For around a week my laptop has been randomly crashing.
I checked event viewer and it shows "DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}" each time before it crashes.
I also ran FRST and these are the logs
Ran by ancys (administrator) on VADAKKALPC (LENOVO 80TJ) (16-07-2021 13:59:06)
Running from C:\Users\ancys\Downloads
Loaded Profiles: ancys
Platform: Windows 10 Pro Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com) C:\Program Files\Ext2Fsd\Ext2Srv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\ancys\AppData\Roaming\Telegram Desktop\Telegram.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [123672 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18242048 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ancys\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-05-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [Free Download Manager] => C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4938752 2021-05-21] (Softdeluxe) [File not signed]
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\MountPoints2: {098d4141-671e-11ea-9470-806e6f6e6963} - "J:\setup.exe"
HKLM\...\Print\Monitors\HP 8911 Status Monitor: C:\WINDOWS\system32\hpinksts8911LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP C211 Status Monitor: C:\WINDOWS\system32\hpinkstsC211LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 2540 series): C:\WINDOWS\system32\HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-27] (Google LLC -> Google LLC)
Startup: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-05-08]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed]
Startup: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.lnk [2021-02-19]
ShortcutTarget: RBTray.lnk -> C:\Program Files\RBtray\RBTray.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02AE1531-C69E-46C4-836D-FCB59A51A6E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {04DFAA0E-C93A-4BE8-A009-4005C0E16798} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-15] (Google LLC -> Google LLC)
Task: {16330C1C-EECB-40FE-8B2A-F7735C0760E5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe
Task: {217F66A3-ECC7-4484-AB5A-45520464C46F} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {3C55FACB-C4B0-426E-8499-974D25736B1A} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
Task: {3EA25055-37DF-4A11-9400-955D3AD91B7C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118144 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B083B35-E956-49CA-BAE3-6D982873F7FF} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [405048 2020-03-16] (Adobe Inc. -> Adobe Inc.)
Task: {5C769459-9827-46DD-98DA-0326E3B9939D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-05-27] (Avast Software s.r.o. -> Avast Software)
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AMDInstallLauncher" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\ModifyLinkUpdate" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-562493922-3427777444-3148621644-1001" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\StartCNBM" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {60885086-9375-47C1-B1DA-BCF5244FB7E3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6E78CCDF-9A52-4318-8CED-4011B0B99CC7} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe
Task: {92B72C15-3CF7-4A0E-BA09-FF1C4BDDACB1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {93B1B6CE-26FE-433B-85C6-EF6EC4D8752D} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
Task: {96A23C9F-6CBE-485A-ABFE-BB0A303E6A13} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7071000 2019-11-10] (Nero AG -> Nero AG)
Task: {9EA2828B-71E1-4CBD-8080-9AE1945480D0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {B60F2F5E-5A7A-4902-B2DA-BAE236F69594} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4903192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
Task: {B937BAEC-AFF0-4475-8128-008216667C1D} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {C55A4CFA-3F0A-4F03-A9AD-715A8CCEE9A4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118144 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6FFEAF0-A2E9-4B84-A4DF-11517F662742} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-15] (Google LLC -> Google LLC)
Task: {D8204C57-63F8-41EC-B2EF-8A36AAA287BE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
Task: {E56E54A4-6B18-49B8-9C40-B38433EBBDEB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3965840 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5E00829-ABFB-45D4-9EF5-4A62C6CF6CA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD264D46-FF55-438E-809E-874B9C5F0591} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3965840 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{509f1019-07f8-4f50-910b-5d40d3b248c8}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ancys\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-13]
FireFox:
========
FF DefaultProfile: 813ygxln.default
FF ProfilePath: C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\813ygxln.default [2020-03-30]
FF ProfilePath: C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release [2021-07-16]
FF Extension: (Tampermonkey) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\firefox@tampermonkey.net.xpi [2021-07-13]
FF Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2021-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\sp@avast.com.xpi [2021-06-20]
FF Extension: (uBlock Origin) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-07-07]
FF Extension: (Distill Web Monitor) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\{7a73dc4b-1b38-40e7-ac56-7d356dd4af34}.xpi [2021-07-13]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default [2021-07-09]
CHR Notifications: Default -> hxxps://apcentral.collegeboard.org; hxxps://calendar.google.com; hxxps://classroom.google.com; hxxps://drive.google.com; hxxps://www.remind.com
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://mail.google.com/mail/u/0/#inbox"
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-15]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-15]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-27]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-15]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-02]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-15]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-14]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-15]
CHR Notifications: Profile 1 -> hxxps://mail.google.com; hxxps://www.protectyourvision.org,*"; hxxps://www.remind.com
CHR DefaultSearchURL: Profile 1 -> hxxps://play.prodigygame.com/public/assets/favicon/android-icon-36x36.png
CHR Extension: (Google Translate) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-05-05]
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-19]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-19]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-05]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-19]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-19]
CHR Extension: (Proctorio) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpmapakogndmenjcfoajifaaonnkpkei [2021-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-01]
CHR Extension: (Prodigy) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iapdpibhbhfecmiegbeelepdnkebkhcp [2020-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (AdBlocker Ultimate) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2021-01-05]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-07-15]
CHR Notifications: Profile 4 -> hxxps://calendar.google.com
CHR StartupUrls: Profile 4 -> "hxxps://elearn.lee.edu/webapps/portal/execute/tabs/tabAction?tab_tab_group_id=_1_1","hxxp://calendar.google.com/"
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-27]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-27]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-27]
CHR Extension: (OCR - Image Reader) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhbhjjkcoghibhibegcmbomkbakkpdbo [2021-07-02]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-27]
CHR Extension: (uBlock Origin) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-09]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-05-27]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-27]
CHR Extension: (Proctorio) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fpmapakogndmenjcfoajifaaonnkpkei [2021-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-27]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-07-08] (Microsoft Corporation -> Microsoft Corporation)
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{1445A0C5-73C4-4C37-B36E-17E785D511A9} [21312 2021-06-01] (Microsoft Windows -> Microsoft Corporation)
