Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-12-2022 Ran by xanderusa (administrator) on DESKTOP-SALPFFM (Dell Inc. XPS 8900) (01-01-2023 15:57:37) Running from C:\Users\xanderusa\Downloads Loaded Profiles: defaultuser0 & xanderusa Platform: Microsoft Windows 10 Home Version 22H2 19045.2364 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bluestack Systems, Inc -> BlueStack Systems) C:\Program Files\BlueStacks_nxt\HD-Player.exe (C:\Program Files (x86)\Evernote\Evernote\Evernote.exe ->) (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (C:\Program Files (x86)\Evernote\Evernote\Evernote.exe ->) (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe <6> (C:\Program Files (x86)\Evernote\Evernote\Evernote.exe ->) (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\BlueStacks_nxt\HD-Player.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\BlueStacks_nxt\QtWebEngineProcess.exe <2> (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe <2> (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe (explorer.exe ->) (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (explorer.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9> (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe <2> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <20> (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe (services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe (services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Bluestack Systems, Inc -> Bluestack System Inc.) C:\Program Files\BlueStacks_nxt\BstkSVC.exe (svchost.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21238.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (wuauclt.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795704 2015-08-07] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-05-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-08-18] (Intel(R) Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102800 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617864 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-31] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [381288 2022-12-16] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [cdloader] => C:\Users\xanderusa\AppData\Roaming\mjusbsp\cdloader2.exe [58816 2018-04-05] (magicJack, L.P. -> magicJack L.P.) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [9230256 2020-03-23] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38916432 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-01-22] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [MicrosoftEdgeAutoLaunch_0479128881CE1B517FCE4DDD48935654] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3879848 2022-12-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3394000 2022-11-07] (Tonalio GmbH -> Sandboxie-Plus.com) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [Zello] => C:\Program Files (x86)\Zello\Zello.exe [8091128 2020-12-14] (Zello Inc -> Zello Inc) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\xanderusa\AppData\Local\Microsoft\Teams\Update.exe [2585920 2022-12-08] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\Run: [ExpressVPN] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [853864 2022-12-16] (EXPRSVPN LLC -> ExpressVPN) HKU\S-1-5-21-897932974-2442178479-4115753467-1003\...\RunOnce: [Application Restart #7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters). [3133720 2022-12-12] (Google LLC -> Google LLC) HKLM\...\Print\Monitors\HP AD11 Status Monitor: C:\Windows\system32\hpinkstsAD11LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3510 series): C:\Windows\system32\HPDiscoPMAD11.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\108.0.5359.125\Installer\chrmstp.exe [2022-12-15] (Google LLC -> Google LLC) Startup: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-04-22] ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2017-04-30] ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2017-07-25] ShortcutTarget: Telegram.lnk -> C:\Users\xanderusa\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01580885-9FDB-4149-B1B5-067F8D780FFB} - System32\Tasks\CCleanerSkipUAC - xanderusa => C:\Program Files\CCleaner\CCleaner.exe [32602448 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {0A0F6940-D296-44FF-86AB-1F5566E32277} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [1595 2016-09-14] () [File not signed] Task: {2FFCAFEF-6D30-4130-A832-11ADFAC97727} - System32\Tasks\Lekafidon\{02930A14-A56A-6413-8E2E-562EF059735A} => C:\Users\XANDER~1\AppData\Local\wincbee\LEKAFI~1.EXE /Check (No File) Task: {37B437F5-48EF-4A83-AB79-B9C93D397571} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {3CF824E3-6F56-4E71-8D68-178BADBE423C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {3E787B25-706E-4565-AA22-DEF40244A224} - System32\Tasks\Hitman Pro 3.5 Boot Task => C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe /scan:boot (No File) Task: {55BDBAD6-1DF4-4E1D-AE22-72E02347F929} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6571976 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {59482E23-093D-49F4-84FC-78791F39BC38} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-SALPFFM-xanderusa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {5C6AE7C9-6E99-4D94-AFF7-5FB7742E5AD2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {6825DB04-A29F-4DD6-B381-9A7EBB5D3B4D} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [274912 2022-11-22] (Bluestack Systems, Inc -> BlueStack Systems, Inc.) Task: {7F08B664-E3C9-4563-B5A6-C08EDB04C121} - \Mozilla\Firefox Background Update E7CF176E110C211B -> No File <==== ATTENTION Task: {80DA65E4-74E1-4F73-9616-04E154761999} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {86918235-3B8E-4425-9C5F-4141BCE1CE50} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" Task: {92A48D04-F7E9-40F2-ADBA-83ECDA0D356F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6571976 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {9983F099-25A7-4E4A-8975-05F529EA843E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {9992A02E-EAF2-4E72-B9FF-2E3356DB231A} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {9B5E94B8-3293-49FE-8C31-3401EC69EA05} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.) Task: {A3A2051A-FD6E-4C57-A4D0-3926B797198A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-21] (Google Inc -> Google Inc.) Task: {A70E6964-4DAB-4752-A457-C1F642E0C270} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897932974-2442178479-4115753467-1003UA => C:\Users\xanderusa\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (No File) Task: {D0155546-785F-4413-AEFD-04CDDDA07ED2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-21] (Google Inc -> Google Inc.) Task: {E3BF7C59-E231-483A-B395-FC5B22ECE325} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [110008 2016-04-27] (CyberLink Corp. -> CyberLink) Task: {E3EC7F37-501F-4F24-B9C1-A8F6700B9998} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26308584 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) Task: {F64ACF6B-0D03-4F4E-AF5E-F873EF053506} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-897932974-2442178479-4115753467-1003Core => C:\Users\xanderusa\AppData\Local\Google\Update\GoogleUpdate.exe /c (No File) Task: {F8F75BA7-042C-437E-97FB-AE8EA03E04EF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-10-20] (Piriform Software Ltd -> Piriform) Task: {FF32A236-D377-4163-96FC-2617BEF10DC7} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{8440f21c-da84-4e32-a16f-442c1bfe3cc6}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{ba6c5194-fa73-4b9e-8b30-072e58f92b12}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{ba6c5194-fa73-4b9e-8b30-072e58f92b12}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{c76062b9-d6fd-4941-89a8-7b481c347cd3}: [NameServer] 100.64.100.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (Grammarly for Microsoft Edge) -> EdgeExtension_GrammarlyGrammarlyforMicrosoftEdge_zee0y2571dhse => C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2022-11-18] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-01] Edge StartupUrls: Default -> "hxxps://google.com/" Edge Extension: (Outlook) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19] Edge Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2022-11-13] Edge Extension: (Word) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-19] Edge Extension: (Screenshot Tool and Editor) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ialiedlpfknneamnbemcgmaboleiccdd [2020-11-19] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-13] Edge Extension: (Excel) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19] Edge Extension: (PowerPoint) - C:\Users\xanderusa\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 7t1u94y8.default-1635985722753 FF ProfilePath: C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\ytv8mf4k.default-release [2022-11-27] FF Homepage: Mozilla\Firefox\Profiles\ytv8mf4k.default-release -> hxxps://www.google.com/ FF NewTab: Mozilla\Firefox\Profiles\ytv8mf4k.default-release -> about:newtab FF ProfilePath: C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753 [2023-01-01] FF Homepage: Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753 -> hxxps://www.tradingview.com/chart/nkRS7ORd/ FF NewTab: Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753 -> about:newtab FF