Login con mi usuario tarda mas de 15 minutos en iniciar sesion

Buenas, tengo un equipo con Windows 10, el cual al iniciar sesion con mi usuario tarda mas de 15 minutos, y cuando entro con el usuario Guest entra normal en unos 20 a 30 segundos. Ejecute el Windows Defender y no encontre nada. Update: Ejecute el Malwarebytes y no encontro nada, tambien ejecute el CCleaner y todo normal por lo visto.

Hola @alinsan

Bienvenido al foro

Podrías traer el reporte de malwarebytes?

Saludos

1 me gusta
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/12/22
Scan Time: 9:13 AM
Log File: 7c16322a-01e4-11ed-b293-0c9d92159034.json

-Software Information-
Version: 4.5.10.200
Components Version: 1.0.1709
Update Package Version: 1.0.57136
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1806)
CPU: x64
File System: NTFS
User: ASANCHEZR-DH02\Alejandro.SanchezR

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 421493
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 4 hr, 43 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Hola nuevamente

Pareciera no haber nada, vamos a comprobar un poco mas con otros programas.

1) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.

2) Realizas un análisis con Dr Web CureIt siguiendo las instrucciones de su manual perfectamente explicadas. Eso sí, descarga Dr web Cure It de: https://www.infospyware.com/Software/click.php?id=41

Nota: Presta atencion una ves que eset termina su analisis para poder generar bien el reporte, si por alguna razon se te pasa puedes subir una captura de pantalla con los archivos que puso en cuarentena.

Pegas los reportes de Eset Online Scaner y Dr Web CureIt y comentas como va el PC.

Salu2.

Aca va el de DrWebCureIt (tardo como 5 horas):

Total 567583291055 bytes in 774571 files scanned (1759381 objects)
Total 774646 files (1759182 objects) are clean
There are no infected objects detected
Total 196 files are raised error condition
Scan time is 04:44:01.543

Aca el ESET (8 horas):
7/14/2022 9:07:18 AM
Files scanned: 752120
Detected files: 0
Cleaned files: 0
Total scan time: 08:27:11
Scan status: Finished

Asumo que en algun lado debo tener un malware o algo, porque en el foro me salen publicidades, o esta bien eso?

Hola @alinsan

Asumo que en algún lado debo tener un malware o algo, porque en el foro me salen publicidades, o esta bien eso? El foro tiene un poco de publicidad pero ni se nota, no debería ser molesta.

Vamos a continuar, según los reportes hasta ahora esta todo limpio

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:warning: Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).
  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.
  3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.
  4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

1 me gusta

Hola @DanielIG, aca van los reportes FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2022
Ran by Alejandro.SanchezR (administrator) on ASANCHEZR-DH02 (19-07-2022 11:03:32)
Running from C:\Users\alejandro.sanchezr\Downloads
Loaded Profiles: Alejandro.SanchezR
Platform: Microsoft Windows 10 Enterprise Version 21H2 19044.1806 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe <8>
(C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
(C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe ->) (Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Program Files\Slack\app-4.17.1\Slack.exe <6>
(C:\Program Files\CrowdStrike\CSFalconService.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.) C:\Program Files\CrowdStrike\CSFalconContainer.exe <2>
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> ) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(C:\Program Files\TechSmith\Snagit 2019\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2019\SnagitEditor.exe
(C:\Program Files\TechSmith\Snagit 2019\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2019\SnagPriv.exe
(C:\Windows\CCM\CcmExec.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\AnalyticsSrv.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe
(explorer.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(explorer.exe ->) (Grammarly, Inc. -> ) C:\Users\alejandro.sanchezr\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII2E.EXE
(explorer.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2019\Snagit32.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\alejandro.sanchezr\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_af05098764da921f\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_fc9ac11e55f51133\RstMwService.exe
(services.exe ->) (Mathias Kettner GmbH) [File not signed] C:\Program Files (x86)\check_mk\check_mk_agent.exe
(services.exe ->) (Microsoft Corporation -> ) C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.) C:\Program Files\CrowdStrike\CSFalconService.exe
(services.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe <2>
(svchost.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe
(svchost.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102800 2021-06-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2019\Snagit32.exe [8940000 2020-07-29] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [13284200 2022-04-26] (Palo Alto Networks -> Palo Alto Networks)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1713432 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [InstallHelper] => C:\Program Files (x86)\Citrix\Citrix WorkSpace 2206\InstallHelper.exe [407472 2022-06-29] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [AnalyticsSrv] => C:\Program Files (x86)\Citrix\ICA Client\Receiver\AnalyticsSrv.exe [2607208 2022-06-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2944984 2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [569816 2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [1] => netsh advfirewall firewall add rule name="service_desk" dir=in action=allow protocol=TCP localport=9000 remoteip=10.2.3.50
HKLM\...\Policies\Explorer\Run: [2] => netsh advfirewall firewall add rule name="check_mk" dir=in action=allow protocol=TCP localport=6556 remoteip=10.31.2.29-10.31.2.30
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\itadmin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\itadmin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\RunOnce: [Uninstall 21.170.0822.0002\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\itadmin\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\amd64" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\RunOnce: [Uninstall 21.170.0822.0002] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\itadmin\AppData\Local\Microsoft\OneDrive\21.170.0822.0002" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\RunOnce: [Uninstall 21.160.0808.0002\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\amd64" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\RunOnce: [Uninstall 21.160.0808.0002] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\user\AppData\Local\Microsoft\OneDrive\21.160.0808.0002" (No File)
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [Grammarly] => C:\Users\alejandro.sanchezr\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [946136 2022-06-29] (Grammarly, Inc. -> )
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [com.squirrel.Teams.Teams] => C:\Users\alejandro.sanchezr\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-06-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATII2E.EXE [283232 2015-01-14] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Run: [com.squirrel.slack.slack] => C:\Program Files\Slack\slack.exe [325320 2021-06-04] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKLM\...\Print\Monitors\EPSON L210 Series 64MonitorBE: C:\windows\system32\E_YLMI2E.DLL [120320 2015-01-14] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-06] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{60f15951-e7ef-11ea-b28e-c4b301b9ed33}] -> C:\Program Files (x86)\Citrix\ICA Client\CitrixWorkspaceBrowser\101.1.1.12\Installer\chrmstp.exe [2022-07-12] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{25CA8579-1BD8-469c-B9FC-6AC45A161C18}] -> C:\windows\system32\PanV2CredProv.dll [2022-04-26] (Palo Alto Networks -> )
HKLM\Software\...\Winlogon\GPExtensions: [{346193F5-F2FD-4DBD-860C-B88843475FD3}] -> C:\windows\system32\CcmUsrCse.dll [2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Workspace.lnk [2021-10-08]
ShortcutTarget: Citrix Workspace.lnk -> C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\custom_settings.bat [2020-11-05] () [File not signed]
Startup: C:\Users\PaymentPortal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\custom_settings.bat [2020-11-05] () [File not signed]
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06FF5EFD-74D2-411E-B003-26A62D581FE9} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\windows\system32\wbem\wmic.exe /NAMESPACE:\\root\ccm\dcm path SMS_DesiredConfiguration CALL EvaluatePassportCertProfiles /NOINTERACTIVE
Task: {1228BF3F-D467-42A5-826E-C3FA801FF263} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [3731336 2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {15BC0EB1-8769-4A46-BB18-4170ECBA9628} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\alejandro.sanchezr\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-07-13] (ESET, spol. s r.o. -> ESET)
Task: {1BE34063-63FF-4316-B76F-417F9A7AE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {20D75945-DE86-4174-B08B-91437FA54B14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-29] (Google LLC -> Google LLC)
Task: {280D59E8-8434-4828-BD4B-418312C198C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-06-14] (Piriform Software Ltd -> Piriform)
Task: {38E8A36B-B116-4661-8EF7-A21E0B3FEAC4} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2246140763-174917453-3964808569-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D931C1F-900E-4211-B1BF-C90F5E8A1ADE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {527C868E-B050-4A66-9DA2-8B5EC7EAFF94} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [66472 2022-04-05] (Microsoft Corporation -> Microsoft)
Task: {552DF11C-D638-4757-A2D2-2452605F5E9C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E871594-036D-4AA7-8D6D-BCE97129E1CF} - System32\Tasks\Hardware_scan => C:\Windows\System32\cscript.exe ae_scan.vbs
Task: {6225FAFD-82B0-471A-A522-BF349AED9168} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414176 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {73E50EC0-487F-4B80-8D82-779314788677} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2246140763-174917453-3964808569-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {80D04770-5541-4346-A2E6-BBA280EF4FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-29] (Google LLC -> Google LLC)
Task: {8E134AA2-1597-4B1B-A330-C12F65AD4702} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {94FFDBD8-B0CD-4F1A-A0EB-345EC0F77D81} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {9CE3810F-7ED7-42E0-9BBF-33A7114728DA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FD64164-B121-45C6-8991-A946D88AFA5C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4201112 2022-07-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6912871-517A-460E-9CF8-04722AC51625} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\alejandro.sanchezr\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-07-13] (ESET, spol. s r.o. -> ESET)
Task: {A73A231C-E922-4B6A-AD14-13AA4BB02975} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF12A7C7-6E2B-4D4F-949F-63FE216D5954} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-458959949-1661322348-1216269518-18837 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {B35B8979-CE1A-4BC5-9158-EC819BE5FCFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8414176 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC65DAAE-DA29-419E-AC80-09C7CBF3727F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {CF136E06-0F3D-42D8-A4B7-82E79EB91F59} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\windows\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {CFFE223C-D5E6-4BF3-984B-3BD3C6647AC7} - System32\Tasks\CCleanerSkipUAC - Alejandro.SanchezR => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {E4BD7294-DB19-4D5B-807F-7F34EA0BDC95} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\windows\system32\gpupdate.exe [30720 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {EAD41F35-69DA-45F6-8511-FFD6D574E03F} - System32\Tasks\PowerToys\Autorun for Alejandro.SanchezR => C:\Program Files\PowerToys\PowerToys.exe [1036192 2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB941A29-E559-4B35-B396-A427FA348436} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection => {4ca7a766-13d8-4652-8016-b01a03117903}
Task: {F6F714B1-6343-433E-8BA8-5EB5654ACE6C} - System32\Tasks\Intel PTT EK Recertification => C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {FF7CA941-7A23-4BE0-92E2-0EC760A9A348} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3d8ee27b-94c9-478d-84ed-468d01fa7f4e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6f6520da-180a-4152-9325-815c5c58e502}: [NameServer] 10.2.3.133,10.2.3.134

