programa.

Hola @Antioisco

Cuando pides ayuda para desinfectar es importante seguir los pasos y si corres herramientas por tu cuenta, por lo menos guarda los reportes, así podemos saber que es lo que había en tu ordenador.

Esperamos el reporte de FRST y Addittion.

Salu2

Eso lo hice antes de pedir ayuda al foro, pero los siete archivos infectados que yo pude observar quedaron intactos.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2019
Ran by Gabmer (administrator) on GABMER-PC (20-06-2019 00:52:30)
Running from C:\Users\Gabmer\Downloads
Loaded Profiles: Gabmer (Available Profiles: Gabmer)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\vsnpstd3.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Prolific Technology Inc.) [File not signed] C:\Windows\System32\IoctlSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [226184 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [16557632 2019-03-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [843776 2006-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {c98c15da-1545-11e8-8a3d-d050996057c9} - L:\setup.exe
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {e1da1e80-4e8f-11e9-84ec-d050996057c9} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-18\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\74.0.1376.132\Installer\chrmstp.exe [2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-24]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {135C9FD3-37F7-4812-AA83-C7F1AB3E5C6A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1051864 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2693EC83-9D2D-42E9-914C-7B4897EFFB30} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {332ED328-9CA7-496A-9DFC-F317334DE4BF} - System32\Tasks\WebReg HP Deskjet F2200 series => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [1186304 2009-05-21] (Hewlett-Packard Company) [File not signed]
Task: {3445FC67-7466-4C27-840B-AEE79F1B4FBF} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {41C65449-5631-4254-AA92-B42608851FCB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {45393E56-A332-4D88-BB5D-DB45833B2469} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1951280 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {666C14A6-15B4-40AC-98DC-8FD524E73EAE} - System32\Tasks\Avast Emergency Update
Task: {70A4288B-CC50-4A1D-AC04-883D981E3782} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7FBDCE88-81A5-4236-9BE9-5DA64AA38899} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9E8C9F0-CDB4-4060-9B69-15C196244CC1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {B7B37631-8B34-4D65-847C-B55AAD96FB5D} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1398208 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
Task: {BA6E1092-089B-4BAF-8FEB-987152AB1E28} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\5.3.0\Scheduler.exe [147232 2018-01-26] (IObit Information Technology -> IObit)
Task: {BB253EB3-CFDE-4BB8-AF69-2817AB78ABB5} - System32\Tasks\Driver Booster SkipUAC (Gabmer) => C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe [6095120 2018-03-23] (IObit Information Technology -> IObit) [File not signed]
Task: {BEE1BF6A-B354-4B7E-9C0F-E7B592BD8E5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {CFB3127C-8D61-4864-B3AE-C348F634F2D9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1913648 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D66C714C-609F-4704-A56B-A9790E7485C1} - System32\Tasks\Avast TUNEUP Update => C:\Program Files\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
Task: {DB4D9B5A-4F43-4BE6-BEE3-EE9976241AC3} - System32\Tasks\CorelUpdateHelperTaskCore
Task: {EB812888-CC9C-4F7F-B2E3-BE6613915F9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {FD5B8680-B46E-485D-8B2C-DC3F3307876E} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {FF4A7420-071D-4A3B-BD5C-602F558BD8D0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [282800 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\WebReg HP Deskjet F2200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{0649FCB1-CFEE-4A41-8A62-4034D5607543}: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{47803BD5-405F-4097-81B5-A7211CBCFDE6}: [DhcpNameServer] 190.157.8.33 190.157.8.1 100.70.133.50 100.70.133.51
Tcpip\..\Interfaces\{87B292D6-7920-46E9-8205-675BE63DFF45}: [NameServer] 100.120.211.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.infospyware.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-03-13] (Microsoft Corporation -> Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1ecffd0e.default-1518648877818
FF ProfilePath: C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818 [2019-06-20]
FF Extension: (Avast SafePrice | Comparaciones, ofertas y cupones) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\[email protected] [2019-06-19]
FF Extension: (Avast Online Security) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\[email protected] [2019-06-19]
FF Extension: (Adblock Plus - bloqueador de anuncios gratis) - C:\Users\Gabmer\AppData\Roaming\Mozilla\Firefox\Profiles\1ecffd0e.default-1518648877818\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2018-02-09] [Legacy] [not signed]
FF HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5555320 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [359864 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [369776 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2019-04-17] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe [1079424 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files\AVAST Software\Avast Cleanup\TuneupSvc.exe [10282024 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
S4 Disc Soft Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd -> Disc Soft Ltd)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 ICEsoundService; C:\Windows\system32\ICEsoundService.exe [513120 2019-03-08] (ICEpower a/s -> ICEpower a/s)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5247944 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7038904 2019-05-23] (AVAST Software s.r.o. -> AVAST Software)