Notifications: Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753 -> hxxps://calendar.google.com; hxxps://www.englishcentral.com; hxxps://www.tradingview.com; hxxps://voice.google.com; hxxps://meet.google.com; hxxps://mnogochat.com; hxxps://www.vivechat.com; hxxps://colab.research.google.com; hxxps://www.bybit.com FF Extension: (Grammarly: Grammar Checker and Writing App) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2022-09-15] FF Extension: (AdGuard AdBlocker) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\adguardadblocker@adguard.com.xpi [2022-12-25] FF Extension: (Close Other Tabs Button) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\close-other-tabs-single@codefisher.org.xpi [2021-11-04] FF Extension: (Spanish (Venezuela) spell check dictionary) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\es-ve@dictionaries.addons.mozilla.org.xpi [2021-12-23] FF Extension: (OneTab) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\extension@one-tab.com.xpi [2022-05-10] FF Extension: (Freespoke Search) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\FreespokeSearchExtension@com.Freespoke.xpi [2022-11-12] FF Extension: (Webmail Ad Blocker) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\gmailnoads@mywebber.com.xpi [2022-12-02] FF Extension: (To Google Translate) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-11-04] FF Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\jid1-PmuMUcuMey5ABw@jetpack.xpi [2022-12-04] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2022-12-22] FF Extension: (Open Link with New Tab) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\Open-Link-with-New-Tab@sienori.xpi [2021-11-04] FF Extension: (Open Tabs Next to Current) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\opentabsnexttocurrent@sblask.xpi [2021-11-04] FF Extension: (Save-To-Read) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\save2read@konstantin.plotnikov.xpi [2021-11-04] FF Extension: (Turn Off the Lights) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\stefanvandamme@stefanvd.net.xpi [2021-11-04] FF Extension: (MetaMask) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\webextension@metamask.io.xpi [2022-11-29] FF Extension: (Reverse Image Search) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{0da2e603-21ba-4422-8049-b6d9e013ed84}.xpi [2022-11-12] FF Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-12-14] FF Extension: (Undo Close Tab) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{4853d046-c5a3-436b-bc36-220fd935ee1d}.xpi [2022-03-07] FF Extension: (Save Video As) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{63f3b52d-7581-42cd-9e82-fb1b2cdb0043}.xpi [2021-11-04] FF Extension: (StopAll Ads) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{6c9d5a11-9d2b-4c10-cd40-61fc083d5001}.xpi [2021-11-11] FF Extension: (Alexa Rank) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{833523a7-98c7-44a2-a361-579d2b067d45}.xpi [2022-04-07] FF Extension: (Google Reverse Image Search) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2021-11-04] FF Extension: (Weather Forecast) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{98ab7bc7-0e75-430c-92cb-d27a0e48b23d}.xpi [2021-11-04] FF Extension: (WOT Website Security & Browsing Protection) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2022-08-11] FF Extension: (Weather) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2021-11-03] FF Extension: (Video DownloadHelper) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-12-08] FF Extension: (Adblock Plus - free ad blocker) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-12-05] FF Extension: (Evernote Web Clipper) - C:\Users\xanderusa\AppData\Roaming\Mozilla\Firefox\Profiles\7t1u94y8.default-1635985722753\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2022-12-07] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-31] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2019-03-14] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-31] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Profile 28 CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-01-01] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18 [2022-12-30] CHR Extension: (Adblock for Youtube™) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-12-26] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-26] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-29] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-26] CHR Extension: (do automatic follow & unfollow on Instagram) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\jmnjdaokmajenfaboakjbddmmpbalhhn [2022-09-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-23] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 