Delete 'CanisLupusBaileyi' extension in Google Chrome? No option to remove in Chome extensions menu.

Status
Not open for further replies.

ldnrentals

New Member
Thread author
Oct 22, 2023
4
Tldr; how can I get rid of CanisLupusBaileyi extension from Google Chrome?. Have tried Malwarebytes, antivirus programs.

It seems to redirect any Chrome search bar browser term in my Chrome browser to Bing Search, and I'm sure it's malicious/malware. I don't know how I got it. I've deleted all my other extensions, and can't re-downlaod any of the extensions I used to have because every time I do it just come up with an option to install an extension called 'Dragon Baby', and I don't want to do that.

Also, it's strange vecause if I open a Chroe window in incognito mode, the searcg bar will direct to the usual Google search, not Bing (but obviously I don't have my extensions because I'm in incognito mode)

I've tried running Malwarebytes and various antivirus programs and restarting my laptop, but nothing.

It's drivng me mad and effecting my daily work. I'm an amateur, so layman's terms please :) but anyone that can help me get rid of it gets massive internet wins! Have attached some screenshots.
 

Attachments

  • Screenshot (228).png
    Screenshot (228).png
    11.1 KB · Views: 5
  • Screenshot (227).png
    Screenshot (227).png
    250.3 KB · Views: 5
  • Like
Reactions: nicolaasjan

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,474
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The bad extension is hidden in the a Group Policy.

We can locate the malware entries by running this Program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

ldnrentals

New Member
Thread author
Oct 22, 2023
4
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The bad extension is hidden in the a Group Policy.

We can locate the malware entries by running this Program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
Thank you for your help Nasqaq. This is the first FRST outcome:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
Ran by alexe (administrator) on ALEX (Dell Inc. XPS 13 9305) (24-10-2023 09:06:48)
Running from C:\Users\alexe\OneDrive\Desktop\FRST64.exe
Loaded Profiles: alexe
Platform: Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Config.Msi\216d26.rbf
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Users\alexe\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.48.1091\Grammarly.Desktop.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe <18>
(C:\Users\alexe\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\alexe\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(drivers\RivetNetworks\Killer\KAPSService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPS.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <31>
(explorer.exe ->) (Grammarly, Inc. -> Grammarly) C:\Users\alexe\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.48.1091\Grammarly.Desktop.exe
(explorer.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Inc -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_15c9ea6001a5206d\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_972605d1f505d0d6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSysSvc64.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\alexe\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (04797BBC-C7BB-462F-9B66-331C81E27C0E -> TranslucentTB Open Source Developers) C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2023.1.0.0_x64__v826wp6bftszj\TranslucentTB.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.11090.12017.0_x64__8wekyb3d8bbwe\PhotosService\PhotosService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2341.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.11090.12017.0_x64__8wekyb3d8bbwe\PhotosApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_444148fa7298b49f\RtkAudUService64.exe [1646392 2023-02-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe [5083776 2023-02-15] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-25] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-10-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1559888760-2934778760-3932284767-1001\...\Run: [Hive] => C:\Users\alexe\AppData\Local\Hive\update.exe [1828352 2018-10-30] (GitHub) [File not signed]
HKU\S-1-5-21-1559888760-2934778760-3932284767-1001\...\Run: [] => [X]
HKU\S-1-5-21-1559888760-2934778760-3932284767-1001\...\Run: [Grammarly] => C:\Users\alexe\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.48.1091\Grammarly.Desktop.exe [780896 2023-10-20] (Grammarly, Inc. -> Grammarly)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\118.0.5993.89\Installer\chrmstp.exe [2023-10-20] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * bootdelete
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {950D22BC-0526-4AAD-89C7-24CBCC85049F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-25] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9DB346D6-2BFA-4BD3-946D-D07751164855} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-25] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {3DBEB739-2994-44DA-9478-7AE1A4B71CBA} - System32\Tasks\ChromsteraUpdater => C:\Program Files (x86)\Chromstera Browser Solutions\Chromstera Browser\ChromsteraUpdater.exe [1225184 2023-10-01] (Dragon Boss Solutions LLC -> Chromstera Browser Solutions) <==== ATTENTION
Task: {0BCE3AB6-D6D1-4247-96A3-B25D639539FE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [738144 2023-04-07] (Dell Inc -> Dell Inc.)
Task: {14DE69CC-A530-4C87-87BA-9FD4C35A00AB} - System32\Tasks\GoogleUpdateTaskMachineCore{5BDDD713-2DF4-4375-870E-ABB286E3643A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-15] (Google LLC -> Google LLC)
Task: {68D7CE5D-6849-45C8-974A-B84E156E6B37} - System32\Tasks\GoogleUpdateTaskMachineUA{AC4F7CBD-C1B9-4FE1-89DD-AE2A8745A63B} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-10-15] (Google LLC -> Google LLC)
Task: {10C59BFB-0488-4C47-9FDC-1635AEAC2750} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60368 2023-09-13] (HP Inc. -> HP Inc.)
Task: {3573D6C1-9D06-4D27-9AC5-6A6236D3D47C} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [60368 2023-09-13] (HP Inc. -> HP Inc.)
Task: {232DE0B5-140E-4246-862C-4F22172DB617} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {8A9F1208-9C85-480B-9554-3EC583B9EBB8} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {44F8F0DC-C737-4651-838C-6006BC7330E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C8AE508D-8668-45CD-8F11-33395CB384F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {152B304D-4831-44EC-B624-A01D9A4F7BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {38729A1C-1A8D-4EA2-AE00-920745126AD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9E89B5F4-7E6A-4607-9430-39083C6BF2DB} - System32\Tasks\Opera GX scheduled Autoupdate 1698060655 => C:\Users\alexe\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{a230d696-ea94-4d58-a2d0-3bca64a9b8ae}: [NameServer] 172.17.3.1
Tcpip\..\Interfaces\{f337dff3-fb4b-46e1-b52a-4ed32dbcc7b0}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-23]
Edge HomePage: Default -> hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1495084472&rver=6.7.6643.0&wp=MBI_SSL_SHARED&wreply=hxxps:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai
Edge StartupUrls: Default -> "hxxp://www.dregol.com/?f=7&a=drg_ggbg_15_20&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDzztD0D0FyDtDyCyB0E0EtN0D0Tzu0StCtBtBzytN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyC0Dzz0A0AyEtAtGyDzzyE0CtG0C0DtAyCtG0F0BtA0EtGtB0DzztCtC0CyDtC0DtCyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Bzyzz0A0CtC0CtG0AzytC0BtGyEzy0FyDtG0A0AtBtCtGyC0D0C0ByE0BtDtB0C0BzztC2QtN0A0LzuyE&cr=797143802&ir="
Edge Extension: (LastPass: Free Password Manager) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-10-13]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-10-15]
Edge Extension: (Pushbullet) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2023-06-11]
Edge Extension: (Grammarly: Grammar Checker and AI Writing App) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cnlefmmeadmemmdciolhbnfeacpdfbkd [2023-10-19]
Edge Extension: (Screen Recorder) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpidllmdbfmclpenbdfjkbbipkbbadbg [2023-06-11]
Edge Extension: (Avira Password Manager) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-10-10]
Edge Extension: (Google Docs Offline) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-05]
Edge Extension: (UserZoom Surveys) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jhgccgnbbhnlhgkhkdpmciognioebcoa [2023-06-11]
Edge Extension: (Edge relevant text changes) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-30]
Edge Extension: (CanisLupusBaileyi) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\khimiegpgeocmhfclacnlaagggmhaodh [2023-10-08] [UpdateUrl:hxxps://crxupdate.com/crx/updates.php] <==== ATTENTION
Edge Extension: (Userbrain Recorder) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llgephbnjacepipaoflhmabeclnghfic [2023-10-15]
Edge Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lngaebamompmckcjpaenfkkdcadjigbo [2023-06-11]
Edge Extension: (Google Keep Chrome Extension) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-10-23]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-10-19]
Edge Extension: (Click to start / stop recording) - C:\Users\alexe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pjnefijmagpdjfhhkpljicbbpicelgko [2023-10-09]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKU\S-1-5-21-1559888760-2934778760-3932284767-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [jcpgbnbdnakoblgfkbgggankeidkfcdl]
Edge HKLM-x32\...\Edge\Extension: [khimiegpgeocmhfclacnlaagggmhaodh] - C:\\Users\\alexe\\AppData\\Local\\apps.crx [2023-10-08]

FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-10-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-10-05] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Default [2023-10-24]
CHR HomePage: Default -> hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1495084472&rver=6.7.6643.0&wp=MBI_SSL_SHARED&wreply=hxxps:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb&cbcxt=mai
CHR Extension: (CanisLupusBaileyi) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Default\Extensions\khimiegpgeocmhfclacnlaagggmhaodh [2023-10-08] [UpdateUrl:hxxps://crxupdate.com/crx/updates.php] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-10]
CHR Profile: C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-17]
CHR Profile: C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Profile 6 [2023-10-23]
CHR Extension: (Avira Password Manager) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2023-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\alexe\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-14]
CHR Profile: C:\Users\alexe\AppData\Local\Google\Chrome\User Data\System Profile [2023-10-23]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1559888760-2934778760-3932284767-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khimiegpgeocmhfclacnlaagggmhaodh] - C:\\Users\\alexe\\AppData\\Local\\apps.crx [2023-10-08]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-10-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-25] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1261568 2023-10-10] (Microsoft Windows -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-03-14] (Dell Inc -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2023-08-16] (Dell Inc -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22224 2022-10-26] (Dell Inc -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-07-28] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [25336 2022-03-29] (Dell Inc -> Dell Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-09-13] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_e2f37014c00c6170\AS\IAS\IntelAudioService.exe [543352 2022-11-24] (Intel Corporation -> Intel)
R3 KAPSService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KAPSService.exe [82648 2022-03-28] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2434776 2022-03-28] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2900232 2022-03-28] (Intel Corporation -> Intel)
S3 KNDBWM; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [83728 2022-03-28] (Intel Corporation -> Intel® Corporation)
R2 NativePushService; C:\Users\alexe\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [755600 2022-09-17] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [400488 2022-05-24] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [343656 2022-05-24] (Proton Technologies AG -> )
S3 ProtonVPN WireGuard; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe [328808 2022-05-24] (Proton Technologies AG -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1232368 2023-10-10] (Rockstar Games, Inc. -> Rockstar Games)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160096 2023-04-07] (Dell Inc -> Dell Inc.)
R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [256608 2022-06-29] (Intel Corporation -> Intel Corporation)
R2 WavesAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesAudioService.exe [160896 2023-02-15] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46528 2023-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218464 2023-02-20] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_0b4251313af34984\iaLPSS2_UART2_TGL.sys [310432 2021-01-28] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_cb2075debe05eee2\IntcUSB.sys [920688 2022-11-24] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2022-08-10] (Intel Corporation -> Intel Corporation)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [199736 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.)
R3 MpKsl71e29768; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7784131-9037-4569-B1FF-7770E8B1FC23}\MpKslDrv.sys [263560 2023-10-24] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2023-07-10] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-15] (Microsoft Windows -> Microsoft Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2019-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2022-05-07] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-05] (Microsoft Windows -> Microsoft Corporation)
R3 WiMan; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_69b068c488635580\WiMan\WiMan.sys [169048 2022-04-20] (Intel Corporation -> Intel Corporation)
R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_69b068c488635580\WiManH\WiManH.sys [176736 2022-04-20] (Intel Corporation -> Intel Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-08-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-24 09:05 - 2023-10-24 09:07 - 000000000 ____D C:\FRST
2023-10-23 20:12 - 2023-10-23 20:12 - 014273064 _____ (Sophos B.V.) C:\Users\alexe\Downloads\HitmanPro_x64 (1).exe
2023-10-23 20:10 - 2023-10-23 20:10 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\alexe\Downloads\rkill.exe
2023-10-23 13:19 - 2023-10-23 13:19 - 000000000 ____D C:\Users\alexe\AppData\Roaming\PolarBear
2023-10-23 13:11 - 2023-10-23 13:11 - 000000000 ____D C:\Users\alexe\AppData\Roaming\TunnelBear
2023-10-23 13:11 - 2023-10-23 13:11 - 000000000 ____D C:\Users\alexe\AppData\Local\TunnelBear
2023-10-23 13:11 - 2023-10-23 13:11 - 000000000 ____D C:\Users\alexe\AppData\Local\IsolatedStorage
2023-10-23 13:10 - 2023-10-23 13:19 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2023-10-23 13:10 - 2023-10-23 13:10 - 159922072 _____ (TunnelBear) C:\Users\alexe\Downloads\TunnelBear-Installer.exe
