Jump to content

I think i have malware on my laptop but dont know how to check


Recommended Posts

Hello @helpwanted and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

 

Step 1

  • If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet, please download it from here and install it.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

 

 

 

Step 3

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Link to post
Share on other sites

okay so malwarebytes found nothing but adwcleaner found several PUPs heres the log:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-06-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-31-2021
# Duration: 00:00:06
# OS:       Windows 10 Home
# Cleaned:  12
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\ProgramData\TotalAV
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ScanGuard
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Classes\scanguard
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.scanguard.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.scanguard.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.scanguard.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2467 octets] - [31/07/2021 17:14:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

heres the farbar log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
Ran by Aayan (administrator) on DESKTOP-9GFNB0Q (LENOVO 80EC) (31-07-2021 17:27:10)
Running from C:\Users\Aayan\Downloads
Loaded Profiles: Aayan
Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1145_none_7e2e1aee7c75684d\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5062384 2015-08-30] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3086208 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [123672 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-26] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1A2CB0F7-F30D-4089-ABFD-36ED0F0DE282} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {342A095B-4F87-4CE1-BBD5-3FA782478DF0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D40CE8E-9AB7-4E7E-80F5-CFEFF0290B78} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-07-26] (Avast Software s.r.o. -> Avast Software)
Task: {5B97E51D-A5C9-45D0-819E-968613B2B819} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-19] (Google LLC -> Google LLC)
Task: {967D1B8E-35E5-4F91-BCD5-3B607EAED439} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AB7B4CA-D418-4DF1-BC99-AC9F0D742ECA} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4903192 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
Task: {D1E2B948-DFDA-4303-AD2E-E76955E5058A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154520 2021-07-19] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fbfce83d-3aac-4989-b8f4-4d881337ba83}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge Profile: C:\Users\Aayan\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default [2021-07-31]
CHR Extension: (Google Translate) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-07-30]
CHR Extension: (Google Drive) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-19]
CHR Extension: (Total AV Safe Site) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdbgahnlbdodjkejgilbpflbhgchdfni [2021-07-25]
CHR Extension: (YouTube) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-07-19]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-30]
CHR Extension: (Avast Online Security) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2021-07-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-19]
CHR Extension: (Gmail) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Aayan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-26]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8249936 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [625432 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [373528 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-30] (Malwarebytes Inc -> Malwarebytes)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10147296 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-19] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-07-26] (Avast Software s.r.o. -> AVAST Software)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-31] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-07-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-30] (Malwarebytes Inc -> Malwarebytes)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8241992 2021-06-22] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-31 17:27 - 2021-07-31 17:30 - 000012326 _____ C:\Users\Aayan\Downloads\FRST.txt
2021-07-31 17:11 - 2021-07-31 17:28 - 000000000 ____D C:\FRST
2021-07-31 17:10 - 2021-07-31 17:14 - 000000000 ____D C:\AdwCleaner
2021-07-31 17:10 - 2021-07-31 17:10 - 008553680 _____ (Malwarebytes) C:\Users\Aayan\Downloads\adwcleaner_8.3.0.exe
2021-07-31 17:10 - 2021-07-31 17:10 - 002300416 _____ (Farbar) C:\Users\Aayan\Downloads\FRST64.exe
2021-07-31 16:53 - 2021-07-31 16:53 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-31 11:37 - 2021-07-31 11:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-07-31 11:23 - 2021-07-31 11:23 - 000000000 ___HD C:\$SysReset
2021-07-31 10:55 - 2021-07-31 10:55 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2021-07-30 13:56 - 2021-07-30 14:12 - 000000000 ____D C:\ProgramData\HitmanPro
2021-07-30 13:43 - 2021-07-30 13:43 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-30 13:43 - 2021-07-30 13:43 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-30 13:43 - 2021-07-30 13:43 - 000000000 ____D C:\Users\Aayan\AppData\Local\mbam
2021-07-30 13:42 - 2021-07-30 13:42 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-30 13:42 - 2021-07-30 13:42 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-07-30 13:42 - 2021-07-30 13:42 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-07-30 13:42 - 2021-07-30 13:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-30 13:41 - 2021-07-30 13:41 - 000000000 ____D C:\Program Files\Malwarebytes
2021-07-30 13:40 - 2021-07-30 13:40 - 002086424 _____ (Malwarebytes) C:\Users\Aayan\Downloads\MBSetup-076886.076886-Consumer.exe
2021-07-29 20:29 - 2021-07-29 20:29 - 000000000 ____D C:\Users\Aayan\Downloads\PROClient_64
2021-07-26 20:33 - 2020-10-29 13:31 - 000107560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