R4 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [42488 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R4 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\NisSrv.exe [3294680 2020-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MsMpEng.exe [103168 2020-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AUEPLauncher; "C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\system32\drivers\EUEDKEPM.sys [33712 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [826360 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2020-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-16 13:59 - 2021-07-16 14:04 - 000031450 _____ C:\Users\ancys\Downloads\FRST.txt
2021-07-16 13:57 - 2021-07-16 14:02 - 000000000 ____D C:\FRST
2021-07-16 13:53 - 2021-07-16 13:53 - 001622528 _____ C:\Users\ancys\Downloads\ResetBrowser.exe
2021-07-16 13:48 - 2021-07-16 13:49 - 002300416 _____ (Farbar) C:\Users\ancys\Downloads\explorer.exe
2021-07-15 17:18 - 2021-07-15 17:18 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-15 17:16 - 2021-07-15 17:16 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-15 17:14 - 2021-07-15 17:14 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-15 10:37 - 2021-07-15 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-14 13:42 - 2021-07-15 15:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 17:58 - 2021-07-08 19:24 - 000018176 ____H C:\Users\ancys\Downloads\~WRL1182.tmp
2021-07-08 16:39 - 2021-07-08 16:39 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-08 16:39 - 2021-07-08 16:39 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-08 16:39 - 2021-07-08 16:39 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-08 16:37 - 2021-07-08 16:37 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-08 16:37 - 2021-07-08 16:37 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-08 16:36 - 2021-07-08 16:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-08 16:36 - 2021-07-08 16:36 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-07 11:27 - 2021-07-07 11:27 - 000000000 ____D C:\Users\ancys\AppData\Local\OneDrive
2021-07-06 17:46 - 2021-07-06 17:46 - 000000000 ___HD C:\OneDriveTemp
2021-07-02 23:41 - 2021-07-03 13:35 - 000017367 _____ C:\Users\ancys\Documents\ch9.xlsx
2021-07-02 11:45 - 2021-07-02 11:45 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d756c8af76ae3c
2021-06-30 13:19 - 2021-07-15 22:48 - 000002483 _____ C:\Users\ancys\Desktop\Clin - Chrome.lnk
2021-06-29 11:14 - 2021-07-16 13:15 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Telegram Desktop
2021-06-29 11:14 - 2021-06-29 11:12 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-29 11:14 - 2021-06-29 11:12 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-27 18:20 - 2021-06-27 18:20 - 000000000 __SHD C:\found.004
2021-06-27 17:40 - 2021-06-27 17:54 - 2665126464 _____ C:\Users\ancys\Documents\documents.zip
2021-06-27 00:06 - 2021-06-27 18:30 - 701267664 _____ C:\WINDOWS\MEMORY.DMP
2021-06-27 00:06 - 2021-06-27 00:12 - 001893932 _____ C:\WINDOWS\Minidump\062721-100734-01.dmp
2021-06-24 21:26 - 2021-06-24 21:28 - 000000000 ____D C:\Windows11
2021-06-24 13:48 - 2021-06-24 13:49 - 000000000 ____D C:\ProPlus2019Retail
2021-06-22 18:44 - 2021-06-22 18:44 - 000000000 __SHD C:\found.003
2021-06-22 16:05 - 2021-06-22 16:05 - 000002414 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-22 12:43 - 2021-06-22 12:43 - 000000000 ____D C:\WINDOWS\Panther
2021-06-22 12:13 - 2021-06-22 12:32 - 000002439 _____ C:\Users\ancys\Desktop\FENECIA - Chrome.lnk
2021-06-21 21:53 - 2021-06-21 21:54 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2021-06-21 21:53 - 2021-06-21 21:53 - 000000000 ____D C:\Users\ancys\AppData\Local\Softdeluxe
2021-06-21 19:52 - 2021-06-21 19:52 - 000901766 ____H C:\Users\ancys\Downloads\BOOTICE_2016.06.17_v1.3.4.0.zip
2021-06-21 16:49 - 2021-06-21 16:49 - 000269334 _____ C:\Users\ancys\Documents\Learner's Permit.pdf
2021-06-21 16:23 - 2016-06-21 17:00 - 000000128 ___SH C:\WINDOWS\system32\snclbokruydzolss.pdb
2021-06-21 16:22 - 2021-06-21 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI
2021-06-21 15:58 - 2021-06-21 15:58 - 000000000 ____D C:\Users\ancys\AppData\Local\NeoSmart_Technologies
2021-06-21 15:56 - 2021-06-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2021-06-21 15:56 - 2021-06-21 15:56 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2021-06-21 13:30 - 2021-06-21 13:30 - 000000000 ____D C:\found.002
2021-06-21 11:56 - 2021-06-27 18:32 - 000000000 ____D C:\WINDOWS\Minidump
2021-06-21 11:48 - 2021-06-21 11:48 - 000000000 ____D C:\found.000
2021-06-20 15:53 - 2021-06-20 15:53 - 000000028 _____ C:\WINDOWS\OutLog.txt
2021-06-20 15:30 - 2021-06-20 15:53 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2021-06-20 15:18 - 2021-06-20 15:18 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-06-20 15:18 - 2021-05-08 14:47 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUDCPEPM.sys
2021-06-20 15:18 - 2021-05-08 14:47 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUEDKEPM.sys
2021-06-20 15:16 - 2021-06-20 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8
2021-06-20 15:15 - 2021-05-28 10:43 - 000174216 _____ C:\WINDOWS\system32\setupepmdrvx64.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 005797000 _____ C:\WINDOWS\system32\BootMan.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 003880072 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 000024712 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2021-06-20 15:15 - 2021-05-28 10:41 - 000021128 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2021-06-20 15:15 - 2021-05-08 14:42 - 000036280 _____ C:\WINDOWS\system32\epmdkdrv.sys
2021-06-20 15:15 - 2021-05-08 14:42 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2021-06-20 15:15 - 2021-05-08 14:42 - 000000057 _____ C:\WINDOWS\system32\setupepmdrv.ini
2021-06-20 15:14 - 2021-06-20 15:14 - 000000000 ____D C:\Program Files (x86)\EaseUS
2021-06-20 00:34 - 2021-06-20 00:34 - 000000000 ____D C:\Google
2021-06-20 00:30 - 2021-06-20 18:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-20 00:29 - 2021-06-20 18:31 - 000503026 _____ C:\WINDOWS\ntbtlog.txt
2021-06-19 19:09 - 2021-07-05 14:12 - 000000000 ____D C:\other
2021-06-19 11:38 - 2021-06-19 11:38 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000000000 ____D C:\ProgramData\GOJG03LKWS94MFYKL2CEB11QL
2021-06-19 11:38 - 2021-06-19 11:38 - 000000000 ____D C:\ProgramData\9A8INXSBP704MNI4VPPNSQ8JM
2021-06-19 11:37 - 2021-06-19 11:38 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-06-19 11:37 - 2021-06-19 11:37 - 000000000 ____D C:\ProgramData\IOL2633KA8CGZMZKKP7F7BYPH
2021-06-18 12:26 - 2021-06-18 17:44 - 579586048 _____ C:\Windows 11.iso
2021-06-16 17:20 - 2021-06-17 19:24 - 000000000 ____D C:\WindowsApps
2021-06-15 20:22 - 2021-06-15 20:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-15 20:21 - 2021-06-15 20:21 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-15 20:20 - 2021-06-15 20:20 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-15 20:20 - 2021-06-15 20:20 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-15 20:19 - 2021-06-15 20:19 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-15 20:19 - 2021-06-15 20:19 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-15 20:16 - 2021-06-15 20:16 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-15 20:15 - 2021-06-15 20:15 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-15 20:14 - 2021-06-15 20:14 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-15 20:14 - 2021-06-15 20:14 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-15 20:14 - 2021-06-15 20:14 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-14 14:59 - 2021-06-14 14:59 - 000001244 _____ C:\Users\ancys\Desktop\Assignments.lnk
2021-06-14 12:07 - 2021-06-14 12:07 - 000002708 _____ C:\WINDOWS\system32\key.pfx
2021-06-11 16:28 - 2021-06-11 16:28 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-06-05 17:25 - 2021-06-05 17:25 - 000214774 _____ C:\Users\ancys\Documents\Clin COVID-19 Vaccine.pdf
2021-06-05 17:22 - 2021-06-05 17:22 - 000205835 _____ C:\Users\ancys\Documents\Shaiju COVID-19 Vaccine.pdf
2021-06-04 00:09 - 2021-06-21 15:17 - 000000000 ____D C:\Users\ancys\AppData\Local\Avast Software
2021-06-04 00:07 - 2021-06-04 00:07 - 000000000 ____D C:\Program Files\AMD
2021-06-01 16:08 - 2021-06-01 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
2021-06-01 16:06 - 2021-06-01 16:59 - 1529155584 _____ C:\Windows 10.iso
2021-06-01 07:04 - 2021-06-01 07:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-06-01 07:00 - 2021-06-01 07:04 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-06-01 07:00 - 2021-06-01 07:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-06-01 06:54 - 2021-06-01 06:54 - 000000000 ____D C:\ProgramData\ssh
