Jump to content

helpwanted

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. i need permission to perform that action i never needed permission before though
  2. also somehow i now dont have permission to put my downloads in the download folder
  3. so with the text file you sent do you mean in the same spot as in downloads or do i have to make a folder with them both in it or do i have to run the text using farbar
  4. in retrospect that was very long i realise i can just attach tShortcut.txthemFRST.txtAddition.txt
  5. heres the farbar log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021 Ran by Aayan (administrator) on DESKTOP-9GFNB0Q (LENOVO 80EC) (31-07-2021 17:27:10) Running from C:\Users\Aayan\Downloads Loaded Profiles: Aayan Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1145_none_7e2e1aee7c75684d\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-08-30] (Realtek Semiconductor Corp -> Realtek semiconductor) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> ) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3086208 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-26] (Avast Software s.r.o. -> AVAST Software) HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-26] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1A2CB0F7-F30D-4089-ABFD-36ED0F0DE282} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {342A095B-4F87-4CE1-BBD5-3FA782478DF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {4D40CE8E-9AB7-4E7E-80F5-CFEFF0290B78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-07-26] (Avast Software s.r.o. -> Avast Software) Task: {5B97E51D-A5C9-45D0-819E-968613B2B819} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-19] (Google LLC -> Google LLC) Task: {967D1B8E-35E5-4F91-BCD5-3B607EAED439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {9AB7B4CA-D418-4DF1-BC99-AC9F0D742ECA} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4903192 2021-07-26] (Avast Software s.r.o. -> AVAST Software) Task: {D1E2B948-DFDA-4303-AD2E-E76955E5058A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-19] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{fbfce83d-3aac-4989-b8f4-4d881337ba83}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge Profile: C:\Users\Aayan\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default [2021-07-31] CHR Extension: (Google Translate) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-07-30] CHR Extension: (Google Drive) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-19] CHR Extension: (Total AV Safe Site) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdbgahnlbdodjkejgilbpflbhgchdfni [2021-07-25] CHR Extension: (YouTube) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-19] CHR Extension: (AdBlock — best ad blocker) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-30] CHR Extension: (Avast Online Security) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-07-20] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-30] CHR Extension: (Chrome Web Store Payments) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-19] CHR Extension: (Gmail) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-19] CHR Extension: (Chrome Media Router) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-26] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-30] (Malwarebytes Inc -> Malwarebytes) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10147296 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-19] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-19] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-07-26] (Avast Software s.r.o. -> AVAST Software) S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-07-26] (Avast Software s.r.o. -> AVAST Software) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-31] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-30] (Malwarebytes Inc -> Malwarebytes) S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8241992 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-19] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-19] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-07-31 17:27 - 2021-07-31 17:30 - 000012326 _____ C:\Users\Aayan\Downloads\FRST.txt 2021-07-31 17:11 - 2021-07-31 17:28 - 000000000 ____D C:\FRST 2021-07-31 17:10 - 2021-07-31 17:14 - 000000000 ____D C:\AdwCleaner 2021-07-31 17:10 - 2021-07-31 17:10 - 008553680 _____ (Malwarebytes) C:\Users\Aayan\Downloads\adwcleaner_8.3.0.exe 2021-07-31 17:10 - 2021-07-31 17:10 - 002300416 _____ (Farbar) C:\Users\Aayan\Downloads\FRST64.exe 2021-07-31 16:53 - 2021-07-31 16:53 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-07-31 11:37 - 2021-07-31 11:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-07-31 11:23 - 2021-07-31 11:23 - 000000000 ___HD C:\$SysReset 2021-07-31 10:55 - 2021-07-31 10:55 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2021-07-30 13:56 - 2021-07-30 14:12 - 000000000 ____D C:\ProgramData\HitmanPro 2021-07-30 13:43 - 2021-07-30 13:43 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-07-30 13:43 - 2021-07-30 13:43 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-07-30 13:43 - 2021-07-30 13:43 - 000000000 ____D C:\Users\Aayan\AppData\Local\mbam 2021-07-30 13:42 - 2021-07-30 13:42 