18\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-12-27] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24 [2022-12-30] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-12-06] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-26] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-01] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 24\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-24] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28 [2023-01-01] CHR Notifications: Profile 28 -> hxxps://beta.meetme.com CHR HomePage: Profile 28 -> hxxp://www.google.com/ CHR StartupUrls: Profile 28 -> "hxxp://www.google.com/","hxxp://gmail.com/","hxxps://search.yahoo.com/?type=523482&fr=yo-yhp-ch","hxxp://www.google.com" CHR Extension: (Bible) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2022-09-25] CHR Extension: (PriceBlink Coupons and Price Comparison) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\aoiidodopnnhiflaflbfeblnojefhigh [2022-09-25] CHR Extension: (Dictanote) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\aomjekmpappghadlogpigifkghlmebjk [2022-09-25] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-12-06] CHR Extension: (Adblock for Youtube™) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-12-17] CHR Extension: (IG Downloader) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\cpgaheeihidjmolbakklolchdplenjai [2022-09-25] CHR Extension: (Good News) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2022-09-25] CHR Extension: (Tampermonkey) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2022-12-04] CHR Extension: (DSM Auto-Paste Chrome Extension) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ecdbmkcphlholpojdglodopmlaficcji [2022-10-10] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-23] CHR Extension: (Free VPN ZenMate-Best VPN for Chrome) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2022-09-25] CHR Extension: (Full Screen Weather) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2022-09-25] CHR Extension: (Return YouTube Dislike) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\gebbhagfogifgggkldgodflihgfeippi [2022-11-21] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-01] CHR Extension: (The Camelizer) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2022-09-25] CHR Extension: (AdBlock — best ad blocker) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-12-20] CHR Extension: (TweetDeck by Twitter) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2022-09-25] CHR Extension: (IE Tab) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2022-11-13] CHR Extension: (Fast Search for eBay) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\hfdilejbabibpfcgmpeflocbnkeckdfn [2022-09-25] CHR Extension: (Google Keep - Notes and Lists) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2022-12-22] CHR Extension: (Crackle) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2022-09-25] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-13] CHR Extension: (Voice Recognition) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2022-09-25] CHR Extension: (Regram Later - Instagram Repost for Later) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\jhblbpejbfgogmhhkaeeicanbgaaehid [2022-09-25] CHR Extension: (AMZ Seller Browser) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\klgpelgeohjghmccooegimcfhanlnngc [2022-09-25] CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2022-12-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-25] CHR Extension: (Data Scraper - Easy Web Scraping) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2022-12-30] CHR Extension: (Search on Amazon) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ocedbpnlcgaocobgdhnbjachogamlibb [2022-09-25] CHR Extension: (Context Menu Search) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\ocpcmghnefmdhljkoiapafejjohldoga [2022-09-25] CHR Extension: (The Tracktor - Price History Tracker) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\onajjgekdldckfgodnmoallcmdmfcfom [2022-09-25] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2022-12-26] CHR Extension: (Google Similar Pages) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej [2022-09-25] CHR Extension: (Scraper) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 28\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2022-09-25] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 29 [2022-12-31] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 29\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-23] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 