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\alejandro.sanchezr\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-18]
Edge Notifications: Default -> hxxps://teams.microsoft.com

FireFox:
========
FF DefaultProfile: pxm988e7.default
FF ProfilePath: C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\pxm988e7.default [2021-10-08]
FF ProfilePath: C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release [2022-07-19]
FF Session Restore: Mozilla\Firefox\Profiles\ai9247be.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\ai9247be.default-release -> hxxps://web.whatsapp.com; hxxps://mail.google.com
FF Extension: (Facebook Container) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\@contain-facebook.xpi [2022-03-17]
FF Extension: (React Developer Tools) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\@react-devtools.xpi [2022-07-15]
FF Extension: (Redux DevTools) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\[email protected] [2022-04-07]
FF Extension: (Code Copier) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{52bb73fc-a89b-45fd-87ed-b7278bcda979}.xpi [2021-10-08]
FF Extension: (ColorZilla) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2021-10-08]
FF Extension: (X-notifier Neo) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{c98e042b-917d-4bdb-b125-dd3ace21ab71}.xpi [2022-05-23]
FF Extension: (Greasemonkey) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-10-08]
FF Extension: (Awesome Vimeo Downloader) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{f5eca307-f4c6-4120-89e1-1b32c0262944}.xpi [2021-10-08]
FF Extension: (Morning Coffee Quantum) - C:\Users\alejandro.sanchezr\AppData\Roaming\Mozilla\Firefox\Profiles\ai9247be.default-release\Extensions\{fbcbdc47-ebd2-42f0-b2bb-7cc902ec2f40}.xpi [2021-10-08]
FF Plugin: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-10-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-10-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Default [2022-07-18]
CHR Notifications: Default -> hxxps://teams.microsoft.com
CHR Extension: (Video Downloader for Vimeo) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmcdpfpkoildicgacgldinemhgmcbgp [2022-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-01]
CHR Extension: (Mindfulmeets) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Default\Extensions\klijkcoheoaeneocljilhfphpdhdcpna [2022-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-04]
CHR Profile: C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-12]
CHR Profile: C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-07-19]
CHR Notifications: Profile 1 -> hxxps://meet.google.com
CHR Extension: (Google Docs Offline) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-13]
CHR Extension: (Mindfulmeets) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klijkcoheoaeneocljilhfphpdhdcpna [2022-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-13]
CHR Profile: C:\Users\alejandro.sanchezr\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
R2 CcmExec; C:\windows\CCM\CcmExec.exe [2212728 2020-05-01] (Microsoft Corporation -> Microsoft Corporation)
R2 Check_MK_Agent; C:\Program Files (x86)\check_mk\check_mk_agent.exe [211456 2015-07-15] (Mathias Kettner GmbH) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111264 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
S4 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [1023384 2019-11-05] (Microsoft Corporation -> Microsoft Corporation)
R2 CsFalconService; C:\Program Files\CrowdStrike\CSFalconService.exe [3166264 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.)
R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [59824 2022-06-28] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 EpsonScanSvc; C:\windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2261600 2021-05-12] (voidtools -> voidtools)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncHelper.exe [3381632 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation -> Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation -> Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-18] (Malwarebytes Inc. -> Malwarebytes)
R2 MicrosoftSearchInBing; C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
S3 OfficeSvcManagerAddons; C:\windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.131.0619.0001\OneDriveUpdaterService.exe [3822496 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [11302760 2022-04-26] (Palo Alto Networks -> Palo Alto Networks)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 smstsmgr; C:\windows\CCM\TSManager.exe [373128 2020-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16184216 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3658832 2019-06-28] (TechSmith Corporation -> TechSmith Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\windows\system32\DRIVERS\acsock64.sys [300456 2021-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R1 CSAgent; C:\windows\system32\drivers\CrowdStrike\csagent.sys [2827592 2022-06-22] (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.)
S0 CSBoot; C:\windows\System32\drivers\CrowdStrike\CSBoot.sys [40584 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> CrowdStrike, Inc.)
R3 CSDeviceControl; C:\windows\System32\drivers\CSDeviceControl.sys [224448 2022-01-22] (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.)
R0 CSFirmwareAnalysis; C:\windows\System32\DRIVERS\CSFirmwareAnalysis.sys [93248 2021-10-21] (Microsoft Windows Hardware Compatibility Publisher -> CrowdStrike, Inc.)
R2 ctxusbm; C:\windows\system32\DRIVERS\ctxusbmon.sys [136680 2021-09-23] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 gpfltdrv; C:\windows\system32\DRIVERS\gpfltdrv.sys [109808 2022-04-26] (Palo Alto Networks -> Palo Alto Networks)
S0 MbamElam; C:\windows\System32\DRIVERS\MbamElam.sys [21480 2022-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [239544 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 PanGpd; C:\windows\system32\DRIVERS\pangpd.sys [71968 2022-04-26] (Palo Alto Networks -> Palo Alto Networks Inc.)
S3 prepdrvr; C:\windows\system32\DRIVERS\prepdrv.sys [26984 2020-05-02] (Microsoft Corporation -> Microsoft Corporation)
S3 PVBalloon; C:\windows\System32\drivers\PVBalloon.sys [55016 2021-05-12] (Canonical Group Ltd -> Canonical)
S3 PVEntropy; C:\windows\System32\drivers\PVEntropy.sys [47312 2021-05-12] (Canonical Group Ltd -> Canonical)
S3 PVSerial; C:\windows\System32\drivers\PVSerial.sys [72032 2021-05-12] (Canonical Group Ltd -> Canonical)
S0 PVStorage; C:\windows\System32\drivers\PVStorage.sys [49896 2021-05-12] (Canonical Group Ltd -> Canonical)
R1 vbdenum; C:\windows\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S0 vioscsi; C:\windows\System32\drivers\vioscsi.sys [78312 2021-05-12] (Canonical Group Ltd -> Canonical Ltd.)
S3 vpnva; C:\windows\System32\drivers\vpnva64-6.sys [74064 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\windows\system32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-19 11:03 - 2022-07-19 11:07 - 000038176 _____ C:\Users\alejandro.sanchezr\Downloads\FRST.txt
2022-07-19 11:02 - 2022-07-19 11:06 - 000000000 ____D C:\FRST
2022-07-19 11:00 - 2022-07-19 11:00 - 002369536 _____ (Farbar) C:\Users\alejandro.sanchezr\Downloads\FRST64.exe
2022-07-18 19:37 - 2022-07-18 19:38 - 001816140 _____ C:\windows\Minidump\071822-31687-01.dmp
2022-07-18 19:37 - 2022-07-18 19:38 - 000000000 ____D C:\windows\Minidump
2022-07-18 19:37 - 2022-07-18 19:37 - 1911772886 _____ C:\windows\MEMORY.DMP
2022-07-15 19:46 - 2022-07-15 19:46 - 000091899 _____ C:\Users\alejandro.sanchezr\Downloads\0L8k0w0PR4G4lQoQy9hjQUUy5A7yieTlqhdOPIwjOitXA.pdf
2022-07-14 18:48 - 2022-07-14 18:48 - 000000000 ____D C:\ProgramData\CrowdStrike
2022-07-14 18:48 - 2022-07-14 18:48 - 000000000 ____D C:\Program Files\CrowdStrike
2022-07-14 10:13 - 2022-07-14 10:13 - 000002494 _____ C:\Users\alejandro.sanchezr\Downloads\fundacion.pem
2022-07-14 09:55 - 2022-07-14 09:55 - 000002498 _____ C:\Users\alejandro.sanchezr\Downloads\dev-35-level-2_key.pem
2022-07-14 09:07 - 2022-07-14 09:07 - 000000264 _____ C:\Users\alejandro.sanchezr\Documents\ese.txt
2022-07-13 17:13 - 2022-07-13 17:13 - 000000000 ____D C:\Users\alejandro.sanchezr\Doctor Web