S2 symsrv; C:\Program Files\windows nt\symsrv.exe [145168 2019-05-09] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 rcdll; C:\Users\Gabmer\AppData\Local\Temp\rcdll.exe [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [99240 2019-03-08] (Alcorlink Corp. -> )
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [173232 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [225608 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [171520 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [56296 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [139352 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [36104 2019-04-22] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\Windows\System32\drivers\aswNetSec.sys [404824 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783024 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [403680 2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [167360 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2018-02-15] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [312248 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [24704 2018-02-19] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [128552 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
R3 gMouUsb; C:\Windows\System32\DRIVERS\gMouUsb.sys [11520 2018-11-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2018-02-10] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2018-02-10] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [173512 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [107168 2019-05-27] (Malwarebytes Corporation -> Malwarebytes)
S3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [559208 2018-02-10] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Sonix Co. Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [22728 2018-10-08] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-20 00:52 - 2019-06-20 00:55 - 000023329 _____ C:\Users\Gabmer\Downloads\FRST.txt
2019-06-20 00:51 - 2019-06-20 00:52 - 000000000 ____D C:\FRST
2019-06-20 00:38 - 2019-06-20 00:47 - 001770496 _____ (Farbar) C:\Users\Gabmer\Downloads\FRST.exe
2019-06-20 00:02 - 2019-06-20 00:02 - 000006502 _____ C:\Users\Gabmer\Desktop\Reporte Eset Online.txt
2019-06-19 19:29 - 2019-06-19 19:29 - 000000000 ____D C:\Users\Gabmer\AppData\Local\ESET
2019-06-19 18:56 - 2019-06-19 18:56 - 000002009 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2019-06-19 18:53 - 2019-05-20 15:12 - 000311176 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-19 03:13 - 2019-06-19 03:13 - 004972816 _____ C:\Users\Gabmer\Desktop\658562G516DO_Anexo.pdf
2019-06-18 19:47 - 2019-06-18 20:07 - 000068730 _____ C:\Users\Gabmer\Downloads\STOPDecrypter-log.txt
2019-06-18 19:47 - 2019-06-15 19:59 - 000004125 _____ C:\Users\Gabmer\Downloads\README.txt
2019-06-18 19:47 - 2019-06-15 19:34 - 002558464 _____ () C:\Users\Gabmer\Downloads\STOPDecrypter.exe
2019-06-18 19:46 - 2019-06-18 19:46 - 002458280 _____ C:\Users\Gabmer\Downloads\STOPDecrypter.zip
2019-06-18 19:21 - 2019-06-18 19:37 - 000000000 ____D C:\Program Files\Google
2019-06-18 19:21 - 2019-06-18 19:30 - 000000000 ____D C:\Users\Gabmer\AppData\Local\Google
2019-06-18 19:20 - 2019-06-18 19:20 - 005562976 _____ (Piriform Ltd) C:\Users\Gabmer\Downloads\rcsetup153.exe
2019-06-18 19:12 - 2019-06-18 19:13 - 010923240 _____ (SurfRight B.V.) C:\Users\Gabmer\Downloads\HitmanPro.exe
2019-06-18 15:47 - 2019-06-18 19:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-16 01:03 - 2019-06-16 01:03 - 000000000 ____D C:\Users\Gabmer\Downloads\res
2019-06-16 01:03 - 2017-12-02 19:13 - 007124992 _____ C:\Users\Gabmer\Downloads\HDDScan.exe
2019-06-16 01:02 - 2019-06-16 01:02 - 003830128 _____ C:\Users\Gabmer\Downloads\HDDScan.zip
2019-06-13 01:48 - 2019-06-13 01:48 - 000112420 _____ C:\Users\Gabmer\Downloads\Certificado SENA Toma de Decisiones en el Nivel Gerencial.pdf
2019-06-13 01:46 - 2019-06-13 01:46 - 000099680 _____ C:\Users\Gabmer\Downloads\Nota especial certificado Toma de Decisiones en el Nivel Gerencial.pdf
2019-06-03 17:16 - 2019-06-03 17:17 - 000013905 _____ C:\Users\Gabmer\Downloads\Chat venta cancelada disipador master cooler.html
2019-06-03 15:22 - 2019-06-03 15:22 - 000000000 _____ C:\storage.sqlite
2019-05-27 03:43 - 2019-05-27 03:43 - 000107168 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-05-27 03:22 - 2019-05-27 03:22 - 000173512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-27 03:15 - 2019-05-27 03:15 - 000000000 ____D C:\Users\Gabmer\AppData\Local\mbamtray
2019-05-27 03:12 - 2019-05-27 03:12 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-27 03:12 - 2019-05-27 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-27 03:11 - 2019-05-27 03:22 - 000128552 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-05-24 14:04 - 2019-05-24 14:04 - 000001057 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2019-05-21 00:17 - 2019-06-07 04:58 - 000000000 ____D C:\Users\Gabmer\CmapToolsLogs
2019-05-21 00:17 - 2019-06-07 04:58 - 000000000 ____D C:\Users\Gabmer\AppData\Roaming\CmapTools
2019-05-21 00:17 - 2019-06-07 03:19 - 000000000 ____D C:\Users\Gabmer\Documents\My Cmaps
2019-05-21 00:16 - 2019-05-21 00:16 - 000002016 _____ C:\Users\Gabmer\Desktop\CmapTools.lnk
2019-05-21 00:10 - 2019-05-21 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools
2019-05-21 00:09 - 2019-05-21 00:10 - 000000000 ____D C:\Program Files\IHMC CmapTools
2019-05-21 00:06 - 2019-05-21 00:06 - 000000000 ____D C:\Users\Gabmer\Downloads\Cmaptools
2019-05-21 00:00 - 2019-05-21 00:01 - 000000000 ___HD C:\Program Files\Zero G Registry
2019-05-21 00:00 - 2019-05-21 00:00 - 000000000 ___HD C:\Users\Gabmer\InstallAnywhere