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-07-30 13:42 - 2021-07-30 13:42 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-07-30 13:42 - 2021-07-30 13:42 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-07-30 13:42 - 2021-07-30 13:42 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-07-30 13:41 - 2021-07-30 13:41 - 000000000 ____D C:\Program Files\Malwarebytes 2021-07-30 13:40 - 2021-07-30 13:40 - 002086424 _____ (Malwarebytes) C:\Users\Aayan\Downloads\MBSetup-076886.076886-Consumer.exe 2021-07-29 20:29 - 2021-07-29 20:29 - 000000000 ____D C:\Users\Aayan\Downloads\PROClient_64 2021-07-26 20:33 - 2020-10-29 13:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys 2021-07-26 20:30 - 2015-08-30 05:41 - 002637552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe 2021-07-26 20:30 - 2015-08-30 05:41 - 001982192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsDecode.dll 2021-07-26 20:30 - 2015-08-30 05:41 - 000497392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll 2021-07-26 11:39 - 2021-07-30 14:27 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2021-07-26 11:39 - 2021-07-26 11:46 - 000000000 ____D C:\Users\Aayan\AppData\Local\Avast Software 2021-07-26 11:39 - 2021-07-26 11:39 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2021-07-26 11:39 - 2021-07-26 11:39 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Avast Software 2021-07-26 11:36 - 2021-07-31 17:03 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-07-26 11:36 - 2021-07-28 18:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-07-26 11:35 - 2021-07-26 11:35 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-07-26 11:35 - 2021-07-26 11:35 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2021-07-26 11:35 - 2021-07-26 11:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-07-26 11:35 - 2021-07-26 11:34 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2021-07-26 11:35 - 2021-07-26 11:34 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2021-07-26 11:35 - 2021-07-26 11:34 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2021-07-26 11:35 - 2021-07-26 11:34 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-07-26 11:34 - 2021-07-26 11:34 - 000000000 ____D C:\Program Files\Avast Software 2021-07-26 11:33 - 2021-07-26 11:33 - 000224552 _____ (AVAST Software) C:\Users\Aayan\Downloads\avast_free_antivirus_setup_online.exe 2021-07-26 10:20 - 2021-07-26 10:20 - 000000000 ____D C:\Users\Aayan\AppData\Local\GUI.Win 2021-07-25 19:49 - 2021-07-25 19:49 - 000000000 ____D C:\ProgramData\Package Cache 2021-07-25 17:28 - 2021-07-25 18:28 - 000000000 ____D C:\Users\Aayan\.LdVirtualBox 2021-07-25 13:39 - 2021-07-31 11:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2021-07-25 13:38 - 2021-07-25 13:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2021-07-25 13:37 - 2021-07-25 13:37 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2021-07-25 13:35 - 2021-07-25 13:37 - 000000000 ____D C:\Program Files\Microsoft SQL Server 2021-07-25 13:35 - 2021-07-25 13:35 - 000000000 ____D C:\WINDOWS\PCHEALTH 2021-07-25 13:32 - 2021-07-25 13:38 - 000000000 ____D C:\WINDOWS\SHELLNEW 2021-07-25 13:31 - 2021-07-25 13:35 - 000000000 ____D C:\Program Files\Microsoft Office 2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Users\Aayan\AppData\Local\Microsoft Help 2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files\Microsoft Analysis Services 2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2021-07-25 13:29 - 2021-07-25 13:29 - 000000000 __RHD C:\MSOCache 2021-07-24 15:14 - 2021-07-24 15:14 - 000000000 ____D C:\Users\Aayan\AppData\Local\GUI 2021-07-23 19:57 - 2021-07-23 19:57 - 000001472 _____ C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk 2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\Users\Aayan\AppData\Local\NVIDIA Corporation 2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\Users\Aayan\AppData\Local\NVIDIA 2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-07-23 19:55 - 2021-07-23 19:56 - 141434040 _____ (NVIDIA Corporation) C:\Users\Aayan\Downloads\GeForceNOW-release.exe 2021-07-23 19:52 - 2021-07-24 15:18 - 000000000 ____D C:\Users\Aayan\AppData\Local\CrashDumps 2021-07-23 19:43 - 2021-07-23 19:43 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\MMFApplications 2021-07-23 19:06 - 2021-07-31 16:54 - 000000000 ____D C:\ProgramData\Avast Software 2021-07-23 18:44 - 2021-07-23 18:44 - 000000000 ____D C:\Users\Aayan\AppData\Local\OneDrive 2021-07-22 17:50 - 2021-07-22 17:50 - 000000000 ____D C:\Users\Aayan\AppData\Local\Steam 2021-07-22 17:44 - 2021-07-24 21:07 - 000000000 ____D C:\Program Files (x86)\Steam 2021-07-22 17:44 - 2021-07-23 17:08 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk 2021-07-22 17:44 - 2021-07-22 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2021-07-22 17:43 - 2021-07-22 17:43 - 001770744 _____ C:\Users\Aayan\Downloads\SteamSetup.exe 2021-07-22 09:44 - 2021-07-22 09:44 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2021-07-20 12:59 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\VALORANT 2021-07-20 12:59 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\UnrealEngine 2021-07-20 12:51 - 2021-07-22 17:27 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat 2021-07-20 12:36 - 2021-07-20 12:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-07-20 12:10 - 2021-07-20 12:10 - 000000000 ____D C:\Program Files\Riot Vanguard 2021-07-20 12:09 - 2021-07-20 12:09 - 000000000 ____D C:\Users\Aayan\AppData\Local\CEF 2021-07-20 12:08 - 2021-07-21 14:36 - 000000000 ____D C:\ProgramData\Riot Games 2021-07-20 12:08 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\Riot Games 2021-07-20 12:08 - 2021-07-20 12:09 - 000000000 ____D C:\Riot Games 2021-07-20 12:08 - 2021-07-20 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-07-20 12:08 - 2021-07-20 12:08 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games 2021-07-20 12:05 - 2021-07-20 12:06 - 069072384 _____ (Riot Games, Inc.) C:\Users\Aayan\Downloads\Install VALORANT.exe 2021-07-20 07:40 - 2021-07-20 07:40 - 000000000 ____D C:\Users\Aayan\AppData\Local\D3DSCache 2021-07-20 04:17 - 2021-07-30 12:59 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d77cfbbf36ccb6 2021-07-20 01:52 - 2021-07-20 01:21 - 000000000 ____D C:\Windows.old 2021-07-20 01:49 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-07-20 01:45 - 2021-07-20 01:49 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-07-20 01:45 - 2021-07-20 01:45 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-07-20 01:41 - 2021-07-20 01:41 - 000000000 ____D C:\ProgramData\ssh 2021-07-20 01:34 - 2021-07-20 01:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-07-20 01:34 - 2021-07-20 01:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-07-20 01:34 - 2021-07-20 01:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-07-20 01:34 - 2021-07-20 01:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-07-20 01:33 - 2021-07-20 01:33 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-07-20 01:33 - 2021-07-20 01:33 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-07-20 01:33 - 2021-07-20 01:33 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-07-20 01:32 - 2021-07-20 01:32 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-07-20 01:32 - 2021-07-20 01:32 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-07-20 01:32 - 2021-07-20 01:32 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-07-20 01:32 - 2021-07-20 01:32 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-07-20 01:32 - 2021-07-20 01:32 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-07-20 01:32 - 2021-07-20 01:32 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-07-20 01:32 - 2021-07-20 01:32 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-07-20 01:32 - 2021-07-20 01:32 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-07-20 01:32 - 2021-07-20 01:32 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-07-20 01:32 - 2021-07-20 01:32 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-07-20 01:32 - 2021-07-20 01:32 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-07-20 01:32 - 2021-07-20 01:32 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-07-20 01:32 - 2021-07-20 01:32 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-07-20 01:32 - 2021-07-20 01:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-07-20 01:32 - 2021-07-20 01:32 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-07-20 01:32 - 2021-07-20 01:32 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-07-20 01:31 - 2021-07-20 01:31 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-07-20 01:31 - 2021-07-20 01:31 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-07-20 01:31 - 2021-07-20 01:31 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-07-20 01:31 - 2021-07-20 01:31 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-07-20 01:31 - 2021-07-20 01:31 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-07-20 01:31 - 2021-07-20 01:31 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb 2021-07-20 01:31 - 2021-07-20 01:31 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-07-20 01:31 - 2021-07-20 01:31 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-07-20 01:31 - 2021-07-20 01:31 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-07-20 01:30 - 2021-07-20 01:30 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-07-20 01:30 - 2021-07-20 01:30 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-07-20 01:30 - 2021-07-20 01:30 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-07-20 01:30 - 2021-07-20 01:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-07-20 01:30 - 2021-07-20 01:30 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-07-20 01:30 - 2021-07-20 01:30 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-07-20 01:30 - 2021-07-20 01:30 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-07-20 01:30 - 2021-07-20 01:30 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv 2021-07-20 01:30 - 2021-07-20 01:30 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-07-20 01:29 - 2021-07-20 01:29 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-07-20 01:29 - 2021-07-20 01:29 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-07-20 01:29 - 2021-07-20 01:29 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-07-20 01:29 - 2021-07-20 01:29 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-07-20 01:29 - 2021-07-20 01:29 