2023-10-23 12:59 - 2023-10-23 12:59 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\alexe\Downloads\MEmu-setup-abroad-sdk-mv (1).exe
2023-10-23 12:46 - 2023-10-23 12:46 - 000000431 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2023-10-23 12:33 - 2023-10-23 12:54 - 000000000 ____D C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu
2023-10-23 12:32 - 2023-10-23 12:46 - 000000000 ____D C:\Users\alexe\Downloads\MEmu Download
2023-10-23 12:31 - 2023-10-23 20:07 - 000000000 ____D C:\Users\alexe\AppData\Roaming\ReasonLabs
2023-10-23 12:31 - 2023-10-23 12:46 - 000000000 ____D C:\Users\alexe\.android
2023-10-23 12:31 - 2023-10-23 12:31 - 000004156 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1698060655
2023-10-23 12:31 - 2023-10-23 12:31 - 000000000 ____D C:\Users\alexe\AppData\Local\Opera Software
2023-10-23 12:30 - 2023-10-23 12:55 - 000000000 ____D C:\Program Files\Microvirt
2023-10-23 12:30 - 2023-10-23 12:45 - 000000000 ____D C:\Users\alexe\AppData\Local\Microvirt
2023-10-23 12:30 - 2023-10-23 12:30 - 000000000 ____D C:\Users\alexe\AppData\Roaming\Opera Software
2023-10-23 12:29 - 2023-10-23 12:29 - 024084360 _____ (Microvirt Software Technology Co. Ltd.) C:\Users\alexe\Downloads\MEmu-setup-abroad-sdk-mv.exe
2023-10-23 12:26 - 2023-10-23 12:26 - 000000000 ____D C:\Users\alexe\AppData\Local\BSXCache
2023-10-23 12:26 - 2023-10-23 12:26 - 000000000 ____D C:\ProgramData\boost_interprocess
2023-10-23 12:25 - 2023-10-23 12:51 - 000000000 ____D C:\Users\alexe\AppData\Local\Bluestacks
2023-10-23 12:25 - 2023-10-23 12:25 - 000921048 _____ (now.gg, Inc.) C:\Users\alexe\Downloads\BlueStacks10Installer_10.4.60.1001_native_d3f0c7abef90771321fe2697ebc04150_MzsxNSwwOzUsMTsxNSw0OzE1.exe
2023-10-23 12:25 - 2023-10-23 12:25 - 000000000 ____D C:\Users\Public\BlueStacks
2023-10-23 11:24 - 2023-10-23 11:24 - 025590400 _____ (Grammarly) C:\Users\alexe\Downloads\GrammarlyInstaller.cm38I3fcxihp8dkd50o70702.exe
2023-10-23 11:24 - 2023-10-23 11:24 - 000001695 _____ C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk
2023-10-23 11:24 - 2023-10-23 11:24 - 000000000 ____D C:\Users\alexe\AppData\Roaming\Grammarly
2023-10-23 11:24 - 2023-10-23 11:24 - 000000000 ____D C:\Users\alexe\AppData\Local\Grammarly
2023-10-22 20:29 - 2023-10-22 20:29 - 002606880 _____ (Malwarebytes) C:\Users\alexe\Downloads\MBSetup (3).exe
2023-10-22 20:22 - 2023-10-22 20:22 - 000000000 ____H C:\Users\alexe\OneDrive\Documents\Default.rdp
2023-10-22 19:51 - 2023-10-22 19:51 - 003594016 _____ (RCS LT) C:\Users\alexe\Downloads\CCSetup (1).exe
2023-10-21 14:38 - 2023-10-21 14:38 - 068103592 _____ C:\Users\alexe\Downloads\carnavaldone.mp4
2023-10-20 12:10 - 2023-10-20 12:10 - 002606880 _____ (Malwarebytes) C:\Users\alexe\Downloads\MBSetup-076886.076886-consumer.exe
2023-10-19 18:56 - 2023-10-19 18:57 - 041755856 _____ (Telegram FZ-LLC ) C:\Users\alexe\Downloads\tsetup-x64.4.10.2 (3).exe
2023-10-19 18:56 - 2023-10-19 18:56 - 052042776 _____ C:\Users\alexe\Downloads\tportable-x64.4.10.2.zip
2023-10-19 18:55 - 2023-10-19 18:55 - 041755856 _____ (Telegram FZ-LLC ) C:\Users\alexe\Downloads\tsetup-x64.4.10.2 (2).exe
2023-10-19 18:55 - 2023-10-19 18:55 - 041755856 _____ (Telegram FZ-LLC ) C:\Users\alexe\Downloads\tsetup-x64.4.10.2 (1).exe
2023-10-19 12:43 - 2023-10-22 20:24 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2023-10-19 12:42 - 2023-10-19 12:42 - 003594016 _____ (RCS LT) C:\Users\alexe\Downloads\CCSetup.exe
2023-10-18 15:38 - 2023-10-18 15:38 - 000021540 _____ C:\WINDOWS\system32\.crusader
2023-10-18 15:14 - 2023-10-18 15:38 - 000000000 ____D C:\ProgramData\HitmanPro
2023-10-18 15:13 - 2023-10-18 15:14 - 014273064 _____ (Sophos B.V.) C:\Users\alexe\Downloads\HitmanPro_x64.exe
2023-10-18 10:52 - 2023-10-18 10:52 - 000122512 _____ C:\Users\alexe\Downloads\IMG_20210811_202911_141.webp
2023-10-17 05:15 - 2023-10-17 05:15 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2023-10-17 04:50 - 2023-10-17 04:50 - 000016387 _____ C:\Users\alexe\Downloads\varsity_2 (1).zip
2023-10-17 04:50 - 2023-10-17 04:50 - 000000000 ____D C:\Users\alexe\Downloads\varsity_2 (1)
2023-10-17 04:47 - 2023-10-17 04:47 - 000000000 ____D C:\Users\alexe\Downloads\blank_river
2023-10-17 04:46 - 2023-10-17 04:46 - 000030729 _____ C:\Users\alexe\Downloads\blank_river.zip
2023-10-17 04:45 - 2023-10-17 04:45 - 000044205 _____ C:\Users\alexe\Downloads\a_attack_graffiti (4).zip
2023-10-17 04:45 - 2023-10-17 04:45 - 000036725 _____ C:\Users\alexe\Downloads\a_dripping_marker (1).zip
2023-10-17 04:45 - 2023-10-17 04:45 - 000000000 ____D C:\Users\alexe\Downloads\a_attack_graffiti (4)
2023-10-15 14:17 - 2023-10-15 14:17 - 000033714 _____ C:\Users\alexe\Downloads\label.pdf
2023-10-15 13:57 - 2023-10-20 00:16 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-10-15 13:57 - 2023-10-15 13:57 - 001373744 _____ (Google LLC) C:\Users\alexe\Downloads\ChromeSetup (6).exe
2023-10-15 13:57 - 2023-10-15 13:57 - 000003790 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{AC4F7CBD-C1B9-4FE1-89DD-AE2A8745A63B}
2023-10-15 13:57 - 2023-10-15 13:57 - 000003666 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{5BDDD713-2DF4-4375-870E-ABB286E3643A}
2023-10-15 13:48 - 2023-10-15 13:48 - 002606880 _____ (Malwarebytes) C:\Users\alexe\Downloads\MBSetup (2).exe
2023-10-15 13:21 - 2023-10-15 13:21 - 000000000 ____D C:\Users\alexe\OneDrive\Documents\ScanGuard
2023-10-15 13:19 - 2023-10-15 13:19 - 057470816 _____ C:\Users\alexe\Downloads\ScanGuard_Setup.exe
2023-10-13 15:29 - 2023-10-13 15:29 - 001373744 _____ (Google LLC) C:\Users\alexe\Downloads\ChromeSetup (5).exe
2023-10-13 14:19 - 2023-10-13 14:19 - 001373744 _____ (Google LLC) C:\Users\alexe\Downloads\ChromeSetup (4).exe
2023-10-13 14:07 - 2023-10-13 14:09 - 000000000 ____D C:\Users\alexe\AppData\Roaming\AVG
2023-10-13 14:07 - 2023-10-13 14:09 - 000000000 ____D C:\Users\alexe\AppData\Local\AVG