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-20 00:03 - 2019-02-22 00:03 - 000000000 ____D C:\GTA San Andreas
2019-06-20 00:03 - 2019-02-09 23:22 - 000000000 __SHD C:\found.005
2019-06-20 00:03 - 2019-02-09 19:46 - 000000000 __SHD C:\found.006
2019-06-20 00:03 - 2019-02-08 21:24 - 000000000 __SHD C:\found.004
2019-06-20 00:03 - 2019-01-26 00:06 - 000000000 __SHD C:\found.003
2019-06-20 00:03 - 2018-12-10 00:47 - 000000000 ____D C:\Temp
2019-06-20 00:03 - 2018-11-26 00:18 - 000000000 __SHD C:\found.002
2019-06-20 00:03 - 2018-11-25 23:46 - 000000000 __SHD C:\found.001
2019-06-20 00:03 - 2018-07-08 18:03 - 000000000 __SHD C:\found.000
2019-06-20 00:03 - 2018-02-21 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8
2019-06-20 00:03 - 2018-02-09 19:58 - 000000000 ____D C:\Users\Gabmer
2019-06-19 20:59 - 2018-02-10 14:38 - 000000000 ____D C:\Users\Gabmer\AppData\LocalLow\Mozilla
2019-06-19 18:59 - 2009-07-13 23:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-19 18:59 - 2009-07-13 23:34 - 000021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-19 18:56 - 2018-02-15 02:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-06-19 18:55 - 2018-02-15 00:16 - 000312248 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-19 18:55 - 2018-02-15 00:16 - 000167360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-19 18:55 - 2018-02-15 00:16 - 000139352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-19 18:52 - 2018-04-11 16:38 - 000000000 ____D C:\Users\Gabmer\AppData\Local\AVAST Software
2019-06-19 18:50 - 2009-07-13 23:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-19 17:18 - 2018-02-14 17:53 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2019-06-19 03:41 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\inf
2019-06-18 19:31 - 2018-02-15 23:00 - 000000000 ____D C:\Users\Gabmer\AppData\LocalLow\HPAppData
2019-06-18 19:10 - 2019-03-08 18:41 - 000000000 ____D C:\Users\Gabmer\Desktop\Cosas del escritorio
2019-06-18 18:26 - 2010-11-20 19:30 - 001957066 _____ C:\Windows\system32\perfh00A.dat
2019-06-18 18:26 - 2010-11-20 19:30 - 000553552 _____ C:\Windows\system32\perfc00A.dat
2019-06-18 18:26 - 2010-11-20 16:01 - 000006396 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-16 22:14 - 2018-02-10 01:02 - 000000000 ____D C:\Users\Gabmer\AppData\Local\ElevatedDiagnostics
2019-06-15 19:47 - 2018-02-09 22:56 - 000000000 ____D C:\Windows\system32\Macromed
2019-06-14 20:15 - 2018-02-27 19:46 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-11 13:52 - 2018-02-10 18:28 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-06-11 13:52 - 2018-02-10 18:28 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-06-11 13:10 - 2009-07-13 23:53 - 000032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-07 15:38 - 2009-07-13 21:37 - 000000000 ____D C:\Windows\system32\NDF
2019-05-29 15:59 - 2019-05-09 00:58 - 000000000 ____D C:\ProgramData\{FC278B4D-89B6-27CC-CE94-4FABCE7316FA}
2019-05-29 15:59 - 2019-05-09 00:58 - 000000000 ____D C:\ProgramData\{D1E61DF6-1F0D-0A0D-7502-8E8675E5D7D7}
2019-05-28 14:51 - 2019-04-17 02:16 - 000002385 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-28 14:51 - 2019-04-17 02:16 - 000002342 ____H C:\Users\Public\Desktop\Avast Secure Browser.lnk
2019-05-27 00:47 - 2019-02-27 02:26 - 000000000 ____D C:\Users\Gabmer\Downloads\Telegram
2019-05-25 02:02 - 2019-05-16 04:21 - 000000000 ____D C:\Users\Gabmer\Downloads\Sena virtualActividad 1