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-07-20 01:29 - 2021-07-20 01:29 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb 2021-07-20 01:29 - 2021-07-20 01:29 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-07-20 01:29 - 2021-07-20 01:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-07-20 01:29 - 2021-07-20 01:29 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-07-20 01:29 - 2021-07-20 01:29 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-07-20 01:28 - 2021-07-20 01:28 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-07-20 01:28 - 2021-07-20 01:28 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-07-20 01:28 - 2021-07-20 01:28 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-07-20 01:28 - 2021-07-20 01:28 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-07-20 01:28 - 2021-07-20 01:28 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-07-20 01:28 - 2021-07-20 01:28 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-07-20 01:28 - 2021-07-20 01:28 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv 2021-07-20 01:28 - 2021-07-20 01:28 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-07-20 01:27 - 2021-07-20 01:27 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-07-20 01:23 - 2021-07-20 01:23 - 000000020 ___SH C:\Users\Aayan\ntuser.ini 2021-07-20 01:19 - 2021-07-31 16:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-07-20 01:19 - 2021-07-30 12:59 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-07-20 01:19 - 2021-07-28 18:51 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-07-20 01:19 - 2021-07-28 18:51 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-07-20 01:19 - 2021-07-28 18:51 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-07-20 01:19 - 2021-07-28 18:51 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2861976339-2907847416-417796493-1002 2021-07-20 01:19 - 2021-07-20 01:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2021-07-20 01:19 - 2021-07-20 01:19 - 000007623 _____ C:\WINDOWS\diagerr.xml 2021-07-20 01:16 - 2021-07-26 21:04 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-07-20 01:05 - 2021-07-26 20:38 - 000000000 ____D C:\Users\Aayan 2021-07-20 01:05 - 2021-07-24 14:49 - 000002379 _____ C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-07-20 01:02 - 2021-07-20 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby 2021-07-20 01:02 - 2021-07-20 01:02 - 000000000 ____D C:\Program Files\Dolby Digital Plus 2021-07-20 00:54 - 2021-07-31 16:52 - 000008192 ___SH C:\DumpStack.log.tmp 2021-07-20 00:54 - 2021-07-31 11:55 - 000437632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-07-20 00:54 - 2021-07-28 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-07-19 21:54 - 2021-07-20 01:23 - 000000000 ___DC C:\WINDOWS\Panther 2021-07-19 20:29 - 2021-07-20 03:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-07-19 20:16 - 2021-07-19 20:28 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-07-19 17:59 - 2021-07-19 17:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\Comms 2021-07-19 17:57 - 2021-07-20 03:45 - 000000000 ____D C:\ProgramData\Packages 2021-07-19 17:51 - 2021-07-19 17:51 - 000000000 ___HD C:\$WinREAgent 2021-07-19 17:46 - 2021-07-26 20:30 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2021-07-19 17:46 - 2021-07-26 11:52 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-07-19 17:46 - 2021-07-26 11:52 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-07-19 17:45 - 2021-07-24 14:49 - 000000000 ___RD C:\Users\Aayan\OneDrive 2021-07-19 17:45 - 2021-07-23 14:50 - 000000000 ____D C:\Users\Aayan\AppData\Local\PlaceholderTileLogoFolder 2021-07-19 17:45 - 2021-07-20 01:04 - 000000000 ____D C:\Program Files\Elantech 2021-07-19 17:45 - 2021-07-19 17:45 - 000000000 ____D C:\Program Files\Google 2021-07-19 17:44 - 2021-07-31 16:56 - 000000000 ____D C:\Program Files (x86)\Google 2021-07-19 17:44 - 2021-07-20 07:29 - 000000000 ____D C:\Users\Aayan\AppData\Local\Google 2021-07-19 17:42 - 2021-07-19 17:42 - 001323176 _____ (Google LLC) C:\Users\Aayan\Downloads\ChromeSetup.exe 2021-07-19 17:39 - 2021-07-20 12:09 - 000000000 ____D C:\Users\Aayan\AppData\Local\AMD 2021-07-19 17:39 - 2021-07-20 01:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-07-19 17:39 - 2021-07-20 01:24 - 000000000 ___RD C:\Users\Aayan\3D Objects 2021-07-19 17:39 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\LocalLow\AMD 2021-07-19 17:39 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\Local\Publishers 2021-07-19 17:38 - 2021-07-23 14:52 - 000000000 ____D C:\Users\Aayan\AppData\Local\Packages 2021-07-19 17:38 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\Local\ConnectedDevicesPlatform 2021-07-19 17:38 - 2021-07-19 17:38 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Adobe 2021-07-19 17:38 - 2021-07-19 17:38 - 000000000 ____D C:\Users\Aayan\AppData\Local\VirtualStore 2021-07-19 17:35 - 2021-07-31 11:48 - 000000167 _____ C:\WINDOWS\win.ini 2021-07-19 17:35 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-07-19 17:35 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-07-19 17:35 - 2021-07-19 17:36 - 000000000 ____D C:\WINDOWS\TextInput 2021-07-19 17:35 - 2021-07-19 17:35 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers 2021-07-19 17:35 - 2021-07-19 17:35 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2021-07-19 17:35 - 2021-07-19 17:31 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services 2021-07-19 17:35 - 2021-07-19 17:31 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol 2021-07-19 17:35 - 2021-07-19 17:31 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks 2021-07-19 17:35 - 2021-07-19 17:31 - 000000219 _____ C:\WINDOWS\system.ini 2021-07-19 17:24 - 2021-07-19 17:24 - 000000000 _SHDL C:\Documents and Settings 2021-07-19 17:23 - 2021-07-31 11:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-07-19 17:23 - 2021-07-26 20:33 - 000000000 ____D C:\Program Files\AMD 2021-07-19 17:16 - 2021-07-19 17:16 - 000000000 ____D C:\WINDOWS\Cnxt 2021-07-19 17:15 - 2021-07-20 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant 2021-07-19 17:14 - 2014-12-09 20:11 - 000423128 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe 2021-07-19 17:14 - 2014-10-20 14:54 - 000207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe 2021-07-19 17:13 - 2021-07-19 17:13 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2021-07-19 17:13 - 2013-12-24 15:35 - 000001724 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat 2021-07-19 17:12 - 2021-07-20 01:52 - 000000000 ____D C:\Program Files\CONEXANT 2021-07-19 17:12 - 2021-07-20 01:01 - 001701376 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe 2021-07-19 17:12 - 2021-07-19 17:13 - 000000000 ____D C:\ProgramData\Conexant 2021-07-19 17:12 - 2021-07-19 17:12 - 000000000 ____D C:\Program Files\Common Files\Atheros 2021-07-19 17:10 - 2021-07-31 10:49 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-07-19 17:10 - 2021-07-31 10:49 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-07-19 17:09 - 2021-07-20 01:49 - 000000000 ____D C:\WINDOWS\system32\AMD 2021-07-19 17:08 - 2021-07-19 21:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-07-31 17:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-07-31 17:22 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF 2021-07-31 17:11 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-07-31 11:56 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-07-31 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-07-31 11:42 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-07-31 11:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-07-30 13:42 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-07-25 13:33 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-20 11:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-07-20 03:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-07-20 01:52 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup 2021-07-20 01:52 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-07-20 01:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-07-20 01:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-07-20 01:41 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-07-20 01:41 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-07-20 01:41 - 2019-12-07 15:46 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-07-20 01:41 - 2019-12-07 15:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-07-20 01:41 - 2019-12-07 15:44 - 000000000 ____D C:\WINDOWS\en-GB 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2021-07-20 01:41 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing 2021-07-20 01:39 - 2019-12-07 15:48 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-07-20 01:39 - 2019-12-07 15:48 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2021-07-20 01:24 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-07-20 01:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-07-20 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-07-20 01:20 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-07-20 01:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-07-20 01:12 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries 2021-07-20 00:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== the additional text: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021 Ran by Aayan (31-07-2021 17:44:15) Running from C:\Users\Aayan\Downloads Windows 10 Home Version 20H2 19042.1110 (X64) (2021-07-20 00:21:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Aayan (S-1-5-21-2861976339-2907847416-417796493-1002 - Administrator - Enabled) => C:\Users\Aayan Administrator (S-1-5-21-2861976339-2907847416-417796493-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2861976339-2907847416-417796493-503 - Limited - Disabled) Guest (S-1-5-21-2861976339-2907847416-417796493-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2861976339-2907847416-417796493-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc) ELAN Pointing Driver (HKLM\...\Elantech) (Version: 11.4.85.3 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC) Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.) Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) NVIDIA GeForce NOW 2.0.32.95 (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.32.95 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft) VALORANT (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\Riot Game valorant.live) (Version: - Riot Games, Inc) Packages: ========= Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.488.34102.0_x86__55nm5eh3cm0pr [2021-07-31] (ROBLOX Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-24] (Spotify AB) [Startup Task] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-30] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-30] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2021-07-19 17:35 - 2021-07-26 10:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2861976339-2907847416-417796493-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{6D2E8648-097E-4947-BC10-7FA8FFE2796F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{64860A93-8C3B-48FA-A207-795E33E9EAFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D32BD830-5ED5-45D7-83CC-11D98D0D30B3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B3C06224-5D08-4A7F-BAA8-6E994B222A64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{E1322C35-DB72-4037-BF38-9D6AF830814B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{0D2554E6-4E87-4583-A1AE-82408061B031}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{4ACF78C5-681A-4C41-9B65-E1F83843E8AA}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{4F926297-50B4-444D-9A1E-0EF446B2E488}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E860D63A-E9A4-483E-8103-468A3E33526A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{9946E928-0DEF-4BE5-A800-57EF508E35F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{FAFC7B04-8D31-47F9-873D-BA0A32DD62AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{84F51755-304A-496E-A777-DA58C8FA56C9}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [UDP Query User{462464AC-2E30-4E89-B7CB-729391BF6195}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{F5C3BF1F-7146-4082-9069-1FAF6C95D458}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8C853082-A5BF-463C-8D08-4DEE229B1190}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E6565345-781C-49EC-AD49-840DDAD2BE8D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{FB90372E-3B51-4181-8EE2-781DA30BEC00}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7F1F6496-A843-45CB-AC6E-43D91AF63BFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{80254B86-592E-4095-97C0-16FE64DBD570}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2021CAE0-DC89-4CC7-8570-49C7E34BF707}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E74A2EAA-3F53-4D78-8977-1304C17FB047}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5DEB6B76-6744-41A8-92D7-36C7B0B71D09}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CE92AD17-908E-40B0-ACC6-1294A37C149B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{24F6410E-F7A9-45C4-A942-7FB64EBE1E66}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EE056705-2D97-4F3F-9AE4-5C947FD7A125}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{696E082F-AFB9-4691-965E-0BF844D1B17E}C:\program files\dnplayerext2\ldboxheadless.exe] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe => No File FirewallRules: [UDP Query User{6A7DC5D6-FBF4-4011-9125-63CCF6006449}C:\program files\dnplayerext2\ldboxheadless.exe] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe => No File ==================== Restore Points ========================= 21-07-2021 12:01:13 Windows Modules Installer 25-07-2021 13:27:57 Installed Microsoft Office Professional Plus 2013 25-07-2021 13:29:51 PROPLUS 31-07-2021 17:01:12 Windows Modules Installer 31-07-2021 17:32:20 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (07/31/2021 05:14:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287 Faulting module name: wuuhosdeployment.dll_unloaded, version: 10.0.19041.867, time stamp: 0x14e58421 Exception code: 0xc0000005 Fault offset: 0x000000000001a3f3 Faulting process ID: 0x109c Faulting application start time: 0x01d7862527ba3973 Faulting application path: C:\WINDOWS\system32\wuauclt.exe Faulting module path: wuuhosdeployment.dll Report ID: 7f054b72-9837-4b4b-bbe1-7831e7e75b8b Faulting package full name: Faulting package-relative application ID: Error: (07/30/2021 02:08:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (07/30/2021 02:07:45 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7cd72174-9926-43fb-bdc3-391a3784da20} Error: (07/26/2021 08:36:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.19041.1110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1830 Start Time: 01d782554cb73859 Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 931ccb0a-fcce-4961-9009-2cb90eacabc5 Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (07/25/2021 02:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SystemSettings.exe version 10.0.19041.1081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1568 Start Time: 01d78156d8a48b9b Termination Time: 4294967295 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Report Id: 9502599f-e83a-4585-8db5-30ecf1119565 Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Hang type: Quiesce Error: (07/23/2021 07:51:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Pizzeria Simulator.exe, version: 1.22.0.0, time stamp: 0x594cab29 Faulting module name: Pizzeria Simulator.exe, version: 1.22.0.0, time stamp: 0x594cab29 Exception code: 0xc0000005 Fault offset: 0x00001d95 