2023-10-13 14:07 - 2023-10-13 14:07 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2023-10-13 14:06 - 2023-10-13 14:06 - 000234944 _____ (AVG Technologies CZ, s.r.o.) C:\Users\alexe\Downloads\avg_antivirus_free_setup (3).exe
2023-10-12 19:42 - 2023-10-12 19:42 - 000018619 _____ C:\Users\alexe\Downloads\KA DONES (1).pdf
2023-10-12 19:41 - 2023-10-12 19:41 - 000018619 _____ C:\Users\alexe\Downloads\KA DONES.pdf
2023-10-12 12:02 - 2023-10-12 12:02 - 000000000 ____D C:\Users\alexe\OneDrive\Documents\TotalAV
2023-10-12 11:59 - 2023-10-15 13:20 - 000000000 ____D C:\Users\alexe\AppData\Local\GUI
2023-10-12 11:59 - 2023-10-12 11:59 - 000000000 ____D C:\ProgramData\SecuritySuite
2023-10-12 11:58 - 2023-10-12 11:58 - 057494344 _____ C:\Users\alexe\Downloads\TotalAV_Setup.exe
2023-10-12 11:56 - 2023-10-12 11:56 - 002606880 _____ (Malwarebytes) C:\Users\alexe\Downloads\MBSetup (1).exe
2023-10-12 11:40 - 2023-10-12 16:17 - 000000000 ____D C:\ProgramData\Avast Software
2023-10-12 11:40 - 2023-10-12 11:40 - 000263576 _____ (AVAST Software) C:\Users\alexe\Downloads\avast_one_free_antivirus.exe
2023-10-12 11:29 - 2023-10-12 11:29 - 000000000 ____D C:\Users\alexe\AppData\Local\mbam
2023-10-12 11:27 - 2023-10-12 11:27 - 002606880 _____ (Malwarebytes) C:\Users\alexe\Downloads\MBSetup.exe
2023-10-10 23:40 - 2023-10-10 23:40 - 001373744 _____ (Google LLC) C:\Users\alexe\Downloads\ChromeSetup (3).exe
2023-10-10 23:34 - 2023-10-10 23:34 - 000000000 __SHD C:\System Repair
2023-10-10 23:33 - 2023-10-10 23:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2023-10-10 23:15 - 2023-10-10 23:32 - 000711176 _____ C:\WINDOWS\system32\rtp.db
2023-10-10 23:15 - 2023-10-10 23:15 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2023-10-10 23:15 - 2023-10-10 23:15 - 000000000 ____D C:\Users\Public\Security Sessions
2023-10-10 23:15 - 2023-10-10 23:15 - 000000000 ____D C:\Users\alexe\AppData\Local\AviraWebView2Cache
2023-10-10 23:13 - 2023-10-10 23:15 - 000000000 ____D C:\Users\alexe\AppData\Local\Avira
2023-10-10 23:12 - 2023-10-10 23:34 - 000000000 ____D C:\ProgramData\Avira
2023-10-10 23:12 - 2023-10-10 23:12 - 006573128 _____ (Avira Operations GmbH) C:\Users\alexe\Downloads\avira_en_sptl1_100833082-1696975728__bngav.exe
2023-10-10 23:09 - 2023-10-10 23:09 - 006573128 _____ (Avira Operations GmbH) C:\Users\alexe\Downloads\avira_en_sptl1_100833082-1696975728__bngb.exe
2023-10-10 21:53 - 2023-10-10 21:53 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-10-10 21:51 - 2023-10-10 21:51 - 000234944 _____ (AVG Technologies CZ, s.r.o.) C:\Users\alexe\Downloads\avg_antivirus_free_setup (2).exe
2023-10-10 21:51 - 2023-10-10 21:51 - 000234944 _____ (AVG Technologies CZ, s.r.o.) C:\Users\alexe\Downloads\avg_antivirus_free_setup (1).exe
2023-10-10 21:47 - 2023-10-10 21:47 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2023-10-10 21:46 - 2023-10-10 21:46 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2023-10-10 21:46 - 2023-10-10 21:46 - 000016239 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-10 21:32 - 2023-10-23 12:26 - 000000000 ____D C:\Users\alexe\AppData\Local\CrashDumps
2023-10-10 21:23 - 2023-10-13 14:09 - 000000000 ____D C:\ProgramData\AVG
2023-10-10 21:23 - 2023-10-10 21:23 - 000234944 _____ (AVG Technologies CZ, s.r.o.) C:\Users\alexe\Downloads\avg_antivirus_free_setup.exe
2023-10-10 14:43 - 2023-10-10 14:43 - 086237168 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (9).exe
2023-10-10 14:41 - 2023-10-10 14:41 - 013449768 _____ C:\Users\alexe\Downloads\x360ce (4).zip
2023-10-10 14:40 - 2023-10-10 14:40 - 001700272 _____ C:\Users\alexe\Downloads\x360ce_x64.zip
2023-10-10 12:25 - 2023-10-10 12:25 - 000147828 _____ C:\Users\alexe\Downloads\R.jpeg
2023-10-08 19:44 - 2023-10-08 19:44 - 000000000 ____D C:\Users\alexe\Downloads\x360ce (3)
2023-10-08 19:31 - 2023-10-08 19:31 - 013449768 _____ C:\Users\alexe\Downloads\x360ce (3).zip
2023-10-08 19:00 - 2023-10-08 19:00 - 013449768 _____ C:\Users\alexe\Downloads\x360ce (2).zip
2023-10-08 19:00 - 2023-10-08 19:00 - 000000000 ____D C:\Users\alexe\Downloads\x360ce (2)
2023-10-08 19:00 - 2023-10-08 19:00 - 000000000 ____D C:\ProgramData\Chromstera Browser Solutions
2023-10-08 18:54 - 2023-10-08 18:54 - 000012125 _____ C:\Users\alexe\AppData\Local\apps.crx
2023-10-08 18:54 - 2023-10-08 18:54 - 000004438 _____ C:\WINDOWS\system32\Tasks\ChromsteraUpdater
2023-10-08 18:54 - 2023-10-08 18:54 - 000000000 ____D C:\Program Files (x86)\Chromstera Browser Solutions
2023-10-08 18:53 - 2023-10-08 18:53 - 004731392 _____ C:\Users\alexe\Downloads\Setup-10.msi
2023-10-08 17:24 - 2023-10-08 17:24 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (8).exe
2023-10-08 16:54 - 2023-10-08 16:54 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (7).exe
2023-10-08 16:47 - 2023-10-08 16:47 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (6).exe
2023-10-06 18:53 - 2023-10-06 18:53 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (5).exe
2023-10-06 18:35 - 2023-10-06 18:35 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (4).exe
2023-10-06 09:30 - 2023-10-12 12:47 - 000000000 ____D C:\WINDOWS\Minidump
2023-10-05 18:18 - 2023-10-05 18:18 - 000019358 _____ C:\Users\alexe\Downloads\Alex_Eastick_-_Kitchen_Assistant (2).pdf
2023-10-05 18:17 - 2023-10-05 18:17 - 000019358 _____ C:\Users\alexe\Downloads\Alex_Eastick_-_Kitchen_Assistant (1).pdf
2023-10-05 18:12 - 2023-10-05 18:12 - 000021413 _____ C:\Users\alexe\Downloads\Alex_Eastick_-_Kitchen_Assistant.pdf
2023-10-04 12:43 - 2023-10-04 12:43 - 001876139 _____ C:\Users\alexe\Downloads\20230621_210011-01-01.jpeg
2023-10-02 00:38 - 2023-10-02 00:38 - 005776275 _____ C:\Users\alexe\Downloads\20230814_163048-01.jpeg
2023-10-02 00:25 - 2023-10-02 00:25 - 009307678 _____ C:\Users\alexe\Downloads\1000017894-01 (1).jpeg