==================== Files in the root of some directories ================

2019-05-09 01:08 - 2019-05-09 01:18 - 000000004 _____ () C:\ProgramData\lock.dat
2019-05-09 01:08 - 2019-05-09 01:08 - 000000008 _____ () C:\ProgramData\ts.dat
2019-05-09 01:00 - 2019-05-09 01:00 - 000054272 _____ () C:\Users\Gabmer\AppData\Local\ApplicationHosting.dat
2019-05-09 01:00 - 2019-05-09 01:00 - 054547712 _____ (Google Inc.) C:\Users\Gabmer\AppData\Local\ChromeSetup.exe
2019-05-09 00:59 - 2019-05-09 00:59 - 000140800 _____ () C:\Users\Gabmer\AppData\Local\installer.dat
2019-02-10 02:25 - 2019-02-10 02:25 - 000000001 _____ () C:\Users\Gabmer\AppData\Local\llftool.4.40.agreement
2019-05-09 01:00 - 2019-05-09 01:00 - 000126464 _____ () C:\Users\Gabmer\AppData\Local\lobby.dat
2019-05-09 01:04 - 2019-05-09 01:04 - 000000049 _____ () C:\Users\Gabmer\AppData\Local\script.ps1
2019-05-09 00:59 - 2019-05-09 00:59 - 000722944 _____ () C:\Users\Gabmer\AppData\Local\sha.db