Faulting process ID: 0x1d0c Faulting application start time: 0x01d77ff3cfbc6e81 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe Report ID: 390ec77f-c04a-4f90-b7ee-ed9883f2e50f Faulting package full name: Faulting package-relative application ID: Error: (07/20/2021 02:21:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1110, time stamp: 0xe86d289e Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2 Exception code: 0xc000027b Fault offset: 0x000000000010bd3e Faulting process ID: 0xda0 Faulting application start time: 0x01d77d69c3eed16a Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report ID: 8b907b47-12cc-41a0-a6ca-3d1a1d3b797b Faulting package full name: Faulting package-relative application ID: Error: (07/20/2021 12:36:41 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Cortana.exe version 3.2106.14307.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2160 Start Time: 01d77d5b668d68ae Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe Report Id: 975eadaa-7d00-419a-b452-c8412cf83dce Faulting package full name: Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Hang type: Quiesce System errors: ============= Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Conexant SmartAudio service service terminated unexpectedly. It has done this 1 time(s). Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Elan Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s). Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). Error: (07/31/2021 04:58:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service did not respond on starting. Error: (07/31/2021 11:56:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control. Windows Defender: ================ Date: 2021-07-26 11:14:04 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/FusionCore&threatid=229442&enterprise=0 Name: PUA:Win32/FusionCore Severity: Low Category: Potentially Unwanted Software Path: file:_C:\Users\Aayan\Downloads\ldplayer_en_2102_ld.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\explorer.exe Security intelligence Version: AV: 1.343.1691.0, AS: 1.343.1691.0, NIS: 1.343.1691.0 Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4  CodeIntegrity: =============== Date: 2021-07-31 17:04:42 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2021-07-31 16:55:28 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: LENOVO A4CN40WW (V 2.09) 08/24/2015 Motherboard: LENOVO Lancer 5B3 Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G Percentage of memory in use: 43% Total physical RAM: 15290.54 MB Available physical RAM: 8645.88 MB Total Virtual: 17594.54 MB Available Virtual: 11241.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.31 GB) (Free:835.23 GB) NTFS \\?\Volume{1885f580-f01a-467f-8031-c0664a5eb7e9}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS \\?\Volume{cca4d73f-dfc5-4b5e-bd80-578ab7a36fd0}\ () (Fixed) (Total:0.57 GB) (Free:0.08 GB) NTFS \\?\Volume{9fb6c8c1-1907-4558-8e5e-db3d9b48001b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= the shortcut text: Users shortcut scan result (x64) Version: 31-07-2021 Ran by Aayan (31-07-2021 17:47:22) Running from C:\Users\Aayan\Downloads Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Aayan\Links\Desktop.lnk -> C:\Users\Aayan\Desktop () Shortcut: C:\Users\Aayan\Links\Downloads.lnk -> C:\Users\Aayan\Downloads () Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk -> C:\Users\Aayan\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe (NVIDIA Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Aayan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam (2).lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Aayan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games\VALORANT.lnk -> C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc.) -> --launch-product=valorant --launch-patchline=live ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe () -> /design ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\Users\Aayan\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/ ==================== End of Shortcut.txt =============================
  6. okay so malwarebytes found nothing but adwcleaner found several PUPs heres the log: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-06-29.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 07-31-2021 # Duration: 00:00:06 # OS: Windows 10 Home # Cleaned: 12 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\SecuritySuite Deleted C:\ProgramData\TotalAV Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ScanGuard Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\SSProtect Deleted HKLM\SOFTWARE\Classes\scanguard Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.scanguard.passwordvaultassistant Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.scanguard.passwordvaultassistant Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.scanguard.passwordvaultassistant Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2467 octets] - [31/07/2021 17:14:01] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  7. im new to this as this is my first personal laptop i think i may have malware or cryptominers on my computer i dont know what to do please help me
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.