2023-10-02 00:24 - 2023-10-02 00:24 - 009307678 _____ C:\Users\alexe\Downloads\1000017894-01.jpeg
2023-10-02 00:23 - 2023-10-02 00:23 - 007314747 _____ C:\Users\alexe\Downloads\1000017896-01.jpeg
2023-10-02 00:23 - 2023-10-02 00:23 - 003981376 _____ C:\Users\alexe\Downloads\1000017896-02.jpeg
2023-10-02 00:23 - 2023-10-02 00:23 - 003872874 _____ C:\Users\alexe\Downloads\1000017895-02.jpeg
2023-10-02 00:10 - 2023-10-02 00:10 - 007704786 _____ C:\Users\alexe\Downloads\Untitled (1).jpeg
2023-10-02 00:09 - 2023-10-02 00:09 - 007704786 _____ C:\Users\alexe\Downloads\Untitled.jpeg
2023-10-01 21:00 - 2023-10-01 21:00 - 000000000 ____D C:\Users\alexe\Downloads\street_soul (2)
2023-10-01 20:59 - 2023-10-01 20:59 - 000000000 ____D C:\Users\alexe\Downloads\a_attack_graffiti (3)
2023-10-01 20:58 - 2023-10-02 12:31 - 000000000 ____D C:\Users\alexe\Downloads\a_dripping_marker
2023-10-01 20:57 - 2023-10-01 20:57 - 000044205 _____ C:\Users\alexe\Downloads\a_attack_graffiti (3).zip
2023-10-01 20:57 - 2023-10-01 20:57 - 000036725 _____ C:\Users\alexe\Downloads\a_dripping_marker.zip
2023-10-01 20:57 - 2023-10-01 20:57 - 000010375 _____ C:\Users\alexe\Downloads\street_soul (2).zip
2023-10-01 20:44 - 2023-10-01 20:44 - 000000000 ____D C:\Users\alexe\Downloads\street_soul (1)
2023-10-01 20:43 - 2023-10-01 20:43 - 000010375 _____ C:\Users\alexe\Downloads\street_soul.zip
2023-10-01 20:43 - 2023-10-01 20:43 - 000010375 _____ C:\Users\alexe\Downloads\street_soul (1).zip
2023-10-01 20:37 - 2023-10-01 21:01 - 000000000 ____D C:\Users\alexe\Downloads\decipher
2023-10-01 20:36 - 2023-10-01 21:00 - 000000000 ____D C:\Users\alexe\Downloads\painterz (1)
2023-10-01 20:35 - 2023-10-01 20:35 - 004270178 _____ C:\Users\alexe\Downloads\decipher.zip
2023-10-01 20:35 - 2023-10-01 20:35 - 000048821 _____ C:\Users\alexe\Downloads\painterz (1).zip
2023-10-01 20:33 - 2023-10-01 20:33 - 000044205 _____ C:\Users\alexe\Downloads\a_attack_graffiti (2).zip
2023-10-01 20:32 - 2023-10-01 20:32 - 000044205 _____ C:\Users\alexe\Downloads\a_attack_graffiti (1).zip
2023-09-30 16:52 - 2023-09-30 16:52 - 000000000 ____D C:\Users\alexe\Downloads\Telegram Desktop
2023-09-30 16:51 - 2023-09-30 16:55 - 000000000 ____D C:\Users\alexe\AppData\Roaming\Telegram Desktop
2023-09-30 16:50 - 2023-09-30 16:51 - 041755856 _____ (Telegram FZ-LLC ) C:\Users\alexe\Downloads\tsetup-x64.4.10.2.exe
2023-09-26 17:08 - 2023-09-26 17:08 - 000140778 _____ C:\Users\alexe\Downloads\Coinbase-6080ad1aaca33b284fce4e52-TransactionsHistoryReport-2023-09-26-16-08-13.pdf
2023-09-25 20:24 - 2023-09-25 20:24 - 096195312 _____ C:\Users\alexe\Downloads\torbrowser-install-win64-12.5.4_ALL (1).exe
2023-09-20 23:13 - 2023-09-20 23:14 - 085580272 _____ (Rockstar Games Inc.) C:\Users\alexe\Downloads\Rockstar-Games-Launcher (3).exe
2023-09-20 20:26 - 2023-09-25 20:26 - 000001047 _____ C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser.lnk
2023-09-20 20:25 - 2023-09-20 20:26 - 096195312 _____ C:\Users\alexe\Downloads\torbrowser-install-win64-12.5.4_ALL.exe
2023-09-10 01:47 - 2023-09-10 01:47 - 000000000 ____D C:\Users\alexe\AppData\Local\McAfee
2023-09-10 01:41 - 2023-10-24 09:04 - 000000000 ____D C:\Users\alexe\.openshot_qt
2023-09-10 01:41 - 2023-09-10 01:41 - 031370850 _____ C:\Users\alexe\Downloads\lv_0_20230908182159.mp4
2023-09-10 01:40 - 2023-09-10 01:40 - 000000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenShot Video Editor.lnk
2023-09-10 01:39 - 2023-09-10 01:40 - 000000000 ____D C:\Program Files\OpenShot Video Editor
2023-09-10 01:38 - 2023-09-10 01:38 - 197485952 _____ (OpenShot Studios, LLC ) C:\Users\alexe\Downloads\OpenShot-v3.1.1-x86_64.exe
2023-09-10 01:38 - 2023-09-10 01:38 - 197485952 _____ (OpenShot Studios, LLC ) C:\Users\alexe\Downloads\OpenShot-v3.1.1-x86_64 (1).exe
2023-09-08 04:15 - 2023-09-08 04:15 - 000000000 ____D C:\Program Files (x86)\DummyDir
2023-09-05 18:57 - 2023-09-05 18:57 - 000027279 _____ C:\Users\alexe\Downloads\Alex_Eastick_-_Chef_de_Partie (1).pdf
2023-09-05 18:53 - 2023-09-05 18:53 - 000027289 _____ C:\Users\alexe\Downloads\Alex_Eastick_-_Chef_de_Partie.pdf
2023-08-23 00:45 - 2023-08-23 00:45 - 000000000 ____D C:\WINDOWS\{0F05E98A-0E91-4DA4-A367-CE4E7BB6A9FB}
2023-08-15 18:35 - 2023-06-27 01:25 - 002209224 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-08-15 18:35 - 2023-06-27 01:25 - 002209224 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-08-15 18:35 - 2023-06-27 01:25 - 001643464 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-08-15 18:35 - 2023-06-27 01:25 - 001643464 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-08-15 18:35 - 2023-06-27 01:25 - 001506760 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 001506760 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 001239536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 001239536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 000549704 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 000522696 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 000488904 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 000462832 _____ C:\WINDOWS\system32\ze_loader.dll
2023-08-15 18:35 - 2023-06-27 01:25 - 000313240 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2023-08-15 18:35 - 2023-06-27 01:24 - 027983768 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2023-08-15 18:35 - 2023-06-27 01:24 - 020707784 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2023-08-15 18:35 - 2023-06-27 01:24 - 000979024 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2023-08-15 18:35 - 2023-06-27 01:24 - 000737752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2023-08-15 18:35 - 2023-06-27 01:23 - 000621680 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2023-08-15 18:35 - 2023-06-27 01:23 - 000521616 _____ C:\WINDOWS\SysWOW64\IntelControlLib32.dll