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-06-12 00:25
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2019
Ran by Gabmer (20-06-2019 00:56:32)
Running from C:\Users\Gabmer\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2018-02-10 00:58:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-988120049-823985332-2827762242-500 - Administrator - Disabled)
Gabmer (S-1-5-21-988120049-823985332-2827762242-1000 - Administrator - Enabled) => C:\Users\Gabmer
HomeGroupUser$ (S-1-5-21-988120049-823985332-2827762242-1002 - Limited - Enabled)
Invitado (S-1-5-21-988120049-823985332-2827762242-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\uTorrent) (Version: 3.5.5.45095 - BitTorrent Inc.)
18 Wheels of Steel: American Long Haul  (HKLM\...\18 Wheels of Steel: American Long Haul) (Version:  - ValuSoft)
32 Bit HP CIO Components Installer (HKLM\...\{D36B4583-E804-406B-9D56-F97931286C5B}) (Version: 8.1.2 - Hewlett-Packard) Hidden
Actualización de NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Adobe Acrobat Reader DC - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Advanced WindowsCare Personal (HKLM\...\Advanced WindowsCare V2 Personal_is1) (Version: 2.8.6 - IObit)
Avast Cleanup Premium (HKLM\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7475 - AVAST Software)
Avast Internet Security (HKLM\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 74.0.1376.132 - Los creadores de Avast Secure Browser)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.438 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
AVG Driver Updater (HKLM\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
AVG Driver Updater (HKLM\...\AVG Driver Updater) (Version: 2.2.2 - AVG Netherlands B.V)
BufferChm (HKLM\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (HKLM\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{FD417077-C2FE-46DB-942A-228179B308D5}) (Version: 18.0.0.448 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{FD417077-C2FE-46DB-942A-228179B308D5}) (Version: 18.0.448 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - BR (HKLM\...\{620C014F-CED3-4351-803A-7DE2A2207EB7}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Capture (HKLM\...\{9640A543-E423-4D8D-8E82-A1CB6BECCB9C}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Common (HKLM\...\{0622E0CF-F11D-483C-B858-7E7933996EE4}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Connect (HKLM\...\{9F15073D-56EF-4F6F-AF06-74A3B3D6C5EB}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CS (HKLM\...\{8BED1CD0-ECFC-458D-B8DA-6C3F08F4C712}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CT (HKLM\...\{304161EF-BA0D-490F-8665-7B7C9642EC61}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Custom Data (HKLM\...\{E4AF1B6B-8513-4DB7-B99D-BA2B58503829}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - CZ (HKLM\...\{3C9EAE39-E5F8-49D7-8BF4-B8C98988EB2E}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - DE (HKLM\...\{DFFC36D1-8475-4C1B-A888-EEC8A0471302}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Draw (HKLM\...\{406E4433-96CF-4D4D-8317-6B8E6BDD8856}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - EN (HKLM\...\{0AAA51D9-5029-4F53-8AFC-B7A9658B4BD5}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - ES (HKLM\...\{2EC99781-9735-44BA-9261-FAF0DFA2E915}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Filters (HKLM\...\{D4C83508-8D3A-4FBC-9F4C-AEF0D02DEF33}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Font Manager (HKLM\...\{17D53EFD-57F4-43D8-96B7-46682C9C9741}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - FR (HKLM\...\{62E510B1-B9D3-438D-A6B4-769154898F9D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM (HKLM\...\{442B9D08-9F56-43FE-905A-07364D0BFE8D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM Content (HKLM\...\{D3515161-7F82-447A-9005-BDBDCC7B60AE}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IT (HKLM\...\{5673571F-23E8-471C-8292-C6F77507FCFE}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - JP (HKLM\...\{26EB0B96-0F5A-45D8-B737-BA09458B7B5F}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - NL (HKLM\...\{F801240F-FB3E-4F96-B791-2C1B3AB6C247}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - PHOTO-PAINT (HKLM\...\{7546E875-C203-4E87-8A3D-FD179944A763}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - PL (HKLM\...\{7C2BC01E-EE8B-436E-AE7B-2FFFBCD33A89}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Redist (HKLM\...\{635BA79D-FF3B-47E6-98BE-05D9FA6F884C}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - RU (HKLM\...\{D13A47D5-0A68-4300-A21B-9A6D9F2FA75D}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Setup Files (HKLM\...\{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - TR (HKLM\...\{740C0A1F-4D0B-4586-96C6-3FFF416A3E89}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VBA (HKLM\...\{044AC1C1-C353-49D0-A97B-8BCCA9C4424E}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VideoBrowser (HKLM\...\{24DBD064-369D-423F-964E-6064340342CB}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Workspaces (HKLM\...\{3C68A5EA-7CBF-4CF7-9E24-3502014B3BE7}) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Writing Tools (HKLM\...\{7F9E5872-B446-4ADE-A9CC-0B7D7A5D8F08}) (Version: 18.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 (HKLM\...\_{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.0.450 - Corel Corporation)