2022-07-13 17:11 - 2022-07-13 17:12 - 275300248 _____ C:\Users\alejandro.sanchezr\Downloads\7lby397a.exe
2022-07-13 17:02 - 2022-07-13 17:02 - 015274968 _____ (ESET) C:\Users\alejandro.sanchezr\Downloads\esetonlinescanner.exe
2022-07-13 08:57 - 2022-07-13 08:57 - 000000000 ___HD C:\$WinREAgent
2022-07-12 18:24 - 2022-07-12 18:24 - 000208908 _____ C:\Users\alejandro.sanchezr\Downloads\6ml35g.mp4
2022-07-12 16:40 - 2022-07-12 17:21 - 000556450 _____ C:\Users\alejandro.sanchezr\Downloads\Documentos adjuntos.pdf
2022-07-12 13:34 - 2022-07-12 13:34 - 003629204 _____ C:\Users\alejandro.sanchezr\Downloads\Praising Your Child Reference Guide.pdf
2022-07-12 09:37 - 2022-07-12 09:37 - 000000000 ____D C:\ProgramData\Piriform
2022-07-12 09:23 - 2022-07-19 09:30 - 000000000 ____D C:\Program Files\CCleaner
2022-07-12 09:23 - 2022-07-12 09:23 - 000003936 _____ C:\windows\system32\Tasks\CCleaner Update
2022-07-12 09:23 - 2022-07-12 09:23 - 000002942 _____ C:\windows\system32\Tasks\CCleanerSkipUAC - Alejandro.SanchezR
2022-07-12 09:23 - 2022-07-12 09:23 - 000000873 _____ C:\Users\Public\Desktop\CCleaner.lnk
2022-07-12 09:23 - 2022-07-12 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-07-12 09:21 - 2022-07-12 09:21 - 000002544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk
2022-07-12 09:21 - 2022-07-12 09:21 - 000000000 ____D C:\ProgramData\Citrix
2022-07-12 09:11 - 2022-07-12 09:11 - 000003896 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-07-12 09:11 - 2022-07-12 09:11 - 000003454 _____ C:\windows\system32\Tasks\EOSv3 Scheduler onTime
2022-07-11 19:27 - 2022-07-11 19:27 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\mbam
2022-07-11 18:38 - 2022-07-11 18:38 - 000239544 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2022-07-11 18:38 - 2022-07-11 18:38 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-11 18:38 - 2022-07-11 18:38 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-11 18:38 - 2022-07-11 18:37 - 000158640 _____ (Malwarebytes) C:\windows\system32\Drivers\mbae64.sys
2022-07-11 18:38 - 2022-07-11 18:36 - 000021480 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamElam.sys
2022-07-11 18:36 - 2022-07-11 18:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-11 18:36 - 2022-07-11 18:36 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-11 16:31 - 2022-07-13 17:03 - 000001405 _____ C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-07-11 16:31 - 2022-07-13 17:03 - 000001299 _____ C:\Users\alejandro.sanchezr\Desktop\ESET Online Scanner.lnk
2022-07-11 16:31 - 2022-07-11 16:31 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\ESET
2022-07-08 17:43 - 2015-04-30 23:09 - 883121900 _____ C:\Users\alejandro.sanchezr\Downloads\Un perro de otro mundo. By OCRAM10.avi
2022-07-07 15:53 - 2022-07-07 15:54 - 001490810 _____ C:\Users\alejandro.sanchezr\Downloads\Docum_Extraccion_prenatal_ingles.pdf
2022-07-06 13:18 - 2022-07-08 08:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-04 15:47 - 2022-07-04 15:47 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Palo Alto Networks
2022-07-04 15:47 - 2022-07-04 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Palo Alto Networks
2022-07-04 15:47 - 2022-07-04 15:47 - 000000000 ____D C:\Program Files\Palo Alto Networks
2022-07-04 15:46 - 2022-07-04 15:46 - 048353792 _____ C:\Users\alejandro.sanchezr\Downloads\GlobalProtect64.msi
2022-07-03 18:21 - 2022-07-03 18:21 - 000693248 _____ C:\windows\system32\FsNVSDeviceSource.dll
2022-07-03 18:21 - 2022-07-03 18:21 - 000270848 _____ C:\windows\system32\EsclScan.dll
2022-07-03 18:21 - 2022-07-03 18:21 - 000152064 _____ C:\windows\system32\EsclProtocol.dll
2022-07-03 18:21 - 2022-07-03 18:21 - 000033280 _____ (Microsoft Corporation) C:\windows\system32\mode.com
2022-07-03 18:21 - 2022-07-03 18:21 - 000026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mode.com
2022-07-03 18:21 - 2022-07-03 18:21 - 000020992 _____ (Microsoft Corporation) C:\windows\system32\tree.com
2022-07-03 18:21 - 2022-07-03 18:21 - 000018944 _____ C:\windows\SysWOW64\WsdProviderUtil.dll
2022-07-03 18:21 - 2022-07-03 18:21 - 000017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\tree.com
2022-07-03 18:21 - 2022-07-03 18:21 - 000014848 _____ (Microsoft Corporation) C:\windows\system32\chcp.com
2022-07-03 18:21 - 2022-07-03 18:21 - 000012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\chcp.com
2022-07-03 18:20 - 2022-07-03 18:20 - 000061952 _____ C:\windows\system32\printticketvalidation.dll
2022-07-03 18:20 - 2022-07-03 18:20 - 000057344 _____ C:\windows\system32\APMonUI.dll
2022-07-03 18:20 - 2022-07-03 18:20 - 000011801 _____ C:\windows\system32\DrtmAuthTxt.wim
2022-07-03 18:19 - 2022-07-03 18:19 - 002260480 _____ C:\windows\system32\TextInputMethodFormatter.dll
2022-07-03 18:19 - 2022-07-03 18:19 - 000640512 _____ C:\windows\system32\SettingSyncDownloadHelper.dll
2022-07-03 18:19 - 2022-07-03 18:19 - 000024576 _____ C:\windows\system32\WsdProviderUtil.dll
2022-07-03 18:18 - 2022-07-03 18:18 - 000288768 _____ C:\windows\system32\Windows.Management.InprocObjects.dll
2022-07-03 18:05 - 2022-07-03 19:29 - 000000000 ____D C:\Program Files\Adobe
2022-06-30 10:17 - 2022-06-30 10:17 - 000002713 _____ C:\Users\alejandro.sanchezr\Desktop\Google Meet.lnk
2022-06-29 08:02 - 2022-06-29 08:02 - 000070832 _____ C:\Users\alejandro.sanchezr\Downloads\OrdendeAtencion_2233891-3.pdf
2022-06-28 19:12 - 2022-06-28 19:12 - 017594257 _____ C:\Users\alejandro.sanchezr\Downloads\siento.pdf
2022-06-27 20:11 - 2022-06-27 20:11 - 000103824 _____ C:\Users\alejandro.sanchezr\Downloads\Formato de hojas UEE.pdf
2022-06-24 18:27 - 2022-06-24 18:27 - 000341746 _____ C:\Users\alejandro.sanchezr\Downloads\Credit-Card-Number-Testing-901f24b7-4898-43b6-9322-b7a1c33a6d04-3.pdf
2022-06-24 18:13 - 2022-06-24 18:13 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\SourceServer
2022-06-24 10:58 - 2022-06-24 10:58 - 006733824 _____ C:\Users\alejandro.sanchezr\Downloads\Redis-x64-3.0.504.msi
2022-06-23 18:17 - 2022-06-23 18:17 - 000000000 ____D C:\Users\alejandro.sanchezr\.ms-ad
2022-06-23 18:16 - 2022-06-23 18:17 - 000341746 _____ C:\Users\alejandro.sanchezr\Downloads\Credit-Card-Number-Testing-901f24b7-4898-43b6-9322-b7a1c33a6d04-2.pdf
2022-06-22 15:57 - 2022-06-22 15:57 - 002128834 _____ C:\Users\alejandro.sanchezr\Downloads\ACFrOgAMpTxhefXhzegGzxLnWI3F3cSdC7u8lZwbyXu7oFKNBt2KfV-FK52VnwywgE7FHP7ezVUA5uERTqJ_iYTWLEKOnfcsuuxATgNAZHVq7nHW36JQl3fD_2Kpbko=.pdf
2022-06-22 15:57 - 2022-06-22 15:57 - 000142429 _____ C:\Users\alejandro.sanchezr\Downloads\Certificado de asistencia - Curso Online _Seguridad Alimentaria en Casa_.pdf
2022-06-22 15:56 - 2022-06-22 15:56 - 000212014 _____ C:\Users\alejandro.sanchezr\Downloads\ACFrOgCkarlIDhqQO-j5PHWmap9bYXhnBg0ddcOww1uT7w04zV7h2oG7q37q7fp3KAml2EM8uNjjIzL6OAv7xs6RrYYxPd7abGSSPPNlWsuJGi5SBeNNWLY0qsaJstc=.pdf
2022-06-22 15:55 - 2022-06-22 15:55 - 000377232 _____ C:\Users\alejandro.sanchezr\Downloads\ACFrOgA8kwuqddeRsk42fuqxYTr1JP2U3ysWc8rfpxK0RVv6HCX2qFDictGFiM-kZcpDaJ5IwDiFgI9NV-BxbZrlVIfSfZHG5cc3aBzmwtdDRk3lLAcDceV29qWsy6Q=.pdf
2022-06-22 15:55 - 2022-06-22 15:55 - 000114482 _____ C:\Users\alejandro.sanchezr\Downloads\ACFrOgD_M17HkrtPQ0xMiPwdPGa47rF4woFlF48UpC7Vr5MAeDZqxAjs08_7ZW9dpGW393EuNStfq-AhF-yGSZCd6tMwXgunmUMgmr5ghEN0YlCJ1vmMXtwBtK3Pa6U=.pdf
2022-06-22 15:54 - 2022-06-22 15:54 - 000577907 _____ C:\Users\alejandro.sanchezr\Downloads\ACFrOgCAH7rGMVbLNbvozpk8nmvVhUq6HVOfenhdD1kVTsfl5mmie_y09aW01SmY9DFwV1CUv7GpBWMqvO8hWvcfQZMVfmzbODrGfmbcSfaTiWk7tATqA5sAmy8Or-E=.pdf
2022-06-22 15:37 - 2022-06-22 15:37 - 000209352 _____ (CrowdStrike, Inc.) C:\windows\system32\ScriptControl64_15316.dll
2022-06-22 15:37 - 2022-06-22 15:37 - 000167544 _____ (CrowdStrike, Inc.) C:\windows\SysWOW64\ScriptControl32_15316.dll
2022-06-22 15:37 - 2022-06-22 15:37 - 000067336 _____ (CrowdStrike, Inc.) C:\windows\system32\umppc15316.dll
2022-06-22 15:37 - 2022-06-22 15:37 - 000047656 _____ (CrowdStrike, Inc.) C:\windows\system32\CrowdStrike.Sensor.ScriptControl15316.dll
2022-06-21 15:40 - 2022-06-21 15:40 - 000341746 _____ C:\Users\alejandro.sanchezr\Downloads\Credit-Card-Number-Testing-901f24b7-4898-43b6-9322-b7a1c33a6d04-1.pdf
2022-06-20 09:30 - 2022-06-20 09:30 - 000015243 _____ C:\Users\alejandro.sanchezr\Downloads\Untitled-2022-06-16-1615.excalidraw