2023-08-15 18:35 - 2023-06-27 01:23 - 000480600 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2023-08-15 18:35 - 2023-06-27 01:19 - 000304336 _____ C:\WINDOWS\system32\ControlLib.dll
2023-08-15 18:35 - 2023-06-27 01:19 - 000252600 _____ C:\WINDOWS\SysWOW64\ControlLib32.dll
2023-08-14 16:54 - 2023-08-14 16:54 - 000001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk
2023-08-13 23:16 - 2023-08-13 23:16 - 000002219 _____ C:\Users\alexe\AppData\Local\recently-used.xbel
2023-08-13 22:07 - 2023-09-13 21:29 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-10-24 09:05 - 2022-06-10 16:38 - 000000000 ____D C:\Program Files (x86)\Google
2023-10-24 09:05 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-24 09:03 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-24 08:46 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-10-24 08:22 - 2023-02-20 15:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-24 00:15 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-24 00:15 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-23 15:32 - 2022-06-10 16:25 - 000000000 ____D C:\Users\alexe\AppData\Local\D3DSCache
2023-10-23 13:19 - 2022-05-13 23:18 - 000000000 ____D C:\ProgramData\Package Cache
2023-10-23 13:11 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-10-23 13:00 - 2022-05-13 23:14 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2023-10-23 12:54 - 2023-02-20 15:22 - 000000000 ____D C:\Users\alexe
2023-10-23 12:47 - 2023-02-20 15:26 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-23 12:42 - 2023-02-20 15:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-23 12:42 - 2023-02-20 15:21 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-10-23 12:42 - 2022-06-10 16:25 - 000000000 __SHD C:\Users\alexe\IntelGraphicsProfiles
2023-10-23 12:42 - 2022-05-13 23:12 - 000000000 ____D C:\ProgramData\Goodix
2023-10-23 12:42 - 2022-05-13 23:12 - 000000000 ____D C:\Intel
2023-10-23 12:42 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2023-10-23 12:42 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-10-23 12:42 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-10-23 12:42 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-10-23 12:42 - 2022-05-07 03:49 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-23 12:33 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-23 10:57 - 2022-10-16 22:59 - 000000000 ____D C:\Users\alexe\Downloads\vintage-straps
2023-10-22 20:39 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-10-22 12:57 - 2023-02-20 15:25 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1559888760-2934778760-3932284767-1001
2023-10-22 12:57 - 2023-02-20 15:25 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1559888760-2934778760-3932284767-1001
2023-10-22 12:57 - 2022-06-10 16:26 - 000002385 _____ C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-10-22 12:50 - 2022-05-07 03:49 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-19 15:47 - 2022-10-17 20:18 - 000000000 ___RD C:\Users\alexe\Creative Cloud Files
2023-10-17 18:28 - 2022-06-10 16:26 - 000000000 ____D C:\Program Files\dotnet
2023-10-17 05:19 - 2022-10-17 20:15 - 000000000 ____D C:\Users\alexe\AppData\Roaming\com.adobe.dunamis
2023-10-17 05:15 - 2022-10-17 20:16 - 000000000 ____D C:\Program Files\Adobe
2023-10-12 12:47 - 2023-02-17 04:14 - 000000000 ___DC C:\WINDOWS\Panther
2023-10-11 09:37 - 2022-06-11 03:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-11 09:35 - 2022-06-11 03:43 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-10 23:28 - 2023-02-20 15:21 - 000641128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-10 22:10 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-10-10 21:55 - 2022-06-10 16:25 - 000000000 ____D C:\Users\alexe\AppData\Local\Packages
2023-10-10 21:53 - 2022-05-13 23:15 - 000000000 ____D C:\ProgramData\McAfee
2023-10-10 21:53 - 2022-05-13 23:15 - 000000000 ____D C:\Program Files\McAfee
2023-10-10 21:53 - 2022-05-13 23:15 - 000000000 ____D C:\Program Files\Common Files\McAfee
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-10 21:53 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-10 21:47 - 2023-02-20 15:22 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-10 21:36 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-10-10 14:44 - 2022-12-05 23:10 - 000000000 ____D C:\Program Files\Rockstar Games
2023-10-10 14:44 - 2022-12-05 23:10 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2023-10-10 14:43 - 2022-12-05 23:10 - 000000000 ____D C:\Users\alexe\OneDrive\Documents\Rockstar Games
2023-10-10 14:43 - 2022-12-05 23:10 - 000000000 ____D C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2023-10-10 14:43 - 2022-12-05 23:10 - 000000000 ____D C:\Users\alexe\AppData\Local\Rockstar Games
2023-10-08 19:45 - 2020-11-15 17:46 - 015460624 _____ (Jocys.com) C:\Program Files\x360ce.exe
2023-10-08 19:45 - 2020-11-15 17:46 - 015460624 _____ (Jocys.com) C:\Program Files (x86)\x360ce.exe
2023-10-07 12:25 - 2022-10-17 20:16 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-10-05 09:31 - 2023-02-25 20:44 - 000001388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-10-05 09:31 - 2022-10-17 20:16 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-10-05 09:31 - 2022-10-17 20:15 - 000000000 ____D C:\Users\alexe\AppData\Local\Adobe
2023-10-05 09:31 - 2022-05-07 03:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-01 22:28 - 2022-05-13 23:22 - 000000000 ____D C:\ProgramData\Packages
2023-10-01 21:51 - 2022-06-10 17:51 - 000000000 ____D C:\Users\alexe\AppData\Local\babl-0.1
2023-10-01 20:15 - 2022-10-17 23:03 - 000000000 ____D C:\Users\alexe\AppData\LocalLow\Adobe
2023-09-25 20:52 - 2023-05-29 00:18 - 000000000 ____D C:\Users\alexe\AppData\LocalLow\Mozilla