CorelDRAW Graphics Suite X8 (HKLM\...\{13D9CD72-79DB-4F0F-890D-0A3E45DCBED9}) (Version: 18.0 - Corel Corporation) Hidden
CrystalDiskInfo 7.7.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.7.0 - Crystal Dew World)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
Destinations (HKLM\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (HKLM\...\{C222566F-1C50-4ECD-A01E-77F9C4B95458}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Driver Booster 5 (HKLM\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Drive Repair 2.0.0.1016 (HKLM\...\DVD Drive Repair_is1) (Version: 2.0.0.1016 - Rizonesoft)
Eines de correcció del Microsoft Office 2013: català (HKLM\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
ENCORE Wireless LAN Driver - PCI Adaptor (HKLM\...\{46710AEB-ACE9-4386-9DFB-8B65153BFA74}) (Version: 1.00.0000 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
F2200 (HKLM\...\{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
GPBaseService2 (HKLM\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{3690900F-85EA-447F-BAD1-5CA25AA9B627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (HKLM\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IHMC CmapTools v6.03.01 (HKLM\...\IHMC CmapTools v6.03.01) (Version: 6.0.3.1 - Institute for Human & Machine Cognition)
IPM_Common_x86 (HKLM\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.9.389 - Your Company Name) Hidden
Malwarebytes versión 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MarketResearch (HKLM\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.7.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 67.0.3 (x86 es-ES) (HKLM\...\Mozilla Firefox 67.0.3 (x86 es-ES)) (Version: 67.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.3.7108 - Mozilla)
MSI Star Cam 370i (HKLM\...\{19344041-26B8-403B-BC3B-6E7185AA7E76}) (Version: 100.000.070814 -  )
MSI Star Cam 370i (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.20.0.202_WQHL - Sonix)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{98EFD8F0-08DE-48DB-B922-A2EBAB711033}) (Version: 7.03.1151 - Nero AG)
NirSoft ShellExView (HKLM\...\NirSoft ShellExView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - MSI MSI Star Cam 370i (04/22/2008 1.0.0.0) (HKLM\...\92A6E160D295A14569F57189DA2588F0A1D1CD5E) (Version: 04/22/2008 1.0.0.0 - MSI)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x86) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Scan (HKLM\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (HKLM\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (HKLM\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UltraISO Premium V9.71 (HKLM\...\UltraISO_is1) (Version:  - )
UnloadSupport (HKLM\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebReg (HKLM\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
WinRAR 5.71 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-988120049-823985332-2827762242-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files\UltraISO\isoshell.dll [2015-10-08] (SHENZHEN YIBO DIGITAL SYSTEMS DEVELOPMENT CO. LTD. -> EZB Systems, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Gabmer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3540ba49f82ead5d\Avast Secure Browser.lnk -> C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2009-09-20 12:36 - 2009-09-20 12:36 - 000249344 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000213504 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 12:24 - 2009-09-20 12:24 - 000133120 _____ (Hewlett-Packard Co.) [File not signed] c:\program files\hp\digital imaging\bin\hpqddsvc.dll
2011-04-13 16:07 - 2011-04-13 16:07 - 000045568 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2011-04-13 16:07 - 2011-04-13 16:07 - 000055808 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2009-08-18 11:24 - 2009-08-18 11:24 - 000134144 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
2003-03-18 21:12 - 2003-03-18 21:12 - 001047552 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
2003-03-19 07:14 - 2003-03-19 07:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
2003-02-21 15:42 - 2003-02-21 15:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
2003-03-19 07:20 - 2003-03-19 07:20 - 001060864 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL
2006-12-19 10:30 - 2006-12-19 10:30 - 000081920 _____ (Prolific Technology Inc.) [File not signed] C:\Windows\system32\IoctlSvc.exe
2019-04-22 06:44 - 2018-09-05 21:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\.DEFAULT\...\123found.com -> 123found.com
IE restricted site: HKU\.DEFAULT\...\123keno.com -> 123keno.com
IE restricted site: HKU\.DEFAULT\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\.DEFAULT\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\.DEFAULT\...\1se.ru -> 1se.ru
IE restricted site: HKU\.DEFAULT\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\.DEFAULT\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\.DEFAULT\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\.DEFAULT\...\2020search.com -> 2020search.com
IE restricted site: HKU\.DEFAULT\...\20x2p.com -> 20x2p.com