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-19 11:06 - 2021-06-29 22:33 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-19 11:02 - 2021-10-29 16:33 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Slack
2022-07-19 11:01 - 2021-10-08 09:52 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Citrix
2022-07-19 11:01 - 2021-10-08 09:16 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\LocalLow\Mozilla
2022-07-19 10:42 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-19 09:50 - 2021-10-08 10:08 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\D3DSCache
2022-07-19 09:21 - 2022-02-10 09:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-19 09:21 - 2021-06-28 22:39 - 000892836 _____ C:\windows\system32\PerfStringBackup.INI
2022-07-19 09:21 - 2019-12-07 05:13 - 000000000 ____D C:\windows\INF
2022-07-19 09:20 - 2022-06-08 09:32 - 000000000 ____D C:\windows\system32\Tasks\PowerToys
2022-07-19 09:20 - 2021-09-15 15:13 - 000000621 _____ C:\windows\SMSCFG.ini
2022-07-19 09:19 - 2019-12-07 05:14 - 000000000 ____D C:\windows\system32\inetsrv
2022-07-19 09:18 - 2021-10-08 08:36 - 000000000 __SHD C:\Users\alejandro.sanchezr\IntelGraphicsProfiles
2022-07-19 09:17 - 2021-10-14 16:55 - 000000000 ____D C:\windows\system32\Drivers\CrowdStrike
2022-07-19 09:17 - 2021-10-08 09:18 - 000000000 ____D C:\Program Files\TeamViewer
2022-07-19 09:17 - 2021-09-15 14:56 - 000000000 ____D C:\Intel
2022-07-19 09:17 - 2021-06-29 01:28 - 000000006 ____H C:\windows\Tasks\SA.DAT
2022-07-19 09:17 - 2021-06-29 01:27 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-19 09:17 - 2019-12-07 05:14 - 000000000 ____D C:\windows\ServiceState
2022-07-19 09:17 - 2019-12-07 05:03 - 000032768 _____ C:\windows\system32\config\ELAM
2022-07-18 19:55 - 2019-12-07 05:03 - 000786432 _____ C:\windows\system32\config\BBI
2022-07-18 19:54 - 2021-10-08 18:51 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\CrashDumps
2022-07-18 19:54 - 2021-06-29 01:27 - 000000000 ____D C:\windows\system32\SleepStudy
2022-07-18 19:30 - 2021-10-08 11:17 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Everything
2022-07-18 19:30 - 2021-10-08 11:08 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Everything
2022-07-18 17:12 - 2021-10-08 12:14 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Postman
2022-07-18 16:51 - 2019-12-07 05:14 - 000000000 ____D C:\windows\LiveKernelReports
2022-07-18 13:00 - 2021-10-04 13:00 - 000022529 _____ C:\windows\system32\asanchezr-dh02.jalasoft.local.xml
2022-07-18 09:16 - 2021-06-29 01:28 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-18 09:16 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-18 09:16 - 2019-12-07 05:14 - 000000000 ____D C:\windows\AppReadiness
2022-07-15 07:51 - 2021-10-08 08:36 - 000000000 ____D C:\Users\alejandro.sanchezr
2022-07-14 19:44 - 2021-10-08 19:02 - 000009792 _____ C:\Users\alejandro.sanchezr\.bash_history
2022-07-14 18:48 - 2021-09-15 15:13 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-14 18:48 - 2019-12-07 05:14 - 000000000 ___HD C:\windows\ELAMBKUP
2022-07-14 10:17 - 2022-03-14 10:07 - 000000000 ____D C:\Users\alejandro.sanchezr\.ssh
2022-07-14 09:30 - 2021-10-08 11:15 - 000002146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-07-13 15:27 - 2021-10-08 08:36 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Packages
2022-07-12 09:46 - 2021-06-29 01:27 - 000000000 ____D C:\windows\Panther
2022-07-12 09:21 - 2021-10-08 09:50 - 000000000 ____D C:\Program Files (x86)\Citrix
2022-07-11 08:29 - 2021-10-08 11:55 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-11 08:07 - 2021-10-14 11:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-07-08 17:19 - 2022-01-11 09:44 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2246140763-174917453-3964808569-1003
2022-07-08 17:19 - 2022-01-11 09:44 - 000003592 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2246140763-174917453-3964808569-1002
2022-07-08 17:19 - 2021-12-12 01:11 - 000003596 _____ C:\windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-458959949-1661322348-1216269518-18837
2022-07-08 17:19 - 2021-10-08 12:01 - 000003194 _____ C:\windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-08 17:19 - 2021-10-08 12:01 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-08 08:02 - 2021-06-29 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-07 19:31 - 2021-10-08 13:52 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Notepad++
2022-07-07 08:36 - 2022-01-11 23:13 - 000001476 _____ C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2022-07-07 08:36 - 2022-01-11 23:13 - 000001468 _____ C:\Users\alejandro.sanchezr\Desktop\Grammarly.lnk
2022-07-07 08:31 - 2021-10-08 11:21 - 000000000 ____D C:\windows\system32\Tasks\Mozilla
2022-07-07 08:31 - 2021-06-29 22:32 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-06 17:06 - 2021-06-29 22:35 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-06 17:06 - 2021-06-29 22:35 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-04 15:49 - 2021-09-15 15:02 - 000000128 _____ C:\windows\system32\config\netlogon.ftl
2022-07-04 10:52 - 2019-12-07 05:03 - 000000000 ____D C:\windows\CbsTemp
2022-07-04 08:19 - 2021-06-29 01:27 - 000455728 _____ C:\windows\system32\FNTCACHE.DAT
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ___RD C:\windows\PrintDialog
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\SysWOW64\WinMetadata
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\SystemResources
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\system32\WinMetadata
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\system32\oobe
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\system32\es-MX
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\system32\DDFs
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\ShellExperiences
2022-07-03 19:42 - 2019-12-07 05:14 - 000000000 ____D C:\windows\ShellComponents
2022-07-03 19:41 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-03 19:41 - 2019-12-07 05:14 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2022-07-03 19:41 - 2019-12-07 05:14 - 000000000 ____D C:\windows\bcastdvr
2022-07-03 19:29 - 2022-01-26 17:15 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-07-03 19:29 - 2021-10-08 11:14 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-07-03 18:20 - 2021-06-28 22:25 - 000415532 __RSH C:\bootmgr
2022-07-03 18:18 - 2021-06-29 01:30 - 003010048 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2022-07-03 18:11 - 2022-01-26 17:24 - 000000000 ___RD C:\Users\alejandro.sanchezr\Creative Cloud Files
2022-07-03 18:09 - 2021-10-08 11:32 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Adobe
2022-07-01 20:51 - 2021-06-28 22:42 - 145918784 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2022-06-30 10:17 - 2022-01-31 11:47 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-06-28 10:08 - 2021-10-08 09:24 - 000002443 _____ C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-06-28 10:08 - 2021-10-08 09:24 - 000002435 _____ C:\Users\alejandro.sanchezr\Desktop\Microsoft Teams.lnk
2022-06-28 09:53 - 2021-10-08 13:52 - 000000000 ____D C:\Users\alejandro.sanchezr\Documents\Snagit
2022-06-27 08:25 - 2021-06-28 22:34 - 000000000 ____D C:\ProgramData\Packages
2022-06-24 17:32 - 2021-10-08 09:47 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\.IdentityService
2022-06-23 14:03 - 2021-10-08 12:14 - 000002262 _____ C:\Users\alejandro.sanchezr\Desktop\Postman.lnk
2022-06-23 14:03 - 2021-10-08 12:14 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2022-06-21 16:28 - 2021-10-08 18:30 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\PlaceholderTileLogoFolder
2022-06-21 15:39 - 2021-10-08 12:14 - 000000000 ____D C:\Users\alejandro.sanchezr\AppData\Local\Postman

==================== Files in the root of some directories ========

2022-03-30 19:55 - 2022-03-30 19:55 - 000002040 _____ () C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\4394ade2-efb6-40f6-92a0-a502bcbc4a04.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
1 me gusta