29\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-01] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 29\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 29\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-29] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 5 [2022-12-15] CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-15] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-15] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-12-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-01] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 9 [2022-11-27] CHR HomePage: Profile 9 -> hxxp://www.google.com/ CHR StartupUrls: Profile 9 -> "hxxp://www.google.com/","hxxp://gmail.com/","hxxps://search.yahoo.com/?type=523482&fr=yo-yhp-ch","hxxp://www.google.com" CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-11-06] CHR Extension: (Google Docs Offline) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-11-06] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-11-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-07] CHR Profile: C:\Users\xanderusa\AppData\Local\Google\Chrome\User Data\System Profile [2023-01-01] CHR HKLM-x32\...\Chrome\Extension: [cnacmimjbgcbfakhihpoaomplpmhppab] - CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Brave: ======= BRA Profile: C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-11-27] BRA Extension: (Brave Local Data Files Updater) - C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-04-23] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-04-23] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-04-22] BRA Extension: (PDF Viewer) - C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-01] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\xanderusa\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-04-22] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-31] (Adobe Inc. -> Adobe Inc.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125144 2016-02-15] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) S2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2022-12-09] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12540928 2022-12-13] (Microsoft Corporation -> Microsoft Corporation) S2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [616344 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.) R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.) S4 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [50888 2021-06-24] (Dell Inc -> ) S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-12-13] (Techporch Incorporated -> Dell Inc.) R2 ExpressVPN App Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe [437096 2022-12-16] (EXPRSVPN LLC -> ExpressVPN) R2 ExpressVPN System Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe [437096 2022-12-16] (EXPRSVPN LLC -> ExpressVPN) R2 ExpressVPN VPN Service; C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe [437096 2022-12-16] (EXPRSVPN LLC -> ExpressVPN) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S4 IRMTService; c:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182336 2015-09-10] (Intel(R) Software -> Intel Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-10-24] (Logitech Inc -> Logitech) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8892256 2022-12-17] (Malwarebytes Inc. -> Malwarebytes) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink Corp. -> CyberLink) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [366032 2022-11-07] (Tonalio GmbH -> Sandboxie-Plus.com) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem S4 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\xanderusa\AppData\Roaming\Zoom" ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2021-11-01] (Zemana D.O.O. Sarajevo -> Copyright 2018.) R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [150824 2021-12-22] (Alcorlink Corp. -> ) R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321792 2022-11-22] (Bluestack Systems, Inc -> Bluestack System Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [60312 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys [46712 2022-12-16] (ExprsVPN LLC -> ExpressVPN) R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-11-08] (Express VPN International Ltd. -> ExpressVPN) R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [33512 2015-09-10] (Intel CASE -> Intel Corporation) S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-12-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-12-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (ManyCam -> Visicom Media Inc.) R3 MpKsl5d064305; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0FC2EAE-F00F-4330-883F-FA1046AE022A}\MpKslDrv.sys [214280 2023-01-01] (Microsoft Windows -> Microsoft