There are 1540 more sites.

IE trusted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\20x2p.com -> 20x2p.com

There are 1540 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gabmer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 190.157.8.33 - 190.157.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Gabmer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"                                                                                                                                                                                                               
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"                                                                                                                                                                                                                
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files\DAEMON Tools Ultra\DTAgent.exe" -autorun                                                                                                                                                                                                               
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe                                                                                                                                                                                                                     
MSCONFIG\startupreg: iPScan5x => C:\Windows\iPScan5x.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe                                                                                                                                                                                                                    
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s                                                                                                                                                                                                                     
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skype for Desktop => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: tsnpstd3 => C:\Windows\tsnpstd3.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{369F83A7-C3E3-4968-AE48-6B0E77E04841}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07FE5FD3-1EDA-47AC-AC8D-DFA36273BEE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C1FC6C7-E285-49A0-B416-99B2D6E86A15}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{714E8B01-BE6F-4A26-8F00-8B8D65775F62}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E54FC876-AB51-4AB9-AA67-977D3F1E2F5E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{0CEDFF09-AC48-446C-A73C-DDBDC4B8A3D9}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{08456143-67BE-4634-B568-5939A8790D95}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{7655ECB2-E29B-4375-BCD0-8FE7ABBEF7EB}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{6B2ED917-53E3-42DA-8C76-71BBC1E1E392}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{490F0306-9E8C-4CB8-A55F-CC8E372B4A6C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe () [File not signed]
FirewallRules: [{A2B17CFB-34B2-48FA-BF78-6F49F476BBC5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{1BBB9F29-EDD3-4EFF-B8BD-88AB27E24F97}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{33AC16AD-649D-4283-8F9E-C143C5A469B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{1D86F836-0998-4AA6-8144-CE74E74E9C02}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe (Hewlett-Packard Development Co. L.P.) [File not signed]
FirewallRules: [{21330556-7607-4A02-B69C-2A13EEFD835C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe (Hewlett Packard -> Hewlett-Packard Development Co. L.P.)
FirewallRules: [{1AEA29CD-EEFE-49BD-9D8C-CC523BF1A683}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [File not signed]
FirewallRules: [{D1854DC3-299A-4188-B148-29DE0713AA13}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [File not signed]
FirewallRules: [{3CD12C69-F3A0-4C27-BF4E-0ADD909C48CF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{157590AF-27B5-4CE4-9B03-7F63B20DE0CE}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{44F7D694-BA18-426A-9103-7A39A7EB0101}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{E7D9263D-0CE7-47C1-92E8-40F126A757C9}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{9D0F9DE1-C0F9-409B-8370-277E750C54EF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68B1BD1A-2BCB-4F7A-939F-2AD0E6C1B4C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1132674-78B6-4785-83CE-E0E5312E4B35}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE0C99AC-34DC-48FC-93C6-D70478C296E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42E34D5B-76A5-4C7D-8F6A-424906D76670}] => (Allow) C:\Users\Gabmer\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1F1BF0A2-2049-44C6-9201-D84552CF777B}] => (Allow) C:\Users\Gabmer\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{79525CC8-6D81-4C8A-944E-AA52C86BCD4D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12E888BD-C4BB-4BC0-9DE9-89701B2D35ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2E86F5C0-8D97-4006-8BE9-90F4CFF26D94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A96F15D-5B0C-440D-911B-CD76A52CC95E}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{EF765D7A-320E-4347-B17E-F9C8E56597B3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{FED91EC7-05ED-41F5-93B3-9C88D08F4783}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe (IObit Information Technology -> IObit) [File not signed]
FirewallRules: [{4298F2AA-D3C0-45DF-ADF1-75BCDF016348}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe (IObit Information Technology -> IObit) [File not signed]
FirewallRules: [{AF12CE52-645C-4F74-BE85-D907F4E95E74}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{7B983A65-418D-40CC-AD64-4ACBCE1E56FA}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe (IObit Information Technology -> IObit)
FirewallRules: [{3F23FECD-BE8B-4C05-A0C4-F07EC7A91CE3}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [{CD777242-17B2-4800-A259-7E433676311E}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe (IObit Information Technology -> IObit)
FirewallRules: [TCP Query User{7A43A415-F241-4ABB-9FC8-9F6345786A2C}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [UDP Query User{4746C90D-3C1D-4B6E-8540-BC7C5C3E1DC9}C:\program files\ihmc cmaptools\jre\bin\javaw.exe] => (Allow) C:\program files\ihmc cmaptools\jre\bin\javaw.exe
FirewallRules: [{9F8556E5-DC7E-4FF1-9E96-27DBEC8BF8E2}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

15-06-2019 20:13:16 Punto de control programado
18-06-2019 19:22:26 Punto de comprobación por HitmanPro
18-06-2019 19:23:25 Punto de comprobación por HitmanPro
18-06-2019 19:26:04 Punto de comprobación por HitmanPro
19-06-2019 19:07:07 Removed Skype™ 7.3

==================== Faulty Device Manager Devices =============

Name: NIC de la tarjeta de red LAN inalámbrica 802.11n (Mini-)PCI Realtek RTL8190
Description: NIC de la tarjeta de red LAN inalámbrica 802.11n (Mini-)PCI Realtek RTL8190
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: rtl819xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2019 06:53:56 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: \Device\NetBT_Tcpip_{47803BD5-405F-4097-81B5-A7211CBCFDE6}

Error: (06/19/2019 06:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/19/2019 05:26:57 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: \Device\NetBT_Tcpip_{47803BD5-405F-4097-81B5-A7211CBCFDE6}

Error: (06/19/2019 05:22:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/19/2019 03:42:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina CoCreateInstance. HR = 0x80070013, El medio está protegido contra escritura.
.

Error: (06/19/2019 03:42:38 AM) (Source: VSS) (EventID: 13) (User: )
Description: Información del Servicio de instantáneas de volumen: el servidor COM con CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} y el nombre CEventSystem no puede iniciarse. [0x80070013, El medio está protegido contra escritura.
]

Error: (06/18/2019 07:26:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000368,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,017BF898.64). HR = 0x80070005, Acceso denegado.
.

Error: (06/18/2019 07:26:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al llamar a la rutina RegSetValueExW(0x00000518,(null),0,REG_BINARY,044AEA7C.64). HR = 0x80070005, Acceso denegado.
.