2021-07-26 20:30 - 2015-08-30 05:41 - 002637552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2021-07-26 20:30 - 2015-08-30 05:41 - 001982192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsDecode.dll
2021-07-26 20:30 - 2015-08-30 05:41 - 000497392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2021-07-26 11:39 - 2021-07-30 14:27 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-07-26 11:39 - 2021-07-26 11:46 - 000000000 ____D C:\Users\Aayan\AppData\Local\Avast Software
2021-07-26 11:39 - 2021-07-26 11:39 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-07-26 11:39 - 2021-07-26 11:39 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Avast Software
2021-07-26 11:36 - 2021-07-31 17:03 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-26 11:36 - 2021-07-28 18:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-07-26 11:35 - 2021-07-26 11:35 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-07-26 11:35 - 2021-07-26 11:35 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-07-26 11:35 - 2021-07-26 11:35 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-07-26 11:35 - 2021-07-26 11:34 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-07-26 11:35 - 2021-07-26 11:34 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-07-26 11:35 - 2021-07-26 11:34 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-07-26 11:35 - 2021-07-26 11:34 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-07-26 11:34 - 2021-07-26 11:34 - 000000000 ____D C:\Program Files\Avast Software
2021-07-26 11:33 - 2021-07-26 11:33 - 000224552 _____ (AVAST Software) C:\Users\Aayan\Downloads\avast_free_antivirus_setup_online.exe
2021-07-26 10:20 - 2021-07-26 10:20 - 000000000 ____D C:\Users\Aayan\AppData\Local\GUI.Win
2021-07-25 19:49 - 2021-07-25 19:49 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-25 17:28 - 2021-07-25 18:28 - 000000000 ____D C:\Users\Aayan\.LdVirtualBox
2021-07-25 13:39 - 2021-07-31 11:51 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-07-25 13:38 - 2021-07-25 13:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-07-25 13:37 - 2021-07-25 13:37 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-07-25 13:35 - 2021-07-25 13:37 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-07-25 13:35 - 2021-07-25 13:35 - 000000000 ____D C:\WINDOWS\PCHEALTH
2021-07-25 13:32 - 2021-07-25 13:38 - 000000000 ____D C:\WINDOWS\SHELLNEW
2021-07-25 13:31 - 2021-07-25 13:35 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Users\Aayan\AppData\Local\Microsoft Help
2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-07-25 13:31 - 2021-07-25 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2021-07-25 13:29 - 2021-07-25 13:29 - 000000000 __RHD C:\MSOCache
2021-07-24 15:14 - 2021-07-24 15:14 - 000000000 ____D C:\Users\Aayan\AppData\Local\GUI
2021-07-23 19:57 - 2021-07-23 19:57 - 000001472 _____ C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk
2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\Users\Aayan\AppData\Local\NVIDIA Corporation
2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\Users\Aayan\AppData\Local\NVIDIA
2021-07-23 19:57 - 2021-07-23 19:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-23 19:55 - 2021-07-23 19:56 - 141434040 _____ (NVIDIA Corporation) C:\Users\Aayan\Downloads\GeForceNOW-release.exe
2021-07-23 19:52 - 2021-07-24 15:18 - 000000000 ____D C:\Users\Aayan\AppData\Local\CrashDumps
2021-07-23 19:43 - 2021-07-23 19:43 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\MMFApplications
2021-07-23 19:06 - 2021-07-31 16:54 - 000000000 ____D C:\ProgramData\Avast Software
2021-07-23 18:44 - 2021-07-23 18:44 - 000000000 ____D C:\Users\Aayan\AppData\Local\OneDrive
2021-07-22 17:50 - 2021-07-22 17:50 - 000000000 ____D C:\Users\Aayan\AppData\Local\Steam
2021-07-22 17:44 - 2021-07-24 21:07 - 000000000 ____D C:\Program Files (x86)\Steam
2021-07-22 17:44 - 2021-07-23 17:08 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2021-07-22 17:44 - 2021-07-22 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-07-22 17:43 - 2021-07-22 17:43 - 001770744 _____ C:\Users\Aayan\Downloads\SteamSetup.exe
2021-07-22 09:44 - 2021-07-22 09:44 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-07-20 12:59 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\VALORANT
2021-07-20 12:59 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\UnrealEngine
2021-07-20 12:51 - 2021-07-22 17:27 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-07-20 12:36 - 2021-07-20 12:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-07-20 12:10 - 2021-07-20 12:10 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-07-20 12:09 - 2021-07-20 12:09 - 000000000 ____D C:\Users\Aayan\AppData\Local\CEF
2021-07-20 12:08 - 2021-07-21 14:36 - 000000000 ____D C:\ProgramData\Riot Games
2021-07-20 12:08 - 2021-07-20 12:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\Riot Games
2021-07-20 12:08 - 2021-07-20 12:09 - 000000000 ____D C:\Riot Games
2021-07-20 12:08 - 2021-07-20 12:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-07-20 12:08 - 2021-07-20 12:08 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-07-20 12:05 - 2021-07-20 12:06 - 069072384 _____ (Riot Games, Inc.) C:\Users\Aayan\Downloads\Install VALORANT.exe
2021-07-20 07:40 - 2021-07-20 07:40 - 000000000 ____D C:\Users\Aayan\AppData\Local\D3DSCache
2021-07-20 04:17 - 2021-07-30 12:59 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d77cfbbf36ccb6
2021-07-20 01:52 - 2021-07-20 01:21 - 000000000 ____D C:\Windows.old
2021-07-20 01:49 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-07-20 01:45 - 2021-07-20 01:49 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-07-20 01:45 - 2021-07-20 01:45 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-07-20 01:41 - 2021-07-20 01:41 - 000000000 ____D C:\ProgramData\ssh