==================== Files in the root of some directories ========

2020-11-15 17:46 - 2023-10-08 19:45 - 015460624 _____ (Jocys.com) C:\Program Files\x360ce.exe
2020-11-15 17:46 - 2023-10-08 19:45 - 015460624 _____ (Jocys.com) C:\Program Files (x86)\x360ce.exe
2023-10-08 18:54 - 2023-10-08 18:54 - 000012125 _____ () C:\Users\alexe\AppData\Local\apps.crx
2023-02-20 01:03 - 2023-02-20 01:03 - 000000000 _____ () C:\Users\alexe\AppData\Local\oobelibMkey.log
2023-08-13 23:16 - 2023-08-13 23:16 - 000002219 _____ () C:\Users\alexe\AppData\Local\recently-used.xbel

==================== SigCheckExt =========================

2022-11-30 22:56 - 2022-11-30 22:56 - 000098304 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt.dll
2022-06-27 16:41 - 2022-06-27 16:41 - 038253432 _____ ( ) C:\Users\alexe\Downloads\gmic_3.1.4_gimp2.10_win64.exe
2022-06-11 19:48 - 2022-06-11 19:48 - 098797015 _____ C:\Users\alexe\Downloads\inkscape-1.2_2022-05-15_dc2aedaf03-x64_FKau6eX.exe
2022-10-31 22:14 - 2022-10-31 22:14 - 000763112 _____ C:\Users\alexe\Downloads\PartyPokerSetup (1).exe
2022-10-31 22:13 - 2022-10-31 22:13 - 000763112 _____ C:\Users\alexe\Downloads\PartyPokerSetup.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{b4ebdf07-d309-11ec-bd3d-806e6f6e6963}
{b4ebdf06-d309-11ec-bd3d-806e6f6e6963}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
isolatedcontext Yes
default {current}
resumeobject {edee7d83-b16c-11ed-b3b8-a685702082b7}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {a86cca6f-cdb8-11ec-bd39-806e6f6e6963}
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
isolatedcontext Yes

Firmware Application (101fffff)
-------------------------------
identifier {b4ebdf06-d309-11ec-bd3d-806e6f6e6963}
device partition=\Device\HarddiskVolume1
path \EFI\Boot\BootX64.efi
description UEFI RST PC SN530 NVMe WDC 512GB 220776806305
isolatedcontext Yes

Firmware Application (101fffff)
-------------------------------
identifier {b4ebdf07-d309-11ec-bd3d-806e6f6e6963}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
isolatedcontext Yes

Windows Boot Loader
-------------------
identifier {09c405cc-9ec4-11e5-9b46-5ce0c5654d7a}
device ramdisk=[\Device\HarddiskVolume6]\sources\sos.wim,{ramdiskoptions}
path \windows\system32\winload.efi
description Dell Assist
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
isolatedcontext Yes
osdevice ramdisk=[\Device\HarddiskVolume6]\sources\sos.wim,{ramdiskoptions}
systemroot \Windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 11
locale en-US
inherit {bootloadersettings}
recoverysequence {edee7d85-b16c-11ed-b3b8-a685702082b7}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {edee7d83-b16c-11ed-b3b8-a685702082b7}
nx OptOut
bootmenupolicy Standard
hypervisorlaunchtype Auto