Corporation) S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [250896 2022-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-05-23] (TunnelBear, Inc. -> The OpenVPN Project) R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [44304 2019-09-26] (ExprsVPN LLC -> The OpenVPN Project) S3 tapSF0901; C:\WINDOWS\System32\drivers\tapSF0901.sys [39104 2015-07-30] (Spotflux, Inc -> Spotflux, Inc.) S3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-10-16] (Vincent Burel -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-14] (Microsoft Windows -> Microsoft Corporation) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-05-03] (Zemana Ltd. -> Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-01-01 15:57 - 2023-01-01 16:02 - 000051049 _____ C:\Users\xanderusa\Downloads\FRST.txt 2023-01-01 15:55 - 2023-01-01 16:01 - 000000000 ____D C:\FRST 2023-01-01 15:52 - 2023-01-01 15:52 - 002376192 _____ (Farbar) C:\Users\xanderusa\Downloads\FRST64.exe 2023-01-01 15:30 - 2023-01-01 15:51 - 000000000 ____D C:\Program Files\Argente - Registry Cleaner 2023-01-01 15:30 - 2023-01-01 15:30 - 000001004 _____ C:\Users\Public\Desktop\Argente - Registry Cleaner.lnk 2023-01-01 15:30 - 2023-01-01 15:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argente - Registry Cleaner 2023-01-01 15:29 - 2023-01-01 15:29 - 005404387 _____ (Raúl Argente ) C:\Users\xanderusa\Downloads\ARegClean-old.exe 2022-12-31 08:55 - 2022-12-31 08:55 - 000000000 ____D C:\Users\xanderusa\AppData\Local\Tempzxpsign254e7603f0279e50 2022-12-27 11:45 - 2022-12-27 11:57 - 000002540 _____ C:\Users\xanderusa\Desktop\Rkill.txt 2022-12-26 17:35 - 2022-12-26 17:35 - 000002943 _____ C:\Users\xanderusa\Desktop\ZHPCleaner (R).txt 2022-12-26 17:31 - 2022-12-26 17:31 - 000002845 _____ C:\Users\xanderusa\Desktop\ZHPCleaner (S).txt 2022-12-26 17:21 - 2022-12-26 17:21 - 000002043 _____ C:\Users\xanderusa\Desktop\Grindr.lnk 2022-12-26 17:12 - 2022-12-26 17:12 - 003305672 _____ (Nicolas Coolman) C:\Users\xanderusa\ZHPCleaner.exe 2022-12-24 13:34 - 2022-12-24 13:34 - 015274968 _____ (ESET) C:\Users\xanderusa\Downloads\esetonlinescanner.exe 2022-12-24 13:34 - 2022-12-24 13:34 - 000001400 _____ C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2022-12-24 13:34 - 2022-12-24 13:34 - 000001294 _____ C:\Users\xanderusa\Desktop\ESET Online Scanner.lnk 2022-12-23 08:50 - 2022-12-23 08:50 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2022-12-21 10:18 - 2022-12-21 10:18 - 007556073 _____ C:\Users\xanderusa\Downloads\3b6abf3df6e44dbea0a383c19e047967.mp4 2022-12-21 10:02 - 2022-12-21 10:06 - 001032192 _____ C:\Users\xanderusa\Downloads\Erasure She Won't Be Home Christmas 2022 Remix.webm 2022-12-21 10:02 - 2022-12-21 10:05 - 004390880 _____ C:\Users\xanderusa\Downloads\Erasure She Won't Be Home Christmas 2022 Remix(1).webm 2022-12-21 09:48 - 2022-12-21 09:48 - 001151950 _____ C:\Users\xanderusa\Downloads\2fc19264bf794f988afeb0635edb3bfd.mp4 2022-12-21 08:44 - 2022-12-21 08:44 - 000353201 _____ C:\Users\xanderusa\Downloads\HORAS-DE-LA-PASION-ESPAÑOL.pdf 2022-12-20 22:17 - 2022-12-20 22:19 - 000000000 ____D C:\Users\xanderusa\AppData\Local\ExpressVPN 2022-12-20 22:16 - 2022-12-20 22:16 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk 2022-12-20 22:16 - 2022-12-20 22:16 - 000002170 _____ C:\Users\Public\Desktop\ExpressVPN.lnk 2022-12-20 22:16 - 2022-12-20 22:16 - 000000000 ____D C:\ProgramData\ExpressVPN 2022-12-20 22:13 - 2022-12-20 22:13 - 000223878 _____ C:\Users\xanderusa\Downloads\MicrosoftProgram_Install_and_Uninstall.meta (1).diagcab 2022-12-20 22:01 - 2023-01-01 16:03 - 004208308 _____ C:\WINDOWS\ZAM.krnl.trace 2022-12-20 22:01 - 2023-01-01 16:03 - 004199270 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2022-12-20 21:12 - 2022-12-20 21:12 - 000708239 _____ C:\Users\xanderusa\Downloads\ec0524c6c4284151952f78aaab3cfa52.mp4 2022-12-20 21:11 - 2022-12-20 21:11 - 002469688 _____ C:\Users\xanderusa\Downloads\265458__gowlermusic__sleigh-bells-sound-effect(1).wav 2022-12-20 21:09 - 2022-12-20 21:09 - 002469688 _____ C:\Users\xanderusa\Downloads\265458__gowlermusic__sleigh-bells-sound-effect.wav 2022-12-20 21:02 - 2022-12-20 21:02 - 001380281 _____ C:\Users\xanderusa\Downloads\319793133_149248024235214_411294720904545014_n.mp4 2022-12-19 20:22 - 2022-12-19 20:22 - 000000000 ____D C:\MATS 2022-12-19 20:19 - 2022-12-19 20:19 - 000223878 _____ C:\Users\xanderusa\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2022-12-16 17:39 - 2022-12-28 17:59 - 000014665 _____ C:\Users\xanderusa\Desktop\prompts.txt 2022-12-15 11:57 - 2022-12-15 11:57 - 002187365 _____ C:\Users\xanderusa\Downloads\reinteresado.zip 2022-12-14 21:53 - 2022-12-14 21:53 