2021-07-20 01:34 - 2021-07-20 01:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-20 01:34 - 2021-07-20 01:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-20 01:34 - 2021-07-20 01:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-20 01:34 - 2021-07-20 01:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-20 01:33 - 2021-07-20 01:33 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-07-20 01:33 - 2021-07-20 01:33 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-07-20 01:33 - 2021-07-20 01:33 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-07-20 01:32 - 2021-07-20 01:32 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-07-20 01:32 - 2021-07-20 01:32 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-07-20 01:32 - 2021-07-20 01:32 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-20 01:32 - 2021-07-20 01:32 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-07-20 01:32 - 2021-07-20 01:32 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-07-20 01:32 - 2021-07-20 01:32 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-07-20 01:32 - 2021-07-20 01:32 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-20 01:32 - 2021-07-20 01:32 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-07-20 01:32 - 2021-07-20 01:32 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-20 01:32 - 2021-07-20 01:32 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-07-20 01:32 - 2021-07-20 01:32 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-07-20 01:32 - 2021-07-20 01:32 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-20 01:32 - 2021-07-20 01:32 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-07-20 01:32 - 2021-07-20 01:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-20 01:32 - 2021-07-20 01:32 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-07-20 01:32 - 2021-07-20 01:32 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-20 01:31 - 2021-07-20 01:31 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-07-20 01:31 - 2021-07-20 01:31 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-07-20 01:31 - 2021-07-20 01:31 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-07-20 01:31 - 2021-07-20 01:31 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-07-20 01:31 - 2021-07-20 01:31 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-07-20 01:31 - 2021-07-20 01:31 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-07-20 01:31 - 2021-07-20 01:31 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-07-20 01:31 - 2021-07-20 01:31 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-07-20 01:31 - 2021-07-20 01:31 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-20 01:30 - 2021-07-20 01:30 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-07-20 01:30 - 2021-07-20 01:30 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-07-20 01:30 - 2021-07-20 01:30 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-07-20 01:30 - 2021-07-20 01:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-07-20 01:30 - 2021-07-20 01:30 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-07-20 01:30 - 2021-07-20 01:30 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-07-20 01:30 - 2021-07-20 01:30 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-07-20 01:30 - 2021-07-20 01:30 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-07-20 01:30 - 2021-07-20 01:30 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-07-20 01:29 - 2021-07-20 01:29 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-20 01:29 - 2021-07-20 01:29 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-20 01:29 - 2021-07-20 01:29 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-07-20 01:29 - 2021-07-20 01:29 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-07-20 01:29 - 2021-07-20 01:29 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-07-20 01:29 - 2021-07-20 01:29 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-07-20 01:29 - 2021-07-20 01:29 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-20 01:29 - 2021-07-20 01:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-20 01:29 - 2021-07-20 01:29 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-07-20 01:29 - 2021-07-20 01:29 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-07-20 01:28 - 2021-07-20 01:28 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-07-20 01:28 - 2021-07-20 01:28 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-07-20 01:28 - 2021-07-20 01:28 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-07-20 01:28 - 2021-07-20 01:28 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-07-20 01:28 - 2021-07-20 01:28 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-07-20 01:28 - 2021-07-20 01:28 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-07-20 01:28 - 2021-07-20 01:28 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-07-20 01:28 - 2021-07-20 01:28 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-07-20 01:27 - 2021-07-20 01:27 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-07-20 01:23 - 2021-07-20 01:23 - 000000020 ___SH C:\Users\Aayan\ntuser.ini
2021-07-20 01:19 - 2021-07-31 16:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-20 01:19 - 2021-07-30 12:59 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-20 01:19 - 2021-07-28 18:51 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-20 01:19 - 2021-07-28 18:51 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-20 01:19 - 2021-07-28 18:51 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-20 01:19 - 2021-07-28 18:51 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2861976339-2907847416-417796493-1002
2021-07-20 01:19 - 2021-07-20 01:19 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-07-20 01:19 - 2021-07-20 01:19 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-07-20 01:16 - 2021-07-26 21:04 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-20 01:05 - 2021-07-26 20:38 - 000000000 ____D C:\Users\Aayan
2021-07-20 01:05 - 2021-07-24 14:49 - 000002379 _____ C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-20 01:02 - 2021-07-20 01:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2021-07-20 01:02 - 2021-07-20 01:02 - 000000000 ____D C:\Program Files\Dolby Digital Plus
2021-07-20 00:54 - 2021-07-31 16:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-20 00:54 - 2021-07-31 11:55 - 000437632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-20 00:54 - 2021-07-28 15:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-19 21:54 - 2021-07-20 01:23 - 000000000 ___DC C:\WINDOWS\Panther
2021-07-19 20:29 - 2021-07-20 03:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-07-19 20:16 - 2021-07-19 20:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-19 17:59 - 2021-07-19 17:59 - 000000000 ____D C:\Users\Aayan\AppData\Local\Comms