Windows Boot Loader
-------------------
identifier {edee7d85-b16c-11ed-b3b8-a685702082b7}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{edee7d86-b16c-11ed-b3b8-a685702082b7}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
isolatedcontext Yes
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{edee7d86-b16c-11ed-b3b8-a685702082b7}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {edee7d83-b16c-11ed-b3b8-a685702082b7}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {edee7d85-b16c-11ed-b3b8-a685702082b7}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
custom:21000026 partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
isolatedcontext Yes

EMS Settings
------------
identifier {emssettings}
bootems No
isolatedcontext Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Local
isolatedcontext Yes

RAM Defects
-----------
identifier {badmemory}
isolatedcontext Yes

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
isolatedcontext Yes

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
isolatedcontext Yes

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
isolatedcontext Yes
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
isolatedcontext Yes

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
isolatedcontext Yes
ramdisksdidevice partition=\Device\HarddiskVolume6
ramdisksdipath \sources\boot.sdi

Device options
--------------
identifier {edee7d86-b16c-11ed-b3b8-a685702082b7}
description Windows Recovery
isolatedcontext Yes
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi

==================== End of FRST.txt ========================

And this is the Shortcut outcome:

Users shortcut scan result (x64) Version: 06-10-2023
Ran by alexe (24-10-2023 09:10:31)
Running from C:\Users\alexe\OneDrive\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\alexe\Links\Desktop.lnk -> C:\Users\alexe\OneDrive\Desktop ()
Shortcut: C:\Users\alexe\Links\Downloads.lnk -> C:\Users\alexe\Downloads ()
Shortcut: C:\Users\alexe\Creative Cloud Files\_Cloud documents.lnk -> C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe ()
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\alexe\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser.lnk -> C:\Users\alexe\OneDrive\Desktop\Tor Browser\Browser\firefox.exe (No File)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto V.lnk -> C:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Rockstar Games Launcher.lnk -> C:\Program Files\Rockstar Games\Launcher\LauncherPatcher.exe (Rockstar Games)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu\Uninstall MEmu.lnk -> C:\Program Files\Microvirt\MEmu\uninstall\uninstall.exe (No File)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk -> C:\Windows\System32\LiveCaptions.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk -> C:\Windows\System32\voiceaccess.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Lightroom.lnk -> C:\Program Files\Adobe\Adobe Lightroom CC\lightroom.exe (Adobe)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop 2022.lnk -> C:\Program Files\Adobe\Adobe Photoshop 2022\Photoshop.exe (Adobe)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GIMP 2.10.30.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.10.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenShot Video Editor.lnk -> C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ProtonVPN.lnk -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe ()
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Wondershare Filmora 12.lnk -> C:\Users\alexe\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora Launcher.exe (Wondershare)
Shortcut: C:\Users\alexe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\4K YouTube to MP3.lnk -> C:\Program Files\4KDownload\4kyoutubetomp3\4kyoutubetomp3.exe (No File)
Shortcut: C:\Users\alexe\AppData\Local\Wondershare\Wondershare Filmora (CPC)\12.0.9.1382\resources\wfx_effect\plugin\ChromaKey\ChromaKeyMorphology\ChromaKey - 捷徑.lnk -> E:\dev_effect_sdk\wes-fxlab-resource\wfx_effect\plugin\ChromaKey (No File)
Shortcut: C:\Users\alexe\AppData\Local\Wondershare\Wondershare Filmora\12.0.9.1382\resources\wfx_effect\plugin\ChromaKey\ChromaKeyMorphology\ChromaKey - 捷徑.lnk -> E:\dev_effect_sdk\wes-fxlab-resource\wfx_effect\plugin\ChromaKey (No File)
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk -> C:\Program Files\Adobe\Adobe Lightroom CC\lightroom.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk -> C:\Program Files\Adobe\Adobe Photoshop 2022\Photoshop.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk -> C:\Program Files\Adobe\Adobe Photoshop 2023\Photoshop.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.10.32.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.10.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenShot Video Editor.lnk -> C:\Program Files\OpenShot Video Editor\openshot-qt.exe (OpenShot Studios, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Wondershare Filmora\Uninstall Wondershare Filmora 12.lnk -> C:\Users\alexe\AppData\Local\Wondershare\Wondershare Filmora\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\Wondershare Filmora\Wondershare Filmora 12.lnk -> C:\Users\alexe\AppData\Local\Wondershare\Wondershare Filmora\Wondershare Filmora Launcher.exe (Wondershare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Create USB Recovery.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN\ProtonVPN.lnk -> C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.13\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Base.lnk -> C:\Program Files\LibreOffice\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Math.lnk -> C:\Program Files\LibreOffice\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\LiveCaptions.lnk -> C:\Windows\System32\LiveCaptions.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\VoiceAccess.lnk -> C:\Windows\System32\voiceaccess.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
ShortcutWithArgument: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk -> C:\Users\alexe\AppData\Local\Grammarly\DesktopIntegrations\Application\1.0.48.1091\Grammarly.Desktop.exe (Grammarly) -> from-desktop
ShortcutWithArgument: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxxAudio Pro by Waves – Speaker and Microphone Audio Control and Nx 3D Sound.lnk -> C:\Windows\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_95df2d92a65cad35\WavesSvc64.exe (Waves Audio Ltd.) -> /toast
ShortcutWithArgument: C:\Users\alexe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\alexe\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5\LibreOffice (Safe Mode).lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation) -> --safe-mode
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player Legacy.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAbout
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\Users\alexe\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\alexe\Favorites\Dell\Dell Auction.url -> URL: hxxp://www.dellauction.com/
InternetURL: C:\Users\alexe\Favorites\Dell\Dell.url -> URL: hxxp://www.dell.com/
InternetURL: C:\Users\alexe\Favorites\Dell\Support.Dell.Com.url -> URL: hxxp://www.dell.com/support/home
InternetURL: C:\Users\alexe\Downloads\umberland-slab\Dfonts - Free Fonts Download.url -> URL: hxxps://www.dfonts.org/
==================== End of Shortcut.txt =============================
 

ldnrentals

New Member
Thread author
Oct 22, 2023
4
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The bad extension is hidden in the a Group Policy.

We can locate the malware entries by running this Program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The bad extension is hidden in the a Group Policy.

We can locate the malware entries by running this Program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg

Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

Attachments

  • FRST.txt
    66.5 KB · Views: 1
  • Shortcut.txt
    26.3 KB · Views: 2
  • Rkill.txt
    1.8 KB · Views: 2
  • Addition.txt
    41.3 KB · Views: 2
  • readme.txt
    4 KB · Views: 4

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,474
Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    7.1 KB · Views: 8
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top