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-897932974-2442178479-4115753467-1003 2022-12-14 21:53 - 2022-12-14 21:53 - 000002393 _____ C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-12-14 15:31 - 2022-12-14 15:31 - 000000000 ___HD C:\$WinREAgent 2022-12-13 20:02 - 2022-12-13 20:04 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.11 2022-12-13 20:01 - 2022-12-13 20:01 - 025218984 _____ (Python Software Foundation) C:\Users\xanderusa\Downloads\python-3.11.1-amd64.exe 2022-12-13 19:49 - 2022-12-13 19:49 - 000032703 _____ C:\Users\xanderusa\Downloads\InvokeAI-installer-2.2.4-p2-windows.zip 2022-12-13 19:44 - 2022-12-13 19:44 - 000000000 ____D C:\Users\xanderusa\AppData\Local\HD-Player 2022-12-13 19:41 - 2023-01-01 15:35 - 000000000 ____D C:\ProgramData\BlueStacks_nxt 2022-12-13 19:41 - 2022-12-13 19:41 - 000000000 ____D C:\Program Files\BlueStacks_nxt 2022-12-12 21:25 - 2022-12-12 21:25 - 000001176 _____ C:\Users\xanderusa\Downloads\PROMPTS.txt 2022-12-11 22:04 - 2022-12-11 22:04 - 000254366 _____ C:\Users\xanderusa\Downloads\c38f7ba6-a6ed-4349-99d8-236c014fd402.webp 2022-12-09 22:58 - 2022-12-09 22:58 - 005392541 _____ C:\Users\xanderusa\Downloads\¿ Sabias ésto 😱el significado de YAHWEH_ tiktok cristianos #alinelreyes.mp4 2022-12-09 18:12 - 2022-12-09 18:12 - 032081595 _____ C:\Users\xanderusa\Downloads\Untitled Project.mp4 2022-12-09 16:47 - 2022-12-09 16:47 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{55FB5A4A-1597-478A-B7F5-B49078F61162} 2022-12-09 16:47 - 2022-12-09 16:47 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{531BD4C0-BAE1-43DD-861F-8F4D0EC4BDB7} 2022-12-08 14:02 - 2022-12-08 14:02 - 000002386 _____ C:\Users\xanderusa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2022-12-08 14:02 - 2022-12-08 14:02 - 000002378 _____ C:\Users\xanderusa\Desktop\Microsoft Teams.lnk 2022-12-07 11:15 - 2022-12-07 11:15 - 000000000 ____D C:\Users\xanderusa\AppData\Local\BSXCache 2022-12-06 20:24 - 2022-12-06 20:24 - 000005774 _____ C:\Users\xanderusa\Downloads\tarea.txt 2022-12-06 20:10 - 2022-12-06 20:10 - 000049528 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll 2022-12-06 20:09 - 2022-12-06 20:09 - 000737656 _____ (Python Software Foundation) C:\WINDOWS\py.exe 2022-12-06 20:09 - 2022-12-06 20:09 - 000736120 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-01-01 16:01 - 2017-04-21 11:33 - 000000000 ____D C:\Users\xanderusa\AppData\Local\CrashDumps 2023-01-01 15:52 - 2021-04-04 15:36 - 000000000 ____D C:\Users\xanderusa\AppData\LocalLow\IGDump 2023-01-01 15:36 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-01-01 15:27 - 2020-10-01 22:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-01-01 15:27 - 2017-04-21 11:34 - 000000000 ____D C:\Program Files (x86)\Google 2023-01-01 14:54 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-01-01 11:28 - 2017-05-31 21:48 - 000000000 ____D C:\ProgramData\boost_interprocess 2023-01-01 11:26 - 2017-04-21 11:38 - 000000000 ____D C:\Users\xanderusa\AppData\LocalLow\Mozilla 2023-01-01 10:25 - 2017-04-24 12:21 - 000000000 ____D C:\Program Files\CCleaner 2023-01-01 10:17 - 2016-12-03 03:59 - 000000000 ____D C:\ProgramData\NVIDIA 2022-12-31 21:42 - 2020-12-15 18:27 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\ZelloDesktop 2022-12-31 16:18 - 2020-10-01 23:20 - 000004174 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8D891B28-4327-4794-8C11-FBA314C2F901} 2022-12-31 13:28 - 2017-08-24 13:01 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\discord 2022-12-31 13:06 - 2017-08-29 16:24 - 000001456 _____ C:\Users\xanderusa\AppData\Local\Adobe Save for Web 13.0 Prefs 2022-12-31 12:38 - 2018-08-28 18:21 - 000000000 ____D C:\Users\xanderusa\AppData\Local\Discord 2022-12-31 09:01 - 2021-04-26 21:27 - 000000000 ____D C:\Users\xanderusa\AppData\Local\AMSDK 2022-12-30 22:48 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2022-12-30 14:56 - 2020-07-24 10:22 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\obs-studio 2022-12-30 09:21 - 2020-01-01 12:08 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\Telegram Desktop - 2 2022-12-27 21:31 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-12-27 12:37 - 2017-04-21 17:26 - 000000000 ____D C:\Users\xanderusa\AppData\Local\ElevatedDiagnostics 2022-12-26 17:35 - 2022-01-17 14:20 - 000000000 ____D C:\Users\xanderusa\AppData\Roaming\ZHP 2022-12-26 17:12 - 2022-07-04 08:35 - 000000742 _____ C:\Users\xanderusa\Desktop\ZHPCleaner.lnk 2022-12-26 17:12 - 2020-10-01 22:53 - 000000000 ____D C:\Users\xanderusa 2022-12-26 14:09 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-12-23 12:37 - 2021-10-09 09:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-12-22 