2021-07-19 17:57 - 2021-07-20 03:45 - 000000000 ____D C:\ProgramData\Packages
2021-07-19 17:51 - 2021-07-19 17:51 - 000000000 ___HD C:\$WinREAgent
2021-07-19 17:46 - 2021-07-26 20:30 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-07-19 17:46 - 2021-07-26 11:52 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-19 17:46 - 2021-07-26 11:52 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-19 17:45 - 2021-07-24 14:49 - 000000000 ___RD C:\Users\Aayan\OneDrive
2021-07-19 17:45 - 2021-07-23 14:50 - 000000000 ____D C:\Users\Aayan\AppData\Local\PlaceholderTileLogoFolder
2021-07-19 17:45 - 2021-07-20 01:04 - 000000000 ____D C:\Program Files\Elantech
2021-07-19 17:45 - 2021-07-19 17:45 - 000000000 ____D C:\Program Files\Google
2021-07-19 17:44 - 2021-07-31 16:56 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-19 17:44 - 2021-07-20 07:29 - 000000000 ____D C:\Users\Aayan\AppData\Local\Google
2021-07-19 17:42 - 2021-07-19 17:42 - 001323176 _____ (Google LLC) C:\Users\Aayan\Downloads\ChromeSetup.exe
2021-07-19 17:39 - 2021-07-20 12:09 - 000000000 ____D C:\Users\Aayan\AppData\Local\AMD
2021-07-19 17:39 - 2021-07-20 01:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-07-19 17:39 - 2021-07-20 01:24 - 000000000 ___RD C:\Users\Aayan\3D Objects
2021-07-19 17:39 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\LocalLow\AMD
2021-07-19 17:39 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\Local\Publishers
2021-07-19 17:38 - 2021-07-23 14:52 - 000000000 ____D C:\Users\Aayan\AppData\Local\Packages
2021-07-19 17:38 - 2021-07-19 17:39 - 000000000 ____D C:\Users\Aayan\AppData\Local\ConnectedDevicesPlatform
2021-07-19 17:38 - 2021-07-19 17:38 - 000000000 ____D C:\Users\Aayan\AppData\Roaming\Adobe
2021-07-19 17:38 - 2021-07-19 17:38 - 000000000 ____D C:\Users\Aayan\AppData\Local\VirtualStore
2021-07-19 17:35 - 2021-07-31 11:48 - 000000167 _____ C:\WINDOWS\win.ini
2021-07-19 17:35 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-07-19 17:35 - 2021-07-20 01:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-07-19 17:35 - 2021-07-19 17:36 - 000000000 ____D C:\WINDOWS\TextInput
2021-07-19 17:35 - 2021-07-19 17:35 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2021-07-19 17:35 - 2021-07-19 17:35 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-07-19 17:35 - 2021-07-19 17:31 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2021-07-19 17:35 - 2021-07-19 17:31 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2021-07-19 17:35 - 2021-07-19 17:31 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2021-07-19 17:35 - 2021-07-19 17:31 - 000000219 _____ C:\WINDOWS\system.ini
2021-07-19 17:24 - 2021-07-19 17:24 - 000000000 _SHDL C:\Documents and Settings
2021-07-19 17:23 - 2021-07-31 11:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-07-19 17:23 - 2021-07-26 20:33 - 000000000 ____D C:\Program Files\AMD
2021-07-19 17:16 - 2021-07-19 17:16 - 000000000 ____D C:\WINDOWS\Cnxt
2021-07-19 17:15 - 2021-07-20 01:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2021-07-19 17:14 - 2014-12-09 20:11 - 000423128 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2021-07-19 17:14 - 2014-10-20 14:54 - 000207576 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2021-07-19 17:13 - 2021-07-19 17:13 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2021-07-19 17:13 - 2013-12-24 15:35 - 000001724 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2021-07-19 17:12 - 2021-07-20 01:52 - 000000000 ____D C:\Program Files\CONEXANT
2021-07-19 17:12 - 2021-07-20 01:01 - 001701376 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2021-07-19 17:12 - 2021-07-19 17:13 - 000000000 ____D C:\ProgramData\Conexant
2021-07-19 17:12 - 2021-07-19 17:12 - 000000000 ____D C:\Program Files\Common Files\Atheros
2021-07-19 17:10 - 2021-07-31 10:49 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-19 17:10 - 2021-07-31 10:49 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-19 17:09 - 2021-07-20 01:49 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-07-19 17:08 - 2021-07-19 21:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-31 17:24 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-31 17:22 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-31 17:11 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-31 11:56 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-31 11:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-31 11:42 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-31 11:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-30 13:42 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-07-25 13:33 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-20 11:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-20 03:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-07-20 01:52 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2021-07-20 01:52 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-07-20 01:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-07-20 01:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-07-20 01:42 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-07-20 01:41 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-07-20 01:41 - 2019-12-07 15:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-07-20 01:41 - 2019-12-07 15:46 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-07-20 01:41 - 2019-12-07 15:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-07-20 01:41 - 2019-12-07 15:44 - 000000000 ____D C:\WINDOWS\en-GB
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-20 01:41 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-07-20 01:41 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-07-20 01:39 - 2019-12-07 15:48 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-07-20 01:39 - 2019-12-07 15:48 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-07-20 01:24 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-20 01:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-07-20 01:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-20 01:20 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-07-20 01:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-07-20 01:12 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-07-20 00:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