Operación:
   Evento BackupShutdown

Contexto:
   Contexto de ejecución: Writer
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {ffd0a75d-bb24-499a-b0b7-e1efa0e8f1c8}


System errors:
=============
Error: (06/20/2019 12:50:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/20/2019 12:20:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/20/2019 12:06:59 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Error al intentar leer el archivo local de hosts.

Error: (06/19/2019 11:48:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (06/19/2019 11:48:16 PM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AADS-11M2B1

Firmware Version: 80.0

Serial Number:      WD-WCAV53257266

Port: 0

Error: (06/19/2019 11:48:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.

Error: (06/19/2019 11:48:14 PM) (Source: nvstor32) (EventID: 3) (User: )
Description: Data error on device.



Device: \Device\RaidPort0

Model: WDC WD5000AADS-11M2B1

Firmware Version: 80.0

Serial Number:      WD-WCAV53257266

Port: 0

Error: (06/19/2019 11:48:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: El dispositivo, \Device\Harddisk0\DR0, tiene un bloque defectuoso.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. P1.10 10/13/2014
Motherboard: ASRock N68C-GS4 FX
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 60%
Total physical RAM: 1791.24 MB
Available physical RAM: 704.11 MB
Total Virtual: 3646.48 MB
Available Virtual: 705.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:63.11 GB) NTFS
Drive d: () (Fixed) (Total:319.18 GB) (Free:120.01 GB) NTFS
Drive l: () (Fixed) (Total:298.09 GB) (Free:297.62 GB) NTFS

\\?\Volume{476432d2-0dfc-11e8-9a1c-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 00042F59)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 72706D6F)
No partition Table on disk 1.

==================== End of Addition.txt ============================

:thinking: Ahí estan los reportes pedidos, los publiqué a los pocos minutos de haber sido pedidos por la moderadora, por si hay alguien que quiera y pueda dar su opinión y analisis en base a esos reportes.

Gracias

Hola @Antioisco

Disculpa la demora en responder, se me paso tu notificación.

Solo los Miembros del Staff podemos analizar esos reportes.


Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…


Ejecutaste FRST desde un lugar incorrecto:

Corta el ejecutable y pegalo en el escritorio.

Running from C:\Users\Gabmer\Downloads

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {c98c15da-1545-11e8-8a3d-d050996057c9} - L:\setup.exe
HKU\S-1-5-21-988120049-823985332-2827762242-1000\...\MountPoints2: {e1da1e80-4e8f-11e9-84ec-d050996057c9} - F:\HiSuiteDownLoader.exe
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-988120049-823985332-2827762242-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 HuaweiHiSuiteService.exe; "C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe" -/service [X]
S2 rcdll; C:\Users\Gabmer\AppData\Local\Temp\rcdll.exe [X] <==== ATTENTION
U0 Partizan; system32\drivers\Partizan.sys [X]
2019-06-20 00:03 - 2019-02-09 23:22 - 000000000 __SHD C:\found.005
2019-06-20 00:03 - 2019-02-09 19:46 - 000000000 __SHD C:\found.006
2019-06-20 00:03 - 2019-02-08 21:24 - 000000000 __SHD C:\found.004
2019-06-20 00:03 - 2019-01-26 00:06 - 000000000 __SHD C:\found.003
2019-06-20 00:03 - 2018-12-10 00:47 - 000000000 ____D C:\Temp
2019-06-20 00:03 - 2018-11-26 00:18 - 000000000 __SHD C:\found.002
2019-06-20 00:03 - 2018-11-25 23:46 - 000000000 __SHD C:\found.001
2019-06-20 00:03 - 2018-07-08 18:03 - 000000000 __SHD C:\found.000
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Al margen de tu infección tu disco duro podría estar en problemas.

Has ejecutado Scandisk o Checkdisk últimamente?

Salu2.

Si, tambien CrystalDiskInfo y me dice que el disco duro esta en riesgo, muestra la temperatura en 38 grados, tal vez esa es la razon que a veces se queda congelado el pc y no reacciona, en muchos casos tengo que reiniciar el pc, demora mucho en cerrar sesion, la navegación en internet es lenta, etc. Estoy pensando en hacer un formateo de bajo nivel si la situación sigue así, pero haciendo calculos, creo demora en formatear las 500GB en 10 o 12 horas.

No seria mejor volver a realizar el analisis nuevamente?

Hola:

No es necesario, solo corta el ejecutable y pegarlo en el escritorio y luego sigue los pasos.

Salu2

Solamente dejo chuleada esa casilla?, al abrir el programa viene con la casilla “remove desinfection tools” marcada.

Hola:

Si solo la indicada.

Destilda la que no necesitamos por ahora.

Salu2