2021-06-01 06:42 - 2021-06-01 06:42 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000671744 _____ C:\WINDOWS\system32\hgattest.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-06-01 06:41 - 2021-06-01 06:41 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-06-01 06:41 - 2021-06-01 06:41 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-06-01 06:40 - 2021-06-01 06:40 - 000374072 _____ C:\WINDOWS\system32\vp9fs.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-06-01 06:39 - 2021-06-01 06:39 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-06-01 06:38 - 2021-06-01 06:38 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-06-01 06:38 - 2021-06-01 06:38 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-06-01 06:38 - 2021-06-01 06:38 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-06-01 06:37 - 2021-06-01 06:37 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-06-01 06:37 - 2021-06-01 06:37 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-06-01 06:37 - 2021-06-01 06:37 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-06-01 06:37 - 2021-06-01 06:37 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-06-01 06:36 - 2021-06-01 06:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-06-01 06:36 - 2021-06-01 06:36 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-06-01 06:36 - 2021-06-01 06:36 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-06-01 06:36 - 2021-06-01 06:36 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-06-01 06:35 - 2021-06-01 06:35 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-06-01 06:35 - 2021-06-01 06:35 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-06-01 06:35 - 2021-06-01 06:35 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-06-01 06:35 - 2021-06-01 06:35 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-06-01 06:35 - 2021-06-01 06:35 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-06-01 06:34 - 2021-06-01 06:34 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-06-01 06:34 - 2021-06-01 06:34 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-06-01 06:33 - 2021-06-01 06:33 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-06-01 06:33 - 2021-06-01 06:33 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-06-01 06:33 - 2021-06-01 06:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-06-01 06:33 - 2021-06-01 06:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-06-01 06:14 - 2021-06-01 06:14 - 000000000 ____D C:\WINDOWS\system32\ml-in
2021-06-01 06:04 - 2021-07-16 11:47 - 000000000 ____D C:\Program Files\Hyper-V
2021-06-01 06:04 - 2021-06-01 06:04 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-06-01 06:04 - 2021-06-01 06:04 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2021-06-01 05:07 - 2021-06-01 05:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-06-01 04:56 - 2021-06-01 04:56 - 000000020 ___SH C:\Users\ancys\ntuser.ini
2021-06-01 04:53 - 2021-07-16 12:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-01 04:53 - 2021-07-15 23:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-01 04:53 - 2021-07-15 23:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-01 04:53 - 2021-07-11 12:06 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-562493922-3427777444-3148621644-1001
2021-06-01 04:53 - 2021-07-02 11:45 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-01 04:53 - 2021-07-01 11:12 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-01 04:53 - 2021-06-20 15:36 - 000003274 _____ C:\WINDOWS\system32\Tasks\Adobe Uninstaller
2021-06-01 04:53 - 2021-06-15 23:47 - 000002122 _____ C:\WINDOWS\system32\Tasks\StartDVR
2021-06-01 04:53 - 2021-06-15 23:46 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-01 04:53 - 2021-06-15 23:46 - 000002672 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-06-01 04:53 - 2021-06-15 23:46 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-06-01 04:53 - 2021-06-15 23:46 - 000002524 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-06-01 04:53 - 2021-06-15 23:46 - 000002374 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2021-06-01 04:53 - 2021-06-15 23:46 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-06-01 04:53 - 2021-06-11 14:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-01 04:53 - 2021-06-01 04:54 - 000002648 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-06-01 04:53 - 2021-06-01 04:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-562493922-3427777444-3148621644-1001
2021-06-01 04:53 - 2021-06-01 04:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Nero
2021-06-01 04:46 - 2021-06-21 20:58 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2021-06-01 04:46 - 2021-06-21 20:58 - 000001890 _____ C:\WINDOWS\diagerr.xml
2021-06-01 04:30 - 2021-07-16 12:24 - 000795742 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-01 04:20 - 2021-07-16 12:39 - 000000000 ____D C:\Users\ancys
2021-06-01 04:20 - 2021-07-11 12:06 - 000002427 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-01 04:17 - 2021-07-10 11:29 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-01 04:13 - 2021-07-16 13:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-01 04:13 - 2021-07-16 12:10 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2021-06-01 04:13 - 2021-07-16 11:51 - 000437968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-01 00:30 - 2021-06-01 00:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-31 21:06 - 2021-05-31 21:35 - 000002412 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-05-31 21:05 - 2021-05-31 21:05 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Teams
2021-05-31 05:58 - 2021-05-31 05:58 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2021-05-30 15:54 - 2021-05-31 01:43 - 000000000 ____D C:\found.001
2021-05-30 02:11 - 2021-05-30 02:11 - 000000000 ____D C:\Users\ancys\Documents\Custom Office Templates
2021-05-30 02:06 - 2021-07-11 12:06 - 000000000 ___RD C:\Users\ancys\OneDrive
2021-05-30 02:00 - 2021-05-30 02:00 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-05-30 01:59 - 2021-06-01 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-30 01:59 - 2021-05-30 01:59 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-05-30 01:59 - 2021-05-30 01:59 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-05-30 01:43 - 2021-07-15 14:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-30 01:42 - 2021-05-30 01:42 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-05-30 01:19 - 2021-06-14 14:09 - 000000000 ____D C:\Users\ancys\Desktop\assignments
2021-05-28 12:44 - 2021-05-28 13:20 - 3758917632 _____ C:\ProPlus2019Retail.img
2021-05-27 18:53 - 2021-05-27 18:57 - 000000000 ____D C:\Users\ancys\Documents\Driver's Ed - Feni
2021-05-27 16:56 - 2021-05-27 16:56 - 000000000 ___HD C:\$WinREAgent
2021-05-27 16:24 - 2021-05-27 16:24 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-16 14:08 - 2020-03-15 14:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-16 13:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-07-16 12:51 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-16 12:44 - 2020-04-18 18:05 - 000000583 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-07-16 12:43 - 2020-03-30 15:24 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-16 12:42 - 2020-03-30 15:24 - 000000000 ____D C:\Users\ancys\AppData\LocalLow\Mozilla
2021-07-16 12:38 - 2021-02-20 13:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-16 12:24 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-16 12:19 - 2020-03-15 15:22 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-16 12:16 - 2020-03-15 12:55 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-07-16 11:49 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-16 11:47 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 11:37 - 2020-03-16 15:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-15 18:24 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-15 15:42 - 2020-03-15 12:30 - 000000000 ____D C:\Users\ancys\AppData\Local\Packages
2021-07-15 15:28 - 2020-03-30 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-15 13:16 - 2020-06-21 10:45 - 000000000 ____D C:\Users\ancys\AppData\Roaming\vlc
2021-07-15 10:37 - 2020-03-30 15:24 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-10 11:29 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-10 11:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-03 12:47 - 2019-12-07 04:52 - 000000000 ____D C:\WINDOWS\OCR
2021-07-03 12:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-07-01 11:33 - 2020-03-15 12:36 - 000000000 ____D C:\Users\ancys\AppData\Local\PlaceholderTileLogoFolder
2021-06-30 15:41 - 2020-03-15 15:20 - 000000000 ____D C:\Users\ancys\AppData\Local\D3DSCache
2021-06-29 11:14 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-29 11:12 - 2020-11-04 20:06 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-29 11:12 - 2020-04-21 22:59 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-28 13:37 - 2020-03-15 13:06 - 000000000 ____D C:\ProgramData\Packages
2021-06-27 18:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-27 00:36 - 2020-03-15 14:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-27 00:36 - 2020-03-15 14:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-22 12:13 - 2020-03-21 21:20 - 000002483 _____ C:\Users\ancys\Desktop\Ancy - Chrome.lnk
2021-06-21 15:02 - 2020-03-16 07:31 - 000000000 ____D C:\Users\ancys\AppData\Local\CrashDumps
2021-06-20 19:17 - 2020-08-20 19:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-20 00:37 - 2021-02-21 11:53 - 000000000 ____D C:\saves