the additional text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
Ran by Aayan (31-07-2021 17:44:15)
Running from C:\Users\Aayan\Downloads
Windows 10 Home Version 20H2 19042.1110 (X64) (2021-07-20 00:21:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Aayan (S-1-5-21-2861976339-2907847416-417796493-1002 - Administrator - Enabled) => C:\Users\Aayan
Administrator (S-1-5-21-2861976339-2907847416-417796493-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2861976339-2907847416-417796493-503 - Limited - Disabled)
Guest (S-1-5-21-2861976339-2907847416-417796493-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2861976339-2907847416-417796493-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.27.55 - Conexant)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
ELAN Pointing Driver (HKLM\...\Elantech) (Version: 11.4.85.3 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Malwarebytes version 4.4.4.126 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce NOW 2.0.32.95 (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.32.95 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
VALORANT (HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)

Packages:
=========
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.488.34102.0_x86__55nm5eh3cm0pr [2021-07-31] (ROBLOX Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0 [2021-07-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-07-26] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-30] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-07-19 17:35 - 2021-07-26 10:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2861976339-2907847416-417796493-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2861976339-2907847416-417796493-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6D2E8648-097E-4947-BC10-7FA8FFE2796F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{64860A93-8C3B-48FA-A207-795E33E9EAFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D32BD830-5ED5-45D7-83CC-11D98D0D30B3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3C06224-5D08-4A7F-BAA8-6E994B222A64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1322C35-DB72-4037-BF38-9D6AF830814B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0D2554E6-4E87-4583-A1AE-82408061B031}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{4ACF78C5-681A-4C41-9B65-E1F83843E8AA}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4F926297-50B4-444D-9A1E-0EF446B2E488}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E860D63A-E9A4-483E-8103-468A3E33526A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9946E928-0DEF-4BE5-A800-57EF508E35F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FAFC7B04-8D31-47F9-873D-BA0A32DD62AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{84F51755-304A-496E-A777-DA58C8FA56C9}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [UDP Query User{462464AC-2E30-4E89-B7CB-729391BF6195}C:\program files\avast software\avast\avastui.exe] => (Allow) C:\program files\avast software\avast\avastui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F5C3BF1F-7146-4082-9069-1FAF6C95D458}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8C853082-A5BF-463C-8D08-4DEE229B1190}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6565345-781C-49EC-AD49-840DDAD2BE8D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FB90372E-3B51-4181-8EE2-781DA30BEC00}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F1F6496-A843-45CB-AC6E-43D91AF63BFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{80254B86-592E-4095-97C0-16FE64DBD570}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2021CAE0-DC89-4CC7-8570-49C7E34BF707}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E74A2EAA-3F53-4D78-8977-1304C17FB047}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DEB6B76-6744-41A8-92D7-36C7B0B71D09}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE92AD17-908E-40B0-ACC6-1294A37C149B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{24F6410E-F7A9-45C4-A942-7FB64EBE1E66}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EE056705-2D97-4F3F-9AE4-5C947FD7A125}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{696E082F-AFB9-4691-965E-0BF844D1B17E}C:\program files\dnplayerext2\ldboxheadless.exe] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe => No File
FirewallRules: [UDP Query User{6A7DC5D6-FBF4-4011-9125-63CCF6006449}C:\program files\dnplayerext2\ldboxheadless.exe] => (Block) C:\program files\dnplayerext2\ldboxheadless.exe => No File