Addition.txt 1era Parte

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2022
Ran by Alejandro.SanchezR (19-07-2022 11:08:31)
Running from C:\Users\alejandro.sanchezr\Downloads
Microsoft Windows 10 Enterprise Version 21H2 19044.1806 (X64) (2021-09-15 18:50:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2246140763-174917453-3964808569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2246140763-174917453-3964808569-503 - Limited - Disabled)
Guest (S-1-5-21-2246140763-174917453-3964808569-501 - Limited - Disabled)
itadmin (S-1-5-21-2246140763-174917453-3964808569-1002 - Administrator - Enabled) => C:\Users\itadmin
user (S-1-5-21-2246140763-174917453-3964808569-1003 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-2246140763-174917453-3964808569-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: CrowdStrike Falcon Sensor (Enabled - Up to date) {3D0E1D53-D039-A3B8-7762-303B3C8A5FC6}
AV: CrowdStrike Falcon Sensor (Enabled - Up to date) {87365A9B-0318-F221-752C-632A507638C1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: CrowdStrike Falcon Sensor (Enabled - Up to date) {8FE1C46C-23A5-1FF0-A73E-DAABB9E7B3CD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 22.001.20169 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.01 - Piriform)
Check_MK Agent (HKLM-x32\...\{8E96C442-2AD1-11E5-B7D5-002590A4288A}) (Version: 1.2.6.180 - Mathias Kettner GmbH)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{0FB3AC84-0C82-478F-BD1E-A2826FC8A9E0}) (Version: 4.10.03104 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.03104 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{A4076314-DE10-4FEB-A977-A3AF859B4073}) (Version: 4.10.03104 - Cisco Systems, Inc.) Hidden
Citrix Authentication Manager (HKLM-x32\...\{222AEB1B-7F2C-4F87-BBB1-2B5A062ECACE}) (Version: 22.6.0.3 - Citrix Systems, Inc.) Hidden
Citrix Screen Casting for Windows (HKLM-x32\...\{4D46B3A6-67F5-4385-86D2-8E769EA07827}) (Version: 19.11.100.48 - Citrix Systems, Inc) Hidden
Citrix Web Helper (HKLM-x32\...\{03493D02-9EC6-4C78-AB44-EB11E8841C45}) (Version: 22.6.0.27 - Citrix Systems, Inc.) Hidden
Citrix Workspace 2206 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 22.6.0.60 - Citrix Systems, Inc.)
Citrix Workspace Inside (HKLM-x32\...\{316ED115-E38C-4DCD-9237-698BDACDB131}) (Version: 22.6.0.29 - Citrix Systems, Inc.) Hidden
Citrix Workspace(DV) (HKLM-x32\...\{119A4563-691D-485D-8D9B-130EF784CBDE}) (Version: 22.6.0.44 - Citrix Systems, Inc.) Hidden
Citrix Workspace(USB) (HKLM-x32\...\{6023A3B1-3883-4DDC-8295-58154FB6A9C6}) (Version: 22.6.0.44 - Citrix Systems, Inc.) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden
CrowdStrike Device Control (HKLM\...\{A6EA9DFB-60D0-49BC-8EDF-8536C85D18A6}) (Version: 6.35.14960.0 - CrowdStrike, Inc.) Hidden
CrowdStrike Firmware Analysis (HKLM\...\{50908576-1AF3-495B-82CE-C390DE362701}) (Version: 6.32.14651.0 - CrowdStrike, Inc.) Hidden
CrowdStrike Sensor Platform (HKLM\...\{95F9E2DC-7D82-4028-93C3-12CF7F618319}) (Version: 6.39.15316.0 - CrowdStrike, Inc.) Hidden
CrowdStrike Windows Sensor (HKLM-x32\...\{2de9519f-2c1c-4631-ba28-00a2eb436b18}) (Version: 6.39.15316.0 - CrowdStrike, Inc.)
DefaultPackMSI (HKLM-x32\...\{D066B018-448B-40C5-9034-259BBCC49351}) (Version: 4.6.2.0 - Microsoft) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
EPSON L210 Series Printer Uninstall (HKLM\...\EPSON L210 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7CC286A8-EEC5-491F-A4B5-02BD4E656BF6}) (Version: 4.6.2 - Seiko Epson Corporation)
Everything 1.4.1.1009 (x64) (HKLM\...\Everything) (Version: 1.4.1.1009 - voidtools)
Git (HKLM\...\Git_is1) (Version: 2.33.0.2 - The Git Development Community)
GlobalProtect (HKLM\...\{C233331A-5736-4B10-846F-175D84D7DC66}) (Version: 6.0.1 - Palo Alto Networks)
Google Chrome (HKLM\...\{E9AB118B-2341-3DD2-BD45-27B55F5F3802}) (Version: 103.0.5060.114 - Google LLC)
Google Meet (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\025d00a0f9a0541a2d0166072feac86f) (Version: 1.0 - Google\Chrome)
Grammarly for Windows (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Grammarly Desktop Integrations) (Version: 1.0.11.233 - )
icecap_collection_neutral (HKLM-x32\...\{04C533D3-8445-4E47-A351-A66B1DA1B631}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{4CDCF412-13D2-48AD-B98C-3AB4A771A127}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{9D936F32-5D37-4F76-9810-AF8B5D3BAD6E}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{F29598E7-4D32-42AD-A13F-2B9A193F756F}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{028D4B22-B70B-447E-9B80-8E3E98CB2667}) (Version: 10.0.06027 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel® Hardware Accelerated Execution Manager (HKLM\...\HAXM) (Version: 7.6.5 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM\...\{F8B9E8C8-61E8-4E9E-879D-F3F498AD0230}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{C8891AD2-C223-45CD-A9BE-617A68923B61}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden
Jalasoft Microsoft Teams (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\33a1dd94baac19d8d46a35fdfc00e5b9) (Version: 1.0 - Google\Chrome)
Java 8 Update 301 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
Java SE Development Kit 8 Update 301 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180301}) (Version: 8.0.3010.9 - Oracle Corporation)
JetBrains dotPeek 2021.3.4 (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\{042365c3-6595-5b1c-9db7-bb6ec2e7f0db}) (Version: 2021.3.4 - JetBrains s.r.o.)
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Microsoft .NET 6.0 Templates 6.0.201 (x64) (HKLM\...\{C56D6DA0-A7B0-42FB-8E92-02554FB34097}) (Version: 24.4.50268 - Microsoft Corporation) Hidden
Microsoft .NET 6.0.3 - Windows Server Hosting (HKLM-x32\...\{79b3c31a-3b5a-4240-8fe8-9c8f20d387be}) (Version: 6.0.3.22124 - Microsoft Corporation)
Microsoft .NET AppHost Pack - 6.0.3 (x64) (HKLM\...\{0E342FF4-6ED0-4A90-8241-286A8FF6C89B}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.3 (x64_arm) (HKLM\...\{2E7D752A-A3F6-4E70-9522-118FEF058E56}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.3 (x64_arm64) (HKLM\...\{FC840253-FDE5-4CB8-9429-577CEFF0F44C}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.3 (x64_x86) (HKLM\...\{1F834251-1EF8-4EC2-918A-49E8201E3533}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Core Host - 3.1.23 (x64) (HKLM\...\{9C7A4D28-C2E1-4CA7-A1F3-603049ED2937}) (Version: 24.92.31022 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.23 (x64) (HKLM\...\{7FF9BE57-3115-4282-BC9A-7FAB77C27235}) (Version: 24.92.31022 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.23 (x64) (HKLM\...\{81EDF4A0-FC57-48C3-B26A-E90C2DC266CE}) (Version: 24.92.31022 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 Targeting Pack (ENU) (HKLM-x32\...\{B517DBD3-B542-4FC8-9957-FFB2C3E65D1D}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{949C0535-171C-480F-9CF4-D25C9E60FE88}) (Version: 4.8.03928 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32\...\{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework Cumulative Intellisense Pack for Visual Studio (ENU) (HKLM-x32\...\{C33E412F-4981-4953-825C-9DEA45ABEC01}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.3 (x86) (HKLM-x32\...\{6602D3D8-3B3B-403C-802C-CEA93C5552F0}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.5 (x64) (HKLM\...\{F3B3A61B-DC16-429A-A260-DBAFE66741A9}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.3 (x64) (HKLM\...\{A2AE3C2D-C169-4F27-81D8-AD5641945F48}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.3 (x86) (HKLM-x32\...\{2A367180-D4CC-4957-9FB8-DC73B5973A66}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.5 (x64) (HKLM\...\{3E6CCD41-6B96-47BD-8E1E-D7B593CEE976}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.3 (x64) (HKLM\...\{440E6A1A-3902-4A8E-90B7-6FAA6A5E78C5}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.3 (x64) (HKLM-x32\...\{e4a97d6b-2ab7-45bc-adc9-94ce4af597bf}) (Version: 6.0.3.31023 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.3 (x86) (HKLM-x32\...\{3289331f-2cf1-4b56-9438-1fbfb21f4e81}) (Version: 6.0.3.31023 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.3 (x86) (HKLM-x32\...\{A40FC77D-3234-41D7-9FF8-2B1CA7F30715}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.5 (x64) (HKLM\...\{089A177D-98AE-4195-A115-D3C45613B875}) (Version: 48.23.40665 - Microsoft Corporation) Hidden
Microsoft .NET SDK 6.0.201 (x64) from Visual Studio (HKLM\...\{523CF0D5-3186-4886-84C1-0F33795C0E51}) (Version: 6.2.122.12412 - Microsoft Corporation)
Microsoft .NET Targeting Pack - 6.0.3 (x64) (HKLM\...\{92194772-20E8-4642-B3B4-2FCEA0D8A09A}) (Version: 48.15.37625 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 6.0.201 (x64) (HKLM\...\{542F295A-9E15-4F16-B343-5310FE653B68}) (Version: 24.4.50268 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.15330.20230 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.3 - Shared Framework (x64) (HKLM-x32\...\{5fa9d6d0-5fb4-423c-8a74-7a3a9722c4f8}) (Version: 6.0.3.22124 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.3 - Shared Framework (x86) (HKLM-x32\...\{5c9dbb70-9125-4acd-ae4e-428bb5e774f2}) (Version: 6.0.3.22124 - Microsoft Corporation)
Microsoft ASP.NET Core 6.0.3 Hosting Bundle Options (HKLM-x32\...\{B408626B-BAB1-382B-B6E7-5E869D595CBC}) (Version: 6.0.3.22124 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.3 Shared Framework (x64) (HKLM\...\{404861D0-07CA-3FEF-913C-FC8A655162E3}) (Version: 6.0.3.22124 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.3 Shared Framework (x86) (HKLM-x32\...\{1F3CA9A1-1374-36AB-AA52-0F3A14F18A24}) (Version: 6.0.3.22124 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.3 Targeting Pack (x64) (HKLM\...\{EA11EC08-4D6C-3AA8-86BB-3FC200EF074C}) (Version: 6.0.3.22124 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core Module V2 (HKLM\...\{82905CC6-80F4-4561-9E0F-3498D4C48E4C}) (Version: 16.0.22055.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Diagnostic Pack for Visual Studio (HKLM-x32\...\{CC2EFF16-2D75-3AFA-801F-90E59F7D7331}) (Version: 17.1.358.51495 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Tools Packages 16.0 - ENU (HKLM-x32\...\{499DD72E-4176-377B-B358-28DCAB3832AE}) (Version: 1.0.21125.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Tools Packages 17.0 - ENU (HKLM-x32\...\{6332F84D-AEE5-3162-BCF4-329EE17B9662}) (Version: 17.0.10526.0 - Microsoft Corporation) Hidden
Microsoft Azure Compute Emulator - v2.9.7 (HKLM\...\{04CA054C-2F40-44B0-8610-8D51EC9444FE}) (Version: 2.9.8999.43 - Microsoft Corporation) Hidden
Microsoft Azure Compute Emulator - v2.9.7 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.7) (Version: 2.9.8999.43 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Build of OpenJDK with Hotspot 11.0.12+7 (x64) (HKLM\...\{0D2DCFF8-7746-445B-B643-9E85ABE01173}) (Version: 11.0.12.7 - Microsoft)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft NetStandard SDK (HKLM-x32\...\{737FDDA7-B944-4CB5-92D9-3D56373BD301}) (Version: 15.0.51105 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Policy Platform (HKLM\...\{6549B04F-E826-4E0A-8C3F-388540F08541}) (Version: 68.1.1010.0 - Microsoft Corporation) Hidden
Microsoft Search in Bing (HKLM-x32\...\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}) (Version: 2.0.2 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2019 LocalDB  (HKLM\...\{36E492B8-CB83-4DA5-A5D2-D99A8E8228A1}) (Version: 15.0.4153.1 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Teams) (Version: 1.5.00.17656 - Microsoft Corporation)
Microsoft TestPlatform SDK Local Feed (HKLM-x32\...\{839C2D45-DDF6-432C-A6A2-C6AF2EF281BF}) (Version: 17.0.0.5175695 - Microsoft) Hidden
Microsoft UniversalWindowsPlatform SDK (HKLM-x32\...\{1E073F5B-EB1D-4057-BA68-169194D3DB6D}) (Version: 15.9.15 - Microsoft) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.67.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.1.2196.8931 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{6501DB5B-B58A-4021-8F3C-25A6CF01BC72}) (Version: 3.1.1126.51066 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{EA62D3A4-587F-43C9-8C56-FEF454BE720A}) (Version: 3.1.1126.51066 - Microsoft Corporation) Hidden