2021-06-18 23:36 - 2020-04-20 00:02 - 000000000 ____D C:\Users\ancys\AppData\Roaming\FAHClient
==================== Files in the root of some directories ========
2021-06-19 11:37 - 2021-06-19 11:38 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2021-02-03 17:33 - 2021-02-03 17:33 - 000000127 _____ () C:\Users\ancys\AppData\Roaming\ezpinst.log
2021-01-06 12:52 - 2021-01-06 12:52 - 000099384 _____ () C:\Users\ancys\AppData\Roaming\inst.exe
2021-01-06 12:52 - 2021-01-06 12:52 - 000007859 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.cat
2021-01-06 12:52 - 2021-01-06 12:52 - 000001167 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.inf
2021-01-06 12:52 - 2021-01-06 12:52 - 000000055 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.log
2021-01-06 12:52 - 2021-01-06 12:52 - 000082816 _____ (VSO Software) C:\Users\ancys\AppData\Roaming\pcouffin.sys
2020-03-16 15:03 - 2020-03-16 15:03 - 000000410 _____ () C:\Users\ancys\AppData\Local\oobelibMkey.log
2020-03-16 15:16 - 2021-02-19 11:50 - 000007608 _____ () C:\Users\ancys\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2019-08-30 03:05 - 2019-08-30 03:05 - 000105984 _____ (Beepa P/L) C:\WINDOWS\system32\frapsv64.dll
2021-01-09 10:28 - 2021-06-04 00:24 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-08-05 08:07 - 2015-08-05 08:07 - 000203776 _____ C:\WINDOWS\SysWOW64\clinfo.exe
2019-08-30 03:05 - 2019-08-30 03:05 - 000094208 _____ (Beepa P/L) C:\WINDOWS\SysWOW64\frapsvid.dll
2020-03-15 13:39 - 2020-01-09 16:23 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEShims.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71u.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-01-06 11:21 - 2003-01-26 14:41 - 000040960 _____ (vbAccelerator) C:\WINDOWS\SysWOW64\ssubtmr6.dll
2021-07-16 13:48 - 2021-07-16 13:49 - 002300416 _____ (Farbar) C:\Users\ancys\Downloads\explorer.exe
2021-07-16 13:53 - 2021-07-16 13:53 - 001622528 _____ C:\Users\ancys\Downloads\ResetBrowser.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{30802ba4-dea2-11eb-9567-3e95096dc4db}
{3704b4d6-d25a-11eb-939d-d107e7d58442}
{e32f416e-f126-11e9-a964-3c95096dc4dc}
{a620a7ac-8fc3-11e9-8247-54e1ad57f393}
{1862b484-72d9-11eb-9511-806e6f6e6963}
{1862b483-72d9-11eb-9511-806e6f6e6963}
{1862b482-72d9-11eb-9511-806e6f6e6963}
{1862b481-72d9-11eb-9511-806e6f6e6963}
{1862b485-72d9-11eb-9511-806e6f6e6963}
{1862b486-72d9-11eb-9511-806e6f6e6963}
{841e6b8c-d5fb-11eb-a987-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d86bf214-d674-11eb-b705-b041a4154a0d}
displayorder {current}
{bec80b0b-744c-11e7-9eff-54e1ad57f393}
{bec80b0a-744c-11e7-9eff-54e1ad57f393}
{bec80b0c-744c-11e7-9eff-54e1ad57f393}
{bec80b0d-744c-11e7-9eff-54e1ad57f393}
{bec80b0e-744c-11e7-9eff-54e1ad57f393}
{bec80b0f-744c-11e7-9eff-54e1ad57f393}
{5094249e-e3b9-11e8-826e-806e6f6e6963}
toolsdisplayorder {memdiag}
timeout 0
Windows Boot Manager
--------------------
identifier {a620a7ac-8fc3-11e9-8247-54e1ad57f393}
device partition=\Device\HarddiskVolume1
path \EFI\refind\refind_x64.efi
description Ubuntu Secure Boot
locale en-US
inherit {globalsettings}
default {df73a9c9-5e1d-11e9-9223-dd458d06ed04}
resumeobject {df73a9c8-5e1d-11e9-9223-dd458d06ed04}
displayorder {bec80b0b-744c-11e7-9eff-54e1ad57f393}
{bec80b0a-744c-11e7-9eff-54e1ad57f393}
{bec80b0c-744c-11e7-9eff-54e1ad57f393}
{bec80b0d-744c-11e7-9eff-54e1ad57f393}
{bec80b0e-744c-11e7-9eff-54e1ad57f393}
{bec80b0f-744c-11e7-9eff-54e1ad57f393}
{5094249e-e3b9-11e8-826e-806e6f6e6963}
{df73a9c9-5e1d-11e9-9223-dd458d06ed04}
bootsequence {bec80b0b-744c-11e7-9eff-54e1ad57f393}
toolsdisplayorder {memdiag}
timeout 10
Windows Boot Manager
--------------------
identifier {e32f416e-f126-11e9-a964-3c95096dc4dc}
device partition=\Device\HarddiskVolume1
path \EFI\grub2win\g2bootmgr\gnugrub.kernel64.efi
description Grub2Win EFI - 64 Bit
inherit {globalsettings}
Firmware Application (101fffff)
-------------------------------
identifier {1862b47e-72d9-11eb-9511-806e6f6e6963}
description Setup
Firmware Application (101fffff)
-------------------------------
identifier {1862b47f-72d9-11eb-9511-806e6f6e6963}
description Boot Menu
Firmware Application (101fffff)
-------------------------------
identifier {1862b480-72d9-11eb-9511-806e6f6e6963}
description Diagnostic Splash
Firmware Application (101fffff)
-------------------------------
identifier {1862b481-72d9-11eb-9511-806e6f6e6963}
description USB FDD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b482-72d9-11eb-9511-806e6f6e6963}
description USB HDD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b483-72d9-11eb-9511-806e6f6e6963}
description USB CD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b484-72d9-11eb-9511-806e6f6e6963}
description ATAPI CD: PLDS DVD-RW DA8AESH
Firmware Application (101fffff)
-------------------------------
identifier {1862b485-72d9-11eb-9511-806e6f6e6963}
description ATA HDD: WDC WD5000LPCX-24VHAT0
Firmware Application (101fffff)
-------------------------------
identifier {1862b486-72d9-11eb-9511-806e6f6e6963}
description PCI LAN: EFI Network (IPv4)
Firmware Application (101fffff)
-------------------------------
identifier {30802ba4-dea2-11eb-9567-3e95096dc4db}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
Firmware Application (101fffff)
-------------------------------
identifier {3704b4d6-d25a-11eb-939d-d107e7d58442}
device partition=\Device\HarddiskVolume1
path \EFI\refind\refind_x64.efi
description rEFInd Boot Manager
Firmware Application (101fffff)
-------------------------------
identifier {841e6b8c-d5fb-11eb-a987-806e6f6e6963}
description PCI LAN: EFI Network (IPv6)
Windows Boot Loader
-------------------
identifier {3704b4d9-d25a-11eb-939d-d107e7d58442}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{3704b4da-d25a-11eb-939d-d107e7d58442}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{3704b4da-d25a-11eb-939d-d107e7d58442}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {616f0681-d579-11eb-b492-a32495bfab41}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{616f0682-d579-11eb-b492-a32495bfab41}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{616f0682-d579-11eb-b492-a32495bfab41}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {677e3135-d3bb-11eb-8ae8-c253c50ef2af}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{677e3136-d3bb-11eb-8ae8-c253c50ef2af}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{677e3136-d3bb-11eb-8ae8-c253c50ef2af}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {3704b4d9-d25a-11eb-939d-d107e7d58442}
displaymessageoverride CommandPrompt
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {9ecc8e98-c2d2-11eb-b9fd-94b0ff299f30}
nx OptIn
bootmenupolicy Legacy
hypervisorlaunchtype Auto
useplatformclock Yes
Windows Boot Loader
-------------------
identifier {d86bf216-d674-11eb-b705-b041a4154a0d}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{d86bf217-d674-11eb-b705-b041a4154a0d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{d86bf217-d674-11eb-b705-b041a4154a0d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {9ecc8e98-c2d2-11eb-b9fd-94b0ff299f30}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {3704b4d9-d25a-11eb-939d-d107e7d58442}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=\Device\HarddiskVolume1
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {3704b4da-d25a-11eb-939d-d107e7d58442}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {a620a7b1-8fc3-11e9-8247-54e1ad57f393}
description Ubuntu
Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
==================== End of FRST.txt ========================
Ran by ancys (16-07-2021 14:21:42)
Running from C:\Users\ancys\Downloads
Windows 10 Pro Version 20H2 19042.1110 (X64) (2021-06-01 09:54:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-562493922-3427777444-3148621644-500 - Administrator - Disabled)
ancys (S-1-5-21-562493922-3427777444-3148621644-1001 - Administrator - Enabled) => C:\Users\ancys
DefaultAccount (S-1-5-21-562493922-3427777444-3148621644-503 - Limited - Disabled)
Guest (S-1-5-21-562493922-3427777444-3148621644-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-562493922-3427777444-3148621644-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Absolute Uninstaller 5.3.1.26 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.26 - Glarysoft Ltd)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_3) (Version: 14.0.3 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_3) (Version: 14.0.3 - Adobe Systems Incorporated)
Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_2) (Version: 1.5.2 - Adobe Systems Incorporated)
AMD APP SDK 3.0 (HKLM-x32\...\{8829787C-6269-4112-ADF8-59BEFFC7CDB6}) (Version: 3.0.130.135 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
Atom (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\atom) (Version: 1.45.0 - GitHub Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EaseUS Partition Master 15.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
EasyUEFI version 4.6 (HKLM\...\EasyUEFI_is1) (Version: 4.6 - Hasleo Software.)
Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu)
Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.13 - Folding@home.org)
Free Download Manager (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.2.3973 - Softdeluxe)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14131.20320 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0 (x64 en-US)) (Version: 90.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
Nero BurningROM 2020 (HKLM-x32\...\{BC220CBF-A8E5-48D1-816F-0403E7F6E7FC}) (Version: 22.0.00700 - Nero AG)
Nero Core (HKLM-x32\...\{5E063AA4-5E7D-40D1-99A1-D8E9F5F9BB0E}) (Version: 2.0.05800 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 21.0.1007 - Nero AG)
NTLite v2.1.1.7917 (HKLM\...\NTLite_is1) (Version: 2.1.1.7917 - Nlitesoft)
OCL_SDK_Light version 1.0 (HKLM-x32\...\OCL_SDK_Light_is1) (Version: 1.0 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
SplitCam (HKLM\...\{4BE0A527-00F0-48AC-A336-C8647101D654}) (Version: 10.3.42 - SplitCam Co.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.69 - VSO Software)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Zoom (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\ZoomUMX) (Version: 5.6.7 (1016) - Zoom Video Communications, Inc.)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Corporation)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_5.9.11.0_x64__h6adky7gbf63m [2021-01-05] (Gameloft SE)
Dynamic Theme -> C:\Program Files\WindowsApps\55888ChristopheLavalle.DynamicTheme_1.4.30233.0_x64__jdggxwd41xcr0 [2021-01-05] (Christophe Lavalle)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-06-28] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-01-05] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-01] (Microsoft Corporation) [MS Ad]
Microsoft Emulator -> C:\Program Files\WindowsApps\Microsoft.MicrosoftEmulator_1.1.1081.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2021-06-01] (Microsoft Studios)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Simple Video Trim & Merge -> C:\Program Files\WindowsApps\35745bSoftStudio.SimpleVideoTrimMerge_1.1.1.0_x64__376dcxkkpqbxy [2021-01-05] (bSoft Studio) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_1804.2020.5.0_x64__79rhkp1fndgsc [2020-04-18] (Canonical Group Limited)
Windows® 10X Emulator Image 10.0.19578.0 (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows10XEmulatorImage10.0.19578.0Previ_1.0.1.0_x64__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-94EE8EF6A066} -> [Creative Cloud Files] => C:\Users\ancys\Creative Cloud Files [2020-03-16 15:13]
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ancys\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ancys\Desktop\Ancy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\ancys\Desktop\Clin - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\Desktop\FENECIA - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Prodigy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=iapdpibhbhfecmiegbeelepdnkebkhcp
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\CLIN - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2020-03-15 15:03 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\sharepoint.com -> hxxps://mylc-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-04-18 18:05 - 2021-07-16 12:44 - 000000583 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.23.96.1 VadakkalPC.mshome.net # 2026 7 3 15 17 44 13 585
0 23 12 52 506
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Ext2Srv => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: tbaseprovisioning => 2
HKLM\...\StartupApproved\StartupFolder: => "eyepro.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdBlocker Ultimate"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\StartupFolder: => "RBTray.lnk"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "Free Download Manager"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{096FE75D-5989-43CC-A9AA-9DF438225374}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B325A419-24C4-4940-8413-A4DD1C77CAD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43A81247-8D53-4075-BAD2-9913E6850AC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E6A3DE0-8B6E-4122-87B7-52569C709D81}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{77048940-2763-4522-9C05-3AA7F9D84683}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4AD4DF3-7B0E-4381-8DB0-C75BC3F7AB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6869B501-221E-4D6A-BFCA-FF11379BD87D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5FF569E3-C546-4AB5-BCC2-3580F285E3FE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA748C7D-EDD1-400F-A4D9-937DBF3669A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB74BF55-0FD8-48E8-A421-656767AD2BB5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F03EF0F-A3B5-469D-A514-D20CD6DE5131}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F355AFF-417D-4470-8650-77CD9FB4CF27}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B5B0C79-18AF-468C-9693-FD84D448C0F7}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{B5582D78-C630-4A6F-BD89-C8E2406CD594}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{CF020AC0-888B-498A-872C-CDFA4744BFD9}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{26F9F3A8-E50A-4FDC-894B-2B83590A26FD}] => (Block) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [{FB5C438C-EB8E-46EA-9C34-A17BA01F2306}] => (Block) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [UDP Query User{07929FF0-1C22-4D04-A3C3-3E74E626CBD4}C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe] => (Allow) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [TCP Query User{FE3C07F9-A071-4388-967E-DAC679D801E7}C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe] => (Allow) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [UDP Query User{0A4C9658-C4FF-45AE-817D-70788F6A6A98}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [TCP Query User{B28B5BF2-52A7-42D1-B149-168A9F53164F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [{A8BF1250-D738-4ECB-80D4-6E48C0ADA398}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{348D1986-E744-43B7-BC7B-3E690689958E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D1D53309-A195-4A2D-927C-78098F932BCA}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{65AFDEDD-F769-45B7-9B40-B5112BC47069}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [{754DB310-4247-4132-8EC0-842D8B28AD80}] => (Allow) C:\Users\ancys\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{716BB4E2-38CA-4036-B587-9B45360CB218}] => (Allow) C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC6E8352-E706-4904-BAB8-BCE0E6546FCE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E054CC9D-A6D6-43A7-AA6C-4402BDC80250}] => (Allow) LPort=5357
FirewallRules: [{A0C5580C-BF70-4F1A-A62D-25313AA788F2}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1F9E81F4-4F53-4039-ACF9-AE86BE5CF64C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5DE8E5DD-412B-47E5-9C97-DB817127A9CA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{914ABADD-F223-4542-AD8D-FD5C5FBB7537}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
08-07-2021 15:20:37 Scheduled Checkpoint
08-07-2021 15:41:22 Windows Modules Installer
08-07-2021 15:54:06 Windows Modules Installer
09-07-2021 11:54:34 Windows Modules Installer
15-07-2021 16:14:04 Windows Modules Installer
15-07-2021 16:17:51 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/15/2021 11:06:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program YourPhone.exe version 1.20112.72.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 948
Start Time: 01d779f49fada199
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe\YourPhone.exe
Report Id: 3a451c8d-f4a7-4783-b964-ad2b3ff83fe0
Faulting package full name: Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (07/15/2021 04:47:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program YourPhone.exe version 1.20112.72.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 22e4
Start Time: 01d779c03f65b2e3
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe\YourPhone.exe
Report Id: 74011d71-f726-4fef-91a2-4925d419a2de
Faulting package full name: Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (07/15/2021 04:25:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe, PID: 4160, ProfSvc PID: 1364.