==================== Restore Points =========================

21-07-2021 12:01:13 Windows Modules Installer
25-07-2021 13:27:57 Installed Microsoft Office Professional Plus 2013
25-07-2021 13:29:51 PROPLUS
31-07-2021 17:01:12 Windows Modules Installer
31-07-2021 17:32:20 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/31/2021 05:14:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.906, time stamp: 0x01b4b287
Faulting module name: wuuhosdeployment.dll_unloaded, version: 10.0.19041.867, time stamp: 0x14e58421
Exception code: 0xc0000005
Fault offset: 0x000000000001a3f3
Faulting process ID: 0x109c
Faulting application start time: 0x01d7862527ba3973
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: wuuhosdeployment.dll
Report ID: 7f054b72-9837-4b4b-bbe1-7831e7e75b8b
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/30/2021 02:08:24 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (07/30/2021 02:07:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7cd72174-9926-43fb-bdc3-391a3784da20}

Error: (07/26/2021 08:36:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.1110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1830

Start Time: 01d782554cb73859

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 931ccb0a-fcce-4961-9009-2cb90eacabc5

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (07/25/2021 02:17:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1568

Start Time: 01d78156d8a48b9b

Termination Time: 4294967295

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 9502599f-e83a-4585-8db5-30ecf1119565

Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Hang type: Quiesce

Error: (07/23/2021 07:51:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pizzeria Simulator.exe, version: 1.22.0.0, time stamp: 0x594cab29
Faulting module name: Pizzeria Simulator.exe, version: 1.22.0.0, time stamp: 0x594cab29
Exception code: 0xc0000005
Fault offset: 0x00001d95
Faulting process ID: 0x1d0c
Faulting application start time: 0x01d77ff3cfbc6e81
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe
Report ID: 390ec77f-c04a-4f90-b7ee-ed9883f2e50f
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/20/2021 02:21:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.19041.1110, time stamp: 0xe86d289e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0x4809adf2
Exception code: 0xc000027b
Fault offset: 0x000000000010bd3e
Faulting process ID: 0xda0
Faulting application start time: 0x01d77d69c3eed16a
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 8b907b47-12cc-41a0-a6ca-3d1a1d3b797b
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/20/2021 12:36:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 3.2106.14307.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2160

Start Time: 01d77d5b668d68ae

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe

Report Id: 975eadaa-7d00-419a-b452-c8412cf83dce

Faulting package full name: Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Quiesce


System errors:
=============
Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant SmartAudio service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Elan Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2021 05:14:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (07/31/2021 04:58:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.

Error: (07/31/2021 11:56:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a pre-shutdown control.


Windows Defender:
================
Date: 2021-07-26 11:14:04
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/FusionCore&threatid=229442&enterprise=0
Name: PUA:Win32/FusionCore
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Aayan\Downloads\ldplayer_en_2102_ld.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.343.1691.0, AS: 1.343.1691.0, NIS: 1.343.1691.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

CodeIntegrity:
===============
Date: 2021-07-31 17:04:42
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-31 16:55:28
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO A4CN40WW (V 2.09) 08/24/2015
Motherboard: LENOVO Lancer 5B3
Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G 
Percentage of memory in use: 43%
Total physical RAM: 15290.54 MB
Available physical RAM: 8645.88 MB
Total Virtual: 17594.54 MB
Available Virtual: 11241.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.31 GB) (Free:835.23 GB) NTFS

\\?\Volume{1885f580-f01a-467f-8031-c0664a5eb7e9}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\\?\Volume{cca4d73f-dfc5-4b5e-bd80-578ab7a36fd0}\ () (Fixed) (Total:0.57 GB) (Free:0.08 GB) NTFS
\\?\Volume{9fb6c8c1-1907-4558-8e5e-db3d9b48001b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

the shortcut text:

Users shortcut scan result (x64) Version: 31-07-2021
Ran by Aayan (31-07-2021 17:47:22)
Running from C:\Users\Aayan\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Aayan\Links\Desktop.lnk -> C:\Users\Aayan\Desktop ()
Shortcut: C:\Users\Aayan\Links\Downloads.lnk -> C:\Users\Aayan\Downloads ()
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA GeForce NOW.lnk -> C:\Users\Aayan\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe (NVIDIA Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Aayan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Aayan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam (2).lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant\SAII\SmartAudio.lnk -> C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Aayan\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\Avast Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)


ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Aayan\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Aayan\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games\VALORANT.lnk -> C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc.) -> --launch-product=valorant --launch-patchline=live
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe () ->  /design 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\Users\Aayan\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/

==================== End of Shortcut.txt =============================
 

Link to post
Share on other sites

Thank you very much for those logfiles @helpwanted. 👍

Attaching the logfiles is great! 😀

We remove some orphans (Step 1+2) and do some final checks for your system (Step 3 and 4).

 

 

 

Step 1

  • Open Google Chrome.
  • Typ chrome://extensions in the adress bar and press Enter.
  • Search for the extension Total AV Safe Site and click on Remove.
  • Confirm with another click on Remove.
  • Close Google Chrome.

 

 

 

Step 2

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( xxx ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 3

The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft.
  • Please let me know the results of this scan.
  • Run a Quick Scan.
  • The log is named MSERT.log.
  • The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is

C:\Windows\debug\msert.log

  • Please attach that log with your next reply.

 

 

 

Step 4

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi,

sorry for being unclear @helpwanted.

FRST should be located here: C:\Users\Aayan\Downloads\

Please save the fixlist.txt to your download folder. Alternative, you can download the fixlist.txt to another location and copy the file fixlist.txt to the download folder.

Thank you! 👍

Edited by MKDB
Link to post
Share on other sites

You're welcome. Take care! 🙂

 

As this topic seems to be finished, I do not follow this topic any longer.

If you need this topic again, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.