Microsoft Web Deploy 4.0 (HKLM\...\{DB7B43E1-BB6C-4417-9F20-2488FD8EECC8}) (Version: 10.0.5402 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.23 (x64) (HKLM\...\{4456FDE5-AAE9-4E03-9B34-0D9A476CEF5A}) (Version: 24.92.31022 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.23 (x64) (HKLM-x32\...\{d2f91fed-8a18-4071-b8d3-22606fa9a9f6}) (Version: 3.1.23.31022 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.3 (x64) (HKLM\...\{9F3D8C21-B2A9-4E7D-A6AA-50B34EFFA1E0}) (Version: 48.15.37635 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.3 (x86) (HKLM-x32\...\{7AA89A3B-EFD3-4E74-A24C-A0C5F77B2830}) (Version: 48.15.37635 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.5 (x64) (HKLM\...\{DE578B32-084A-49E7-8E55-6F58A37578C0}) (Version: 48.23.40699 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.5 (x64) (HKLM-x32\...\{0f711ee3-eb88-456d-acb4-c2ee31add211}) (Version: 6.0.5.31215 - Microsoft Corporation)
Microsoft Windows Desktop Targeting Pack - 6.0.3 (x64) (HKLM\...\{62DAD167-B0D9-418D-978D-8D5C11DAF57C}) (Version: 48.15.37635 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Android.Manifest-6.0.200 (HKLM\...\{FCB866C3-1C7F-48F1-82AA-27CDF5EDBF07}) (Version: 124.50.2 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.iOS.Manifest-6.0.200 (HKLM\...\{2685B6AE-7BBA-4305-A0C6-D85E95E6DFE3}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.MacCatalyst.Manifest-6.0.200 (HKLM\...\{D9C7F250-1F44-4F17-9114-892FE9B9392E}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.macOS.Manifest-6.0.200 (HKLM\...\{5023AA6C-3434-4651-97F4-A99E519A46BA}) (Version: 48.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Maui.Manifest-6.0.200 (HKLM\...\{E654192D-D623-4F63-81B5-7B01FD812D47}) (Version: 24.50.2441 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.tvOS.Manifest-6.0.200 (HKLM\...\{ABB96929-74DA-4C9E-A79F-5482C80E2651}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Emscripten.Manifest (HKLM\...\{4F0122F9-9C21-4518-B710-7D5BBF543FC1}) (Version: 48.27.37377 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Mono.Toolchain.Manifest (HKLM\...\{32E1C122-A7E1-4AD0-B54A-7D8DB4AA0D7E}) (Version: 48.3.37625 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 89.0.2 - Mozilla)
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{E56F9124-2C7D-4779-8765-92324F206285}) (Version: 22.6.0.44 - Citrix Systems, Inc.) Hidden
Postman x86_64 9.22.2 (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\Postman) (Version: 9.22.2 - Postman)
PowerToys (Preview) (HKLM\...\{DA5A1571-B0BC-4BDA-9F13-AD5ACADB4EF7}) (Version: 0.59.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32\...\{fbb7bf41-8fdd-40f2-b231-4ea130dbc688}) (Version: 0.59.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9191.1 - Realtek Semiconductor Corp.)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Self-service Plug-in (HKLM-x32\...\{1824630A-EC28-4823-823F-1FE0D172E216}) (Version: 22.6.0.27 - Citrix Systems, Inc.) Hidden
Skype version 8.83 (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.)
Slack (Machine - MSI) (HKLM\...\{06546430-CD8F-408F-A1C2-6EF47201381D}) (Version: 4.17.1.0 - Slack Technologies Inc.) Hidden
Slack (Machine) (HKLM\...\{06546430-CD8F-408F-A1C2-6EF47201381D}.msq) (Version: 4.17.1 - Slack Technologies Inc.)
Snagit 2019 (HKLM\...\{3E240959-3E39-41FA-B7A3-377746115422}) (Version: 19.1.7 - TechSmith Corporation) Hidden
Snagit 2019 (HKLM-x32\...\{c690241b-033f-4c2c-8bba-e2304302d9d7}) (Version: 19.1.7.6461 - TechSmith Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.31.5 - TeamViewer)
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{54109AAF-995B-4463-AE95-B9ED6B5631AA}) (Version: 14.29.30135 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{C6AB3B1A-5571-4E19-8B8F-1C23C3521EF8}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Appx Package (HKLM-x32\...\{06BD2EC4-A045-4294-9004-DAE83E224204}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Appx Package (HKLM-x32\...\{A22D873B-A384-4028-BBF7-096E5BE66DB9}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Appx Resource Package (HKLM-x32\...\{FA9DB13A-CB76-44BE-8474-1A5D34726F43}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT ARM64 Appx Package (HKLM-x32\...\{1A0F2E41-5A3C-41CD-BF96-9552A86BB7C1}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Desktop Appx Package (HKLM-x32\...\{141978EC-AA53-460F-ACD1-BF3806EF0811}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Desktop Appx Package (HKLM-x32\...\{7F15962A-FDC2-48E4-A1DB-CB5A76DDC7AD}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual C++ Library CRT Desktop Appx Package (HKLM-x32\...\{CD7AAAE2-8B3D-4119-8693-0164E2F8E28C}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual Studio Professional 2022 (HKLM-x32\...\f2dc5e61) (Version: 17.1.3 - Microsoft Corporation)
vs_BlendMsi (HKLM-x32\...\{2D12F791-263F-4ABA-B7A8-5485933CADCF}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B8B0A861-C76A-4DBA-B8D5-8830511173A3}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{16946E6F-037E-4A92-A30C-80293603EEC9}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{15CE6C23-B92A-4B2B-8521-6FA81661068B}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{C0BCF587-183B-4829-BEC8-AAACDD6F926D}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_communitysharedmsi (HKLM-x32\...\{7571C303-621A-4ACF-A392-BD6B9B3C67BF}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_communityx64msi (HKLM\...\{EB7405ED-A99C-47D4-8516-C5C35704B07C}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_CoreEditorFonts (HKLM-x32\...\{5655426F-6B20-4227-8202-E08DAB6CDD88}) (Version: 17.1.32323 - Microsoft Corporation) Hidden
vs_devenvsharedmsi (HKLM-x32\...\{923446B9-70EB-4850-95D7-1A1AB5D111CD}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_devenx64vmsi (HKLM\...\{5C99AE76-BEF9-4D4B-A77A-1B63238B86B0}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{2C910925-05EE-403B-8295-D2593E11F751}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{46F71CD4-4841-4B77-A491-9933B98F8D0D}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{9DCCEEF7-CC00-4054-9879-7E0A12E5CF0A}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellinteropsharedmsi (HKLM-x32\...\{05A82EA9-8768-4E1B-B16C-FCCF299D331C}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellinteropx64msi (HKLM\...\{FB59095C-C7C6-4CA6-B300-852B50AB976D}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{286A488D-F2A4-42E9-98CF-CCFE8FA34C9F}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellsharedmsi (HKLM-x32\...\{FEFEDA38-9B6A-4374-8D43-7D5517152080}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellx64msi (HKLM\...\{CC15CA94-9817-4914-A9ED-A694A2F27783}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{4EF9011A-8E81-4D6F-9CB9-DBF0B1B12809}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{874561BE-97AD-4865-8512-579D41009147}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (HKLM\...\{D2886D0B-F38D-EB07-2108-B6218761F8F9}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows App Certification Kit SupportedApiList x86 (HKLM-x32\...\{26D02D07-8007-2FD2-6DFE-14B29D09B5FD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (HKLM-x32\...\{6487BFDF-6FA4-7CC5-0341-AA5D1AB69856}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK (HKLM-x32\...\{D3B54AAA-2B64-5DE2-EA64-9900152E5282}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK Contracts (HKLM-x32\...\{A34A6580-86EF-A26A-33A5-80E1919B7F75}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows IoT Extension SDK (HKLM-x32\...\{084094EF-6AC9-480A-7CC1-04199047BBDD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows IoT Extension SDK Contracts (HKLM-x32\...\{497B2D49-F5C2-CA3B-05FF-22ABF39F2873}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK (HKLM-x32\...\{718C25EB-084C-6341-1C3E-589DA641C28F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK Contracts (HKLM-x32\...\{7A9E937D-9757-80CB-A6E3-F4AB6081AEA6}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK (HKLM-x32\...\{7B891B74-6BE8-1581-357C-72DD8A82F0F7}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows SDK ARM Desktop Tools (HKLM-x32\...\{940042ED-CB90-8E03-BE68-DF8A76E661FD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm (HKLM-x32\...\{4BD2B107-B0D3-850C-7135-ACA153D30C78}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm64 (HKLM-x32\...\{C88797F9-0AD8-E022-5BBB-596BC78D4C76}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x64 (HKLM-x32\...\{C81D239D-863A-D4B4-3562-BC8D3D7C271E}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x86 (HKLM-x32\...\{3D5981B5-ABF0-1495-7FC3-102D1C75B9C8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm (HKLM-x32\...\{2AC29D7B-F29F-34FA-4434-C5DF1F086264}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm64 (HKLM-x32\...\{9555AB64-6A00-776F-CA44-568E0E7B9632}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x64 (HKLM-x32\...\{170B023D-7C1B-2EF4-D3E9-B974A26752AC}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x86 (HKLM-x32\...\{7DD1F495-F1BF-6A30-620F-AC064DD302D8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools arm64 (HKLM-x32\...\{06E580FA-F3B2-08E9-4DC0-0AB55D985CBB}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x64 (HKLM-x32\...\{F9BDEC71-9E56-CFBF-0AE8-E7AF032D07C7}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x86 (HKLM-x32\...\{1C966E96-8553-EF1E-A06F-A8174B3CAA60}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK DirectX x64 Remote (HKLM\...\{EBD149F6-9F46-49E4-ED99-25D2A0ECDBBD}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK DirectX x86 Remote (HKLM-x32\...\{313B416A-97E7-F3EF-EDFC-A903A8CA4BC2}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK EULA (HKLM-x32\...\{A50A075D-973C-1867-4228-738205D555C8}) (Version: 10.1.19041.685 - Microsoft Corporations) Hidden
Windows SDK Facade Windows WinMD Versioned (HKLM-x32\...\{2D296649-CFBE-CF23-EA8E-E24554187B3F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps (HKLM-x32\...\{A5E4C2C0-D963-40D6-8E5F-60A4DD995331}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Contracts (HKLM-x32\...\{2A8533B3-8D16-67E4-E729-5BB04EDD2FE4}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps DirectX x86 Remote (HKLM-x32\...\{0E2FEA3B-C853-DE2A-8A04-BB7D5BF010E0}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers (HKLM-x32\...\{8E9DD3FE-3338-8012-81C5-F3AA9B617BAE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Libs (HKLM-x32\...\{1FBBD022-F751-FE7B-54DF-9FED23892B2F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Metadata (HKLM-x32\...\{2CFB2180-7C20-5470-4B8A-747512A6AB70}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Tools (HKLM-x32\...\{4AC6C7FB-D848-9D68-DCB0-1376083FEA3A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\...\{FF7D4409-CF59-34AE-BDC7-8A6146A9BA36}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Modern Non-Versioned Developer Tools (HKLM-x32\...\{43AA42C2-D292-CF91-6264-63B7A99CDE99}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Modern Versioned Developer Tools (HKLM-x32\...\{FC5A59F8-6BEE-FBB4-C720-47C565A92798}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Redistributables (HKLM-x32\...\{43B3CDF5-CD8F-9A5E-4598-765F8CB27170}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows SDK Signing Tools (HKLM-x32\...\{B62A26BB-90A0-82FB-2DDC-3157ADF07833}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
Windows Team Extension SDK (HKLM-x32\...\{CE7E4A6A-45A2-2968-4B34-D0D4CFCC0E1D}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows Team Extension SDK Contracts (HKLM-x32\...\{5F616EBF-DF09-A2DA-AB66-3A5341FA611C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
windows_toolscorepkg (HKLM-x32\...\{DAC8D9B9-1CAD-4C4B-9B17-6ED63CFF1EBA}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Xamarin Remoted iOS Simulator (HKLM-x32\...\{133F3464-C283-4AF7-998A-B0DCD13AE9D0}) (Version: 16.10.0.380 - Xamarin) Hidden
Zoom (HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\ZoomUMX) (Version: 5.8.6 (2048) - Zoom Video Communications, Inc.)