Error: (07/15/2021 04:17:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/15/2021 04:14:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/13/2021 08:41:09 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (07/12/2021 10:43:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 26f0
Start Time: 01d777334fe582c4
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: ec21076e-8792-474c-b622-8c421d26d9a7
Faulting package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Quiesce
Error: (07/10/2021 11:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: VADAKKALPC)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878
System errors:
=============
Error: (07/16/2021 12:43:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD User Experience Program Launcher service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/16/2021 12:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ext2Fsd service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (07/16/2021 12:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD User Experience Program Launcher service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/16/2021 12:18:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ext2Fsd service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (07/16/2021 12:16:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (07/16/2021 12:16:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (07/16/2021 12:16:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (07/16/2021 12:16:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
CodeIntegrity:
===============
Date: 2021-07-16 12:45:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-07-16 12:44:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 85%
Total physical RAM: 3490.6 MB
Available physical RAM: 489.88 MB
Total Virtual: 7074.6 MB
Available Virtual: 857.11 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:460.51 GB) (Free:319.92 GB) NTFS
Drive d: () (Fixed) (Total:3.99 GB) (Free:2.09 GB) FAT32
\\?\Volume{6efd3acd-1c84-4a3f-bf62-b0c543c56f71}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.72 GB) NTFS
\\?\Volume{287231f9-2781-4a7c-8f9c-caeaa93204f9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D32F849E)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by ancys (16-07-2021 14:31:00)
Running from C:\Users\ancys\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/easybcd
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk -> C:\Program Files\Adobe\Adobe Media Encoder 2020\Adobe Media Encoder.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk -> C:\Program Files\Adobe\Adobe Premiere Pro 2020\Adobe Premiere Pro.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush 1.5.lnk -> C:\Program Files\Adobe\Adobe Premiere Rush\Adobe Premiere Rush.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogo Disk.lnk -> C:\Program Files\Jogo DIsk\browser.exe (Digerati)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\LGPL license.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\lgpl-2.1.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\Translate ConvertXToDVD 7.lnk -> C:\ProgramData\VSO\ConvertXToDVD\7\Lang\EditLoc_online.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\Uninstall ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Check.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\NTLite on the Web.lnk -> C:\Program Files\NTLite\Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\NTLite.lnk -> C:\Program Files\NTLite\NTLite.exe (Nlitesoft d.o.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\Uninstall NTLite.lnk -> C:\Program Files\NTLite\unins000.exe (Nlitesoft )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2020\Nero Burning ROM.lnk -> C:\Windows\Installer\{4C0CE9D6-70B4-482B-BD43-0885484A45D4}\ARPPRODUCTICON.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk -> C:\Windows\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk -> C:\Windows\Installer\{D8CCA6A9-E0CA-4589-BA17-54C909B1C8B5}\ARPPRODUCTICON.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero KnowHow PLUS.lnk -> C:\Windows\Installer\{AACDE618-4162-4074-B01D-67C5E8D07233}\ScKHPStartMenu_20B6100142E642F2AF79FA72E4BDFDBA.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Start.lnk -> C:\Windows\Installer\{21845F89-64C5-4872-A341-0ECBB60DC4BF}\ScLauncherStartMen_6C77D23FA3434FDA8BB06A73EB8F8F69.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.4.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn Read Me.lnk -> C:\Program Files (x86)\ImgBurn\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\Uninstall.lnk -> C:\Program Files (x86)\ImgBurn\uninstall.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Hasleo EasyUEFI.lnk -> C:\Program Files\Hasleo\EasyUEFI\bin\EasyUEFI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Uninstall Hasleo EasyUEFI.lnk -> C:\Program Files\Hasleo\EasyUEFI\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft\Absolute Uninstaller\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Ext2 Volume Manager.lnk -> C:\Program Files\Ext2Fsd\Ext2Mgr.exe (Ext2Fsd Group (www.ext2fsd.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Uninstall Ext2Fsd.lnk -> C:\Program Files\Ext2Fsd\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Frequently Asked Questions.lnk -> C:\Program Files\Ext2Fsd\Documents\FAQ.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Read Me.lnk -> C:\Program Files\Ext2Fsd\Documents\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Release Notes.lnk -> C:\Program Files\Ext2Fsd\Documents\notes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\bin\Main.exe (EaseUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\Uninstall EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk -> C:\Program Files (x86)\DVD Flick\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk -> C:\Program Files (x86)\DVD Flick\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk -> C:\Program Files (x86)\DVD Flick\guide\index_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk -> C:\Program Files (x86)\DVD Flick\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\DOSBox 0.74-3 Manual.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\Documentation\README.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Uninstall.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\uninstall.exe (DOSBox Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Video\Video instructions.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\Video Instructions.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software\AMD Radeon Software.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool\AMD Bug Report Tool.lnk -> C:\Program Files\AMD\CIM\Bin64\AMDBugReportTool.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\VMCreate.lnk -> C:\Program Files\Hyper-V\VMCreate.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\ancys\Pictures\Desktop - Shortcut.lnk -> C:\Users\ancys\Desktop ()
Shortcut: C:\Users\ancys\Pictures\Saved Pictures\Pictures - Shortcut.lnk -> C:\Users\ancys\Pictures ()
Shortcut: C:\Users\ancys\Links\Desktop.lnk -> C:\Users\ancys\Desktop ()
Shortcut: C:\Users\ancys\Links\Downloads.lnk -> C:\Users\ancys\Downloads ()
Shortcut: C:\Users\ancys\Documents\Downloads - Shortcut.lnk -> C:\Users\ancys\Downloads ()
Shortcut: C:\Users\ancys\Documents\Minecraft.lnk -> Tile and icon assets
Shortcut: C:\Users\ancys\Desktop\Assignments.lnk -> C:\Users\ancys\Desktop\assignments ()
Shortcut: C:\Users\ancys\Desktop\Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\Creative Cloud Files\_Cloud documents.lnk -> C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ancys\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam.lnk -> C:\Users\ancys\AppData\Roaming\Microsoft\Installer\{4BE0A527-00F0-48AC-A336-C8647101D654}\_75ECEC2234CF1D1D7CB54F.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.lnk -> C:\Program Files\RBtray\RBTray.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Atom.lnk -> C:\Users\ancys\AppData\Local\atom\atom.exe (GitHub, Inc.)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Uninstall Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\unins000.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\About Folding@home.lnk -> C:\Program Files (x86)\FAHClient\About Folding@home.url ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Data Directory.lnk -> C:\Users\ancys\AppData\Roaming\FAHClient ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\FAHControl.lnk -> C:\Program Files (x86)\FAHClient\FAHControl.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\FAHViewer.lnk -> C:\Program Files (x86)\FAHClient\FAHViewer.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Uninstall.lnk -> C:\Program Files (x86)\FAHClient\Uninstall.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Web Control.lnk -> C:\Program Files (x86)\FAHClient\FAHWebClient.url ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\bin\Main.exe (EaseUS)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ancys\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Oregon Trail.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> "C:\DOS\OREGON\OREGON.EXE" -noconsole
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Install.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /install /deletecpl "Install and please reboot once finished..."
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Remove Driver (Compatibility Mode).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /remove /removeatip "Uninstalling... Please reboot aftwerwards!"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\DOSBox 0.74-3.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -userconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\DOSBox 0.74-3 Options.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -editconf notepad.exe -editconf "%SystemRoot%\system32\notepad.exe" -editconf "%WINDIR%\notepad.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\Reset KeyMapper.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -erasemapper
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\Reset Options.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -eraseconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\DOSBox 0.74-3 (noconsole) - Copy.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -noconsole -userconf C:\DOS\OREGON\OREGON.EXE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\DOSBox 0.74-3 (noconsole).lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -noconsole -userconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Screenshots & Recordings.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -opencaptures explorer.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Video\Install movie codec.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\zmbv.inf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD\APP SDK 3.0\AMD APP SDK 3.0 Samples.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\ancys\AMD APP SDK\3.0\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Hyper-V Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> "%windir%\System32\virtmgmt.msc"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\ancys\Desktop\Ancy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\ancys\Desktop\Clin - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\Desktop\FENECIA - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\ancys\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () -> C:\Program Files (x86)\FAHClient\FAHClient.exe
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () -> "C:\Program Files (x86)\FAHClient\FAHClient.exe" --open-web-control
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Prodigy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=iapdpibhbhfecmiegbeelepdnkebkhcp
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\CLIN - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Hasleo EasyUEFI on the Web.url -> URL: hxxps://www.hasleo.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft\Absolute Uninstaller\Website.url -> URL: hxxp://www.glarysoft.com/absolute-uninstaller/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\EaseUS Partition Master 15.8 Help.url -> URL: hxxps://www.easeus.com/support/partition-master/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\Visit EaseUS on the Web.url -> URL: hxxps://www.easeus.com/partition-manager/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\DVD Flick on the Web.url -> URL: hxxp://www.dvdflick.net
InternetURL: C:\Users\ancys\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\ancys\Favorites\The NeoSmart Files.url -> URL: hxxp://neosmart.net/blog/feed/
==================== End of Shortcut.txt =============================
I checked event viewer and it shows "DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}" each time before it crashes.