19:59 - 2022-10-03 18:31 - 000002956 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt 2022-12-21 08:49 - 2017-05-05 08:32 - 000000000 ____D C:\Users\xanderusa\Documents\EPE 2022-12-20 22:16 - 2022-11-20 14:49 - 000000000 ____D C:\Program Files (x86)\ExpressVPN 2022-12-20 22:16 - 2017-05-15 10:54 - 000000000 ____D C:\ProgramData\Package Cache 2022-12-20 22:01 - 2020-10-01 23:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-12-20 22:01 - 2020-08-23 21:43 - 000008192 ___SH C:\DumpStack.log.tmp 2022-12-20 22:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-12-20 21:58 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-12-20 21:44 - 2021-11-04 09:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2022-12-20 21:44 - 2017-04-21 11:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-12-20 21:41 - 2020-10-01 22:53 - 000000000 ____D C:\Users\defaultuser0 2022-12-19 21:55 - 2017-04-21 11:37 - 000001236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-12-17 10:06 - 2020-07-12 08:01 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-12-17 10:06 - 2020-07-12 08:01 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-12-15 18:28 - 2017-04-21 11:34 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-12-15 18:28 - 2017-04-21 11:34 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-12-14 21:53 - 2022-08-31 07:36 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-897932974-2442178479-4115753467-1003 2022-12-14 18:20 - 2020-10-02 02:11 - 000783040 _____ C:\WINDOWS\system32\perfh00A.dat 2022-12-14 18:20 - 2020-10-02 02:11 - 000152656 _____ C:\WINDOWS\system32\perfc00A.dat 2022-12-14 18:20 - 2020-10-01 23:08 - 001768946 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-12-14 18:16 - 2020-10-01 22:45 - 006587008 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-12-14 18:10 - 2020-10-02 02:11 - 000000000 ____D C:\WINDOWS\es-MX 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemApps 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-12-14 18:10 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System 2022-12-14 16:06 - 2020-10-01 22:50 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-12-14 10:47 - 2018-10-29 11:50 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore 2022-12-14 10:47 - 2017-04-21 13:54 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-12-14 10:40 - 2017-04-21 13:54 - 148633544 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-12-14 09:10 - 2018-05-01 10:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-12-13 20:02 - 2022-02-21 10:34 - 000000000 ____D C:\Users\xanderusa\AppData\Local\Package Cache 2022-12-13 19:41 - 2022-10-03 18:40 - 000000000 ____D C:\Users\xanderusa\AppData\Local\BlueStacks X 2022-12-13 19:41 - 2019-05-01 07:06 - 000000000 ____D C:\Users\Public\BlueStacks 2022-12-13 19:41 - 2017-04-21 18:58 - 000000000 ____D C:\Users\xanderusa\AppData\Local\Bluestacks 2022-12-13 08:40 - 2020-05-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2022-12-13 08:39 - 2016-12-03 04:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2022-12-11 21:34 - 2020-09-14 21:38 - 000002249 _____ C:\Users\xanderusa\Desktop\Discord.lnk 2022-12-09 18:09 - 2017-05-15 10:56 - 000000000 ____D C:\Users\xanderusa\Documents\Camtasia Studio 2022-12-08 14:08 - 2018-05-17 11:06 - 000000000 ____D C:\Users\xanderusa\AppData\Local\D3DSCache 2022-12-07 11:15 - 2022-10-03 18:28 - 000002010 _____ C:\Users\Public\Desktop\BlueStacks X.lnk 2022-12-07 11:15 - 2022-10-03 18:28 - 000000000 ____D C:\Program Files (x86)\BlueStacks X ==================== Files in the root of some directories ======== 2022-12-26 17:12 - 2022-12-26 17:12 - 003305672 _____ (Nicolas Coolman) C:\Users\xanderusa\ZHPCleaner.exe 2021-01-11 16:44 - 2022-07-16 08:41 - 000000015 _____ () C:\Users\xanderusa\AppData\Roaming\obs-virtualcam.txt 2019-10-28 08:55 - 2019-10-28 08:55 - 000000054 _____ () C:\Users\xanderusa\AppData\Roaming\updater.cfg 2018-10-16 13:49 - 2018-10-16 14:12 - 000004653 _____ () C:\Users\xanderusa\AppData\Roaming\VoiceMeeterDefault.xml 2017-08-29 16:24 - 2022-12-31 13:06 - 000001456 _____ () C:\Users\xanderusa\AppData\Local\Adobe Save for Web 13.0 Prefs 2017-05-02 14:51 - 2022-12-26 12:33 - 009010059 _____ () C:\Users\xanderusa\AppData\Local\BTServer.log 2018-09-19 09:57 - 2018-09-19 09:57 - 000000000 _____ () C:\Users\xanderusa\AppData\Local\oobelibMkey.log 2018-05-01 09:43 - 2018-05-01 09:43 - 000000017 _____ () C:\Users\xanderusa\AppData\Local\resmon.resmoncfg 2021-12-15 16:01 - 2021-12-15 16:01 - 000000000 _____ () C:\Users\xanderusa\AppData\Local\{6D69E77C-0929-4EE8-9DB8-D0C6C9F5939D} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================