Packages:
=========
Centro de comando de gráficos Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-24] (INTEL CORP) [Startup Task]
Fundacion Jala   Microsoft Teams -> C:\Program Files\WindowsApps\teams.microsoft.com-AF05BD92_1.0.0.0_neutral__sgbv0bttxw9p2 [2022-04-27] (teams.microsoft.com)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-28] (Microsoft Studios) [MS Ad]
Windows App Runtime DDLM 3.469.1654.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x6_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
Windows App Runtime DDLM 3.469.1654.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3.469.1654.0-x8_3.469.1654.0_x86__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x64__8wekyb3d8bbwe [2022-06-14] (Microsoft Corporation)
WindowsAppRuntime.1.0 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.0_3.469.1654.0_x86__8wekyb3d8bbwe [2022-06-14] (Microsoft Corporation)
WindowsAppRuntime.Main.1.0 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsAppRuntime.Main.1.0_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corp.)
WindowsAppRuntime.Singleton -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.Singleton_3.469.1654.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{04271989-C4D2-CDE8-8524-E6F2BA2CDB68} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\alejandro.sanchezr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{36B27788-A8BB-4698-A756-DF9F11F64F84}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{45769bcc-e8fd-42d0-947e-02beef77a1f5}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MarkdownPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{8BC8AFC2-4E7C-4695-818E-8C1FFDCEA2AF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.StlThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{afbd5a44-2520-4ae0-9224-6cfce8fe4400}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.MonacoPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{BFEE99B4-B74D-4348-BCA5-E757029647FF}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodeThumbnailProvider.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{ddee2b8a-6807-48a6-bb20-2338174ff779}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.SvgPreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-458959949-1661322348-1216269518-18837_Classes\CLSID\{ec52dea8-7c9f-4130-a77b-1737d0418507}\InprocServer32 -> C:\Program Files\PowerToys\modules\FileExplorerPreview\PowerToys.GcodePreviewHandler.comhost.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-05-29] (Notepad++ -> )
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2019\DLLx64\SnagitShellExt64.dll [2020-07-29] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRename\PowerToys.PowerRenameExt.dll [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2019\DLLx64\SnagitShellExt64.dll [2020-07-29] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncShell64.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-11] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================
1 me gusta