I also ran FRST and these are the logs
FRSR.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021Ran by ancys (administrator) on VADAKKALPC (LENOVO 80TJ) (16-07-2021 13:59:06)
Running from C:\Users\ancys\Downloads
Loaded Profiles: ancys
Platform: Windows 10 Pro Version 20H2 19042.1110 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com) C:\Program Files\Ext2Fsd\Ext2Srv.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\ancys\AppData\Roaming\Telegram Desktop\Telegram.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [123672 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18242048 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489408 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-03-09] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\ancys\AppData\Local\Microsoft\Teams\Update.exe [2454184 2021-05-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Run: [Free Download Manager] => C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4938752 2021-05-21] (Softdeluxe) [File not signed]
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\MountPoints2: {098d4141-671e-11ea-9470-806e6f6e6963} - "J:\setup.exe"
HKLM\...\Print\Monitors\HP 8911 Status Monitor: C:\WINDOWS\system32\hpinksts8911LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP C211 Status Monitor: C:\WINDOWS\system32\hpinkstsC211LM.dll [333496 2012-12-15] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 2540 series): C:\WINDOWS\system32\HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-27] (Google LLC -> Google LLC)
Startup: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-05-08]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed]
Startup: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.lnk [2021-02-19]
ShortcutTarget: RBTray.lnk -> C:\Program Files\RBtray\RBTray.exe () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02AE1531-C69E-46C4-836D-FCB59A51A6E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {04DFAA0E-C93A-4BE8-A009-4005C0E16798} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-15] (Google LLC -> Google LLC)
Task: {16330C1C-EECB-40FE-8B2A-F7735C0760E5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe
Task: {217F66A3-ECC7-4484-AB5A-45520464C46F} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {3C55FACB-C4B0-426E-8499-974D25736B1A} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
Task: {3EA25055-37DF-4A11-9400-955D3AD91B7C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118144 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B083B35-E956-49CA-BAE3-6D982873F7FF} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [405048 2020-03-16] (Adobe Inc. -> Adobe Inc.)
Task: {5C769459-9827-46DD-98DA-0326E3B9939D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-05-27] (Avast Software s.r.o. -> Avast Software)
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Uninstaller" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AdobeGCInvoker-1.0" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\AMDInstallLauncher" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\ModifyLinkUpdate" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-562493922-3427777444-3148621644-1001" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\StartCNBM" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {5E4C8807-B78B-4585-ACBC-05090A76B3ED} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {60885086-9375-47C1-B1DA-BCF5244FB7E3} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6E78CCDF-9A52-4318-8CED-4011B0B99CC7} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe
Task: {92B72C15-3CF7-4A0E-BA09-FF1C4BDDACB1} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {93B1B6CE-26FE-433B-85C6-EF6EC4D8752D} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
Task: {96A23C9F-6CBE-485A-ABFE-BB0A303E6A13} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [7071000 2019-11-10] (Nero AG -> Nero AG)
Task: {9EA2828B-71E1-4CBD-8080-9AE1945480D0} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {B60F2F5E-5A7A-4902-B2DA-BAE236F69594} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4903192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
Task: {B937BAEC-AFF0-4475-8128-008216667C1D} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {C55A4CFA-3F0A-4F03-A9AD-715A8CCEE9A4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118144 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6FFEAF0-A2E9-4B84-A4DF-11517F662742} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-15] (Google LLC -> Google LLC)
Task: {D8204C57-63F8-41EC-B2EF-8A36AAA287BE} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
Task: {E56E54A4-6B18-49B8-9C40-B38433EBBDEB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3965840 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5E00829-ABFB-45D4-9EF5-4A62C6CF6CA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD264D46-FF55-438E-809E-874B9C5F0591} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3965840 2021-07-15] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{509f1019-07f8-4f50-910b-5d40d3b248c8}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ancys\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-13]
FireFox:
========
FF DefaultProfile: 813ygxln.default
FF ProfilePath: C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\813ygxln.default [2020-03-30]
FF ProfilePath: C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release [2021-07-16]
FF Extension: (Tampermonkey) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\firefox@tampermonkey.net.xpi [2021-07-13]
FF Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2021-07-14]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\sp@avast.com.xpi [2021-06-20]
FF Extension: (uBlock Origin) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-07-07]
FF Extension: (Distill Web Monitor) - C:\Users\ancys\AppData\Roaming\Mozilla\Firefox\Profiles\zowwh6n0.default-release\Extensions\{7a73dc4b-1b38-40e7-ac56-7d356dd4af34}.xpi [2021-07-13]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default [2021-07-09]
CHR Notifications: Default -> hxxps://apcentral.collegeboard.org; hxxps://calendar.google.com; hxxps://classroom.google.com; hxxps://drive.google.com; hxxps://www.remind.com
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://mail.google.com/mail/u/0/#inbox"
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-15]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-15]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-27]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-15]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-02]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2021-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-27]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-15]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-14]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-15]
CHR Notifications: Profile 1 -> hxxps://mail.google.com; hxxps://www.protectyourvision.org,*"; hxxps://www.remind.com
CHR DefaultSearchURL: Profile 1 -> hxxps://play.prodigygame.com/public/assets/favicon/android-icon-36x36.png
CHR Extension: (Google Translate) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-05-05]
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-19]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-19]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-05]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-19]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-19]
CHR Extension: (Proctorio) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpmapakogndmenjcfoajifaaonnkpkei [2021-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-01]
CHR Extension: (Prodigy) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iapdpibhbhfecmiegbeelepdnkebkhcp [2020-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03]
CHR Extension: (AdBlocker Ultimate) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2021-01-05]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4 [2021-07-15]
CHR Notifications: Profile 4 -> hxxps://calendar.google.com
CHR StartupUrls: Profile 4 -> "hxxps://elearn.lee.edu/webapps/portal/execute/tabs/tabAction?tab_tab_group_id=_1_1","hxxp://calendar.google.com/"
CHR Extension: (Slides) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-27]
CHR Extension: (Docs) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-27]
CHR Extension: (Google Drive) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-27]
CHR Extension: (OCR - Image Reader) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bhbhjjkcoghibhibegcmbomkbakkpdbo [2021-07-02]
CHR Extension: (YouTube) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-27]
CHR Extension: (uBlock Origin) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-09]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-05-27]
CHR Extension: (Sheets) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-27]
CHR Extension: (Proctorio) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fpmapakogndmenjcfoajifaaonnkpkei [2021-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-27]
CHR Extension: (Gmail) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\ancys\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05]
CHR Profile: C:\Users\ancys\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R4 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-07-08] (Microsoft Corporation -> Microsoft Corporation)
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{1445A0C5-73C4-4C37-B36E-17E785D511A9} [21312 2021-06-01] (Microsoft Windows -> Microsoft Corporation)
R4 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [42488 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R4 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [51208 2017-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\NisSrv.exe [3294680 2020-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.6-0\MsMpEng.exe [103168 2020-03-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AUEPLauncher; "C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-29] (Avast Software s.r.o. -> AVAST Software)
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\system32\drivers\EUEDKEPM.sys [33712 2021-05-08] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [826360 2017-11-02] (Beijing NormalSoft technology Co.,Ltd. -> www.ext2fsd.com)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2020-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [391392 2020-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-16] (Microsoft Windows -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-16 13:59 - 2021-07-16 14:04 - 000031450 _____ C:\Users\ancys\Downloads\FRST.txt
2021-07-16 13:57 - 2021-07-16 14:02 - 000000000 ____D C:\FRST
2021-07-16 13:53 - 2021-07-16 13:53 - 001622528 _____ C:\Users\ancys\Downloads\ResetBrowser.exe
2021-07-16 13:48 - 2021-07-16 13:49 - 002300416 _____ (Farbar) C:\Users\ancys\Downloads\explorer.exe
2021-07-15 17:18 - 2021-07-15 17:18 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-15 17:17 - 2021-07-15 17:17 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-15 17:16 - 2021-07-15 17:16 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-15 17:14 - 2021-07-15 17:14 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-15 10:37 - 2021-07-15 10:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-14 13:42 - 2021-07-15 15:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-08 17:58 - 2021-07-08 19:24 - 000018176 ____H C:\Users\ancys\Downloads\~WRL1182.tmp
2021-07-08 16:39 - 2021-07-08 16:39 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-08 16:39 - 2021-07-08 16:39 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-08 16:39 - 2021-07-08 16:39 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-08 16:39 - 2021-07-08 16:39 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-08 16:37 - 2021-07-08 16:37 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-08 16:37 - 2021-07-08 16:37 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-08 16:36 - 2021-07-08 16:36 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-08 16:36 - 2021-07-08 16:36 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-07 11:27 - 2021-07-07 11:27 - 000000000 ____D C:\Users\ancys\AppData\Local\OneDrive
2021-07-06 17:46 - 2021-07-06 17:46 - 000000000 ___HD C:\OneDriveTemp
2021-07-02 23:41 - 2021-07-03 13:35 - 000017367 _____ C:\Users\ancys\Documents\ch9.xlsx
2021-07-02 11:45 - 2021-07-02 11:45 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d756c8af76ae3c
2021-06-30 13:19 - 2021-07-15 22:48 - 000002483 _____ C:\Users\ancys\Desktop\Clin - Chrome.lnk
2021-06-29 11:14 - 2021-07-16 13:15 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Telegram Desktop
2021-06-29 11:14 - 2021-06-29 11:12 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-29 11:14 - 2021-06-29 11:12 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-27 18:20 - 2021-06-27 18:20 - 000000000 __SHD C:\found.004
2021-06-27 17:40 - 2021-06-27 17:54 - 2665126464 _____ C:\Users\ancys\Documents\documents.zip
2021-06-27 00:06 - 2021-06-27 18:30 - 701267664 _____ C:\WINDOWS\MEMORY.DMP
2021-06-27 00:06 - 2021-06-27 00:12 - 001893932 _____ C:\WINDOWS\Minidump\062721-100734-01.dmp
2021-06-24 21:26 - 2021-06-24 21:28 - 000000000 ____D C:\Windows11
2021-06-24 13:48 - 2021-06-24 13:49 - 000000000 ____D C:\ProPlus2019Retail
2021-06-22 18:44 - 2021-06-22 18:44 - 000000000 __SHD C:\found.003
2021-06-22 16:05 - 2021-06-22 16:05 - 000002414 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-22 12:43 - 2021-06-22 12:43 - 000000000 ____D C:\WINDOWS\Panther
2021-06-22 12:13 - 2021-06-22 12:32 - 000002439 _____ C:\Users\ancys\Desktop\FENECIA - Chrome.lnk
2021-06-21 21:53 - 2021-06-21 21:54 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2021-06-21 21:53 - 2021-06-21 21:53 - 000000000 ____D C:\Users\ancys\AppData\Local\Softdeluxe
2021-06-21 19:52 - 2021-06-21 19:52 - 000901766 ____H C:\Users\ancys\Downloads\BOOTICE_2016.06.17_v1.3.4.0.zip
2021-06-21 16:49 - 2021-06-21 16:49 - 000269334 _____ C:\Users\ancys\Documents\Learner's Permit.pdf
2021-06-21 16:23 - 2016-06-21 17:00 - 000000128 ___SH C:\WINDOWS\system32\snclbokruydzolss.pdb
2021-06-21 16:22 - 2021-06-21 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI
2021-06-21 15:58 - 2021-06-21 15:58 - 000000000 ____D C:\Users\ancys\AppData\Local\NeoSmart_Technologies
2021-06-21 15:56 - 2021-06-21 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2021-06-21 15:56 - 2021-06-21 15:56 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2021-06-21 13:30 - 2021-06-21 13:30 - 000000000 ____D C:\found.002
2021-06-21 11:56 - 2021-06-27 18:32 - 000000000 ____D C:\WINDOWS\Minidump
2021-06-21 11:48 - 2021-06-21 11:48 - 000000000 ____D C:\found.000
2021-06-20 15:53 - 2021-06-20 15:53 - 000000028 _____ C:\WINDOWS\OutLog.txt
2021-06-20 15:30 - 2021-06-20 15:53 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2021-06-20 15:18 - 2021-06-20 15:18 - 000000000 ____D C:\ProgramData\SystemAcCrux
2021-06-20 15:18 - 2021-05-08 14:47 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUDCPEPM.sys
2021-06-20 15:18 - 2021-05-08 14:47 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUEDKEPM.sys
2021-06-20 15:16 - 2021-06-20 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8
2021-06-20 15:15 - 2021-05-28 10:43 - 000174216 _____ C:\WINDOWS\system32\setupepmdrvx64.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 005797000 _____ C:\WINDOWS\system32\BootMan.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 003880072 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2021-06-20 15:15 - 2021-05-28 10:41 - 000024712 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2021-06-20 15:15 - 2021-05-28 10:41 - 000021128 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2021-06-20 15:15 - 2021-05-08 14:42 - 000036280 _____ C:\WINDOWS\system32\epmdkdrv.sys
2021-06-20 15:15 - 2021-05-08 14:42 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2021-06-20 15:15 - 2021-05-08 14:42 - 000000057 _____ C:\WINDOWS\system32\setupepmdrv.ini
2021-06-20 15:14 - 2021-06-20 15:14 - 000000000 ____D C:\Program Files (x86)\EaseUS
2021-06-20 00:34 - 2021-06-20 00:34 - 000000000 ____D C:\Google
2021-06-20 00:30 - 2021-06-20 18:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-06-20 00:29 - 2021-06-20 18:31 - 000503026 _____ C:\WINDOWS\ntbtlog.txt
2021-06-19 19:09 - 2021-07-05 14:12 - 000000000 ____D C:\other
2021-06-19 11:38 - 2021-06-19 11:38 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000000000 ____D C:\ProgramData\GOJG03LKWS94MFYKL2CEB11QL
2021-06-19 11:38 - 2021-06-19 11:38 - 000000000 ____D C:\ProgramData\9A8INXSBP704MNI4VPPNSQ8JM
2021-06-19 11:37 - 2021-06-19 11:38 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-06-19 11:37 - 2021-06-19 11:37 - 000000000 ____D C:\ProgramData\IOL2633KA8CGZMZKKP7F7BYPH
2021-06-18 12:26 - 2021-06-18 17:44 - 579586048 _____ C:\Windows 11.iso
2021-06-16 17:20 - 2021-06-17 19:24 - 000000000 ____D C:\WindowsApps
2021-06-15 20:22 - 2021-06-15 20:22 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-15 20:21 - 2021-06-15 20:21 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-15 20:20 - 2021-06-15 20:20 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-15 20:20 - 2021-06-15 20:20 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-15 20:19 - 2021-06-15 20:19 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-15 20:19 - 2021-06-15 20:19 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-15 20:16 - 2021-06-15 20:16 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-15 20:15 - 2021-06-15 20:15 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-15 20:14 - 2021-06-15 20:14 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-15 20:14 - 2021-06-15 20:14 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-15 20:14 - 2021-06-15 20:14 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-14 14:59 - 2021-06-14 14:59 - 000001244 _____ C:\Users\ancys\Desktop\Assignments.lnk
2021-06-14 12:07 - 2021-06-14 12:07 - 000002708 _____ C:\WINDOWS\system32\key.pfx
2021