Addition 2da parte

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\alejandro.sanchezr\Desktop\Alejandro Javier - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\alejandro.sanchezr\Desktop\Google Meet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=kjgfgldnnfoeklkmfkjfagphfepbbdan
ShortcutWithArgument: C:\Users\alejandro.sanchezr\Desktop\Jalasoft.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=llgiphighjmlmkbknnjkgbfjddjaield
ShortcutWithArgument: C:\Users\alejandro.sanchezr\Desktop\Team Software.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=pmejafmjnohapdpdfddmaokdghbpakbc --app-url=hxxps://teams.microsoft.com/_#/school/conversations/DevOps?threadId=19:[email protected]&ctx=channel --app-launch-source=4
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pmejafmjnohapdpdfddmaokdghbpakbc\Fundacion Jala   Microsoft Teams.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=pmejafmjnohapdpdfddmaokdghbpakbc --app-url=hxxps://teams.microsoft.com/_#/school/conversations/DevOps?threadId=19:[email protected]&ctx=channel --app-launch-source=4
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Meet.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory="Profile 1" --app-id=kjgfgldnnfoeklkmfkjfagphfepbbdan
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Jalasoft Microsoft Teams.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=llgiphighjmlmkbknnjkgbfjddjaield
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Lucidchart Diagrams - Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=djejicklhojeokkfmdelnempiecmdomj
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fundacion Jala   Microsoft Teams.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=pmejafmjnohapdpdfddmaokdghbpakbc --app-url=hxxps://teams.microsoft.com/_#/school/conversations/DevOps?threadId=19:[email protected]&ctx=channel --app-launch-source=4
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Jalasoft Microsoft Teams.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=llgiphighjmlmkbknnjkgbfjddjaield
ShortcutWithArgument: C:\Users\alejandro.sanchezr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Alejandro (workwave.com) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2018-08-14 13:49 - 2018-08-14 13:49 - 001874432 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\cairo.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000790528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\fontconfig.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 001041920 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\harfbuzz-vs14.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000060928 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\iconv.dll
2018-12-11 14:09 - 2018-12-11 14:09 - 000790016 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\libhpdf.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000257536 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\libpng16.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 001294336 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\libxml2.dll
2017-10-18 07:43 - 2017-10-18 07:43 - 010857984 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\opencv_core300.dll
2017-10-18 07:43 - 2017-10-18 07:43 - 025250304 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\opencv_imgproc300.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000086528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2019\zlib1.dll
2022-06-24 01:14 - 2022-06-24 01:14 - 000520704 _____ (Citrix Systems, Inc.) [File not signed] C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\Shims.dll
2021-10-01 02:19 - 2021-10-01 02:19 - 002548736 _____ (Citrix Systems, Inc.) [File not signed] C:\Program Files (x86)\Citrix\ICA Client\sslsdk_b.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000088576 _____ (Free Software Foundation) [File not signed] C:\Program Files\TechSmith\Snagit 2019\intl.dll
2016-01-08 12:28 - 2016-01-08 12:28 - 000356352 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files\TechSmith\Snagit 2019\libhunspell.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000291840 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2019\pango-1.0.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000578560 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2019\pangocairo-1.0.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000605184 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2019\pangoft2-1.0.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000064512 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2019\pangowin32-1.0.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 001338368 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2019\glib-2.0.dll
2018-08-14 13:49 - 2018-08-14 13:49 - 000284160 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2019\gobject-2.0.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-458959949-1661322348-1216269518-18837\Software\Classes\.reg:  =>  <==== ATTENTION
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\Software\Classes\.bat:  =>  <==== ATTENTION
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\Software\Classes\.cmd:  =>  <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_301\bin\ssv.dll [2021-10-08] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-10-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-06-18] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-458959949-1661322348-1216269518-18837\...\sharepoint.com -> hxxps://teamsoftwareinc-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Microsoft\jdk-11.0.12.7-hotspot\bin;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Git\cmd;C:\Program Files\Java\jdk1.8.0_301\bin;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
HKU\S-1-5-21-2246140763-174917453-3964808569-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2246140763-174917453-3964808569-1003\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-458959949-1661322348-1216269518-18837\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5489AA79-770E-42A1-A0BE-A971DEE42FF8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AB9C3BD2-F202-447A-8E55-81206838DE24}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DEF3377-2253-448E-B5B8-8CE87FDB51C5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{53F5124C-2620-447E-A24B-D407B89E758A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{AF1D5C78-9089-42B5-B209-4BB31191B895}\\10.31.2.60\sdi_update\sdi_x64_r2102.exe] => (Allow) \\10.31.2.60\sdi_update\sdi_x64_r2102.exe => No File
FirewallRules: [UDP Query User{023A3859-F68A-4E5C-AB35-9690FDA5217F}\\10.31.2.60\sdi_update\sdi_x64_r2102.exe] => (Allow) \\10.31.2.60\sdi_update\sdi_x64_r2102.exe => No File
FirewallRules: [TCP Query User{ECEBEEC4-5D10-421E-9353-E2D7CD9FDE3D}\\10.31.2.60\sdi_update\sdi_x64_r2102.exe] => (Allow) \\10.31.2.60\sdi_update\sdi_x64_r2102.exe => No File
FirewallRules: [UDP Query User{E501005C-4C0B-482A-BB77-67F494E94A95}\\10.31.2.60\sdi_update\sdi_x64_r2102.exe] => (Allow) \\10.31.2.60\sdi_update\sdi_x64_r2102.exe => No File
FirewallRules: [TCP Query User{7481D80E-F4C4-4C1A-BB04-E651BEB99754}C:\users\alejandro.sanchezr\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\alejandro.sanchezr\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{98E76177-51CD-4A1E-811E-44C7FFB1BCFB}C:\users\alejandro.sanchezr\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\alejandro.sanchezr\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{154A53D0-72D2-407F-9C9A-570CB6DBDFF3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3FC1A420-61BD-43FC-999F-4C9A1A51FE03}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD2CCBC3-E86A-4D53-BEEE-E0A74785B622}] => (Allow) LPort=8299
FirewallRules: [TCP Query User{BD13E591-3FCD-4420-B71D-1AB0AFB0F2C8}C:\program files\java\jdk1.8.0_301\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_301\bin\java.exe
FirewallRules: [UDP Query User{035B6D2D-6BFB-4FBE-9A02-20A9B15A80DA}C:\program files\java\jdk1.8.0_301\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_301\bin\java.exe
FirewallRules: [TCP Query User{3E94CBD6-C3E3-49CC-BF85-3C4F23D65969}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{79D574E1-2BF7-4F41-8376-88446C1E57E1}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe (Google LLC -> JetBrains s.r.o.)
FirewallRules: [TCP Query User{D7F5B2C5-DE0F-40CD-80FA-B5FB66DE1C88}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{F038B85B-BEB0-4BE2-85CB-CBD18AF694C9}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{9144AE26-F7B2-4EA0-A154-849665A31F7B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{04CCD1A4-47DD-4879-A35D-F05FF3CDC016}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F195E97C-A8CD-4D2C-9801-2AD2BAE6AAD7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{02F02A19-C537-4B73-9ABF-FE070FD5E51A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D95D7E5D-015C-419D-9A5C-301070F7CEE3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A1FA2CC-BF5F-40B6-92BC-EACD452DA5F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4EE3DEA-C383-4A43-AB55-AC9B52F727FE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{239AAF7C-E0F1-494F-835E-89C4ED284BB0}C:\users\alejandro.sanchezr\appdata\local\android\sdk\platform-tools\adb.exe] => (Allow) C:\users\alejandro.sanchezr\appdata\local\android\sdk\platform-tools\adb.exe () [File not signed]
FirewallRules: [UDP Query User{712C450E-E88E-495E-AAAE-B42C25A5CC16}C:\users\alejandro.sanchezr\appdata\local\android\sdk\platform-tools\adb.exe] => (Allow) C:\users\alejandro.sanchezr\appdata\local\android\sdk\platform-tools\adb.exe () [File not signed]
FirewallRules: [{4A4D61DD-8CDC-4E9F-BFF3-4FD664DFA47E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4ADA9BFB-2934-4745-B693-DDA0E88E7C7B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BE4076DC-A2CD-4B94-B94F-825FA2A86645}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{33A3BF41-F593-4730-AA24-3BB5F96E13CE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{EAA12AE0-4156-45AF-B118-094429BD6737}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3F541CBA-B34E-4993-90B6-368902276727}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8B11FBC0-5EE6-4E3C-A992-D04A04983AEF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AA03FC46-924A-4F35-8612-14D3A2E5B504}] => (Allow) C:\Program Files (x86)\Citrix\ICA Client\CitrixWorkspaceBrowser\CitrixWorkspaceBrowser.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [{197B4C67-D187-4A53-8809-225B6EE9BBEB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

18-07-2022 19:48:53 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: PANGP Virtual Ethernet Adapter Secure
Description: PANGP Virtual Ethernet Adapter Secure
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: PaloAltoNetworks
Service: PanGpd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/19/2022 10:52:24 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {9266FFD0-7FF8-0000-20A2-4892F87F0000}. The error code was 0x80010114.

Error: (07/19/2022 09:31:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 6.1.0.9825, time stamp: 0x62a87b55
Faulting module name: CCleaner64.exe, version: 6.1.0.9825, time stamp: 0x62a87b55
Exception code: 0xc0000409
Fault offset: 0x0000000000d7c5e5
Faulting process id: 0x2db8
Faulting application start time: 0x01d89b72b43dc9dc
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: e202e2c6-4059-4848-9594-382c68e91c2e
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/19/2022 09:31:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 6.1.0.9825, time stamp: 0x62a87b55
Faulting module name: CCleaner64.exe, version: 6.1.0.9825, time stamp: 0x62a87b55
Exception code: 0xc0000409
Fault offset: 0x0000000000d7c5e5
Faulting process id: 0x3abc
Faulting application start time: 0x01d89b72e3e4b8a0
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: db50a6b8-efd4-4343-8c89-09445a29da75
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/19/2022 09:20:12 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/19/2022 09:17:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/19/2022 09:17:40 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/18/2022 07:54:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.19041.746, time stamp: 0x0ead4601
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1806, time stamp: 0x91c56ed8
Exception code: 0x80270234
Fault offset: 0x000000000010fb62
Faulting process id: 0x9f0
Faulting application start time: 0x01d89b01c1305c3e
Faulting application path: C:\windows\system32\sihost.exe
Faulting module path: C:\windows\System32\KERNELBASE.dll
Report Id: 66788d8d-cff7-42e6-bb55-32db0c7e1183
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/18/2022 07:37:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (07/19/2022 11:08:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: JALASOFT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/19/2022 11:03:51 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/19/2022 09:25:11 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Remote Management (WS-Management) service hung on starting.

Error: (07/19/2022 09:21:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (07/19/2022 09:18:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: JALASOFT)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/19/2022 09:17:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: NT AUTHORITY)
Description: 0 failed. 
	GPO Name : GPO - Domain Admin on Clients
	GPO File System Path : \\jalasoft.local\SysVol\jalasoft.local\Policies\{E8738ED5-23D5-4373-B980-F5331CCBCD85}\Machine
	Script Name: Machine_Startup_Script.vbs

Error: (07/19/2022 09:17:50 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/19/2022 09:17:06 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain JALASOFT due to the following: 
We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed in on this device with another credential, you can sign in with that credential.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Windows Defender:
================
Date: 2021-06-29 22:50:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2021-10-14 16:21:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.351.411.0
Update Source: Internal security intelligence Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2021-10-14 11:21:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.351.366.0
Update Source: Internal security intelligence Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2021-10-12 14:53:46
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.351.265.0
Update Source: Internal security intelligence Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2021-10-12 09:53:46
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.351.230.0
Update Source: Internal security intelligence Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

Date: 2021-10-11 09:54:35
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.351.43.0
Update Source: Internal security intelligence Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18600.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===============
Date: 2022-07-19 11:03:29
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\ScriptControl64_15316.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0403 04/18/2018
Motherboard: ASUSTeK COMPUTER INC. PRIME B360M-A
Processor: Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 16225.23 MB
Available physical RAM: 9233.63 MB
Total Virtual: 18657.23 MB
Available Virtual: 10905.57 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:200.1 GB) (Free:42.77 GB) (Model: TOSHIBA DT01ACA100) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:574.27 GB) (Model: TOSHIBA HDWD110) NTFS
Drive e: (New Volume) (Fixed) (Total:731.41 GB) (Free:731.25 GB) (Model: TOSHIBA DT01ACA100) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A0C63F46)
Partition 1: (Active) - (Size=200.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4BD4E7AF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
1 me gusta

Hola @alinsan

Hay entradas raras que no estoy acostumbrado a ver

Trabajas con servidores, eres desarrollador?

Estos script los agregaste vos?

  • netsh advfirewall firewall add rule name=“service_desk” dir=in action=allow protocol=TCP localport=9000 remoteip=10.2.3.50
  • HKLM.…\Policies\Explorer\Run: [2] => netsh advfirewall firewall add rule name=“check_mk” dir=in action=allow protocol=TCP localport=6556 remoteip=10.31.2.29-10.31.2.30

Estas politicas las implementaste tu?

  • “C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy{A7719E0F-10DB-4640-AD8C-490CC6AD5202}” was unlocked. <==== ATTENTION
  • “C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy{3E0A038B-D834-4930-9981-E89C9BFF83AA}” was unlocked. <==== ATTENTION

Tambien hay pdfs con nombres muy raros, puede ser que sean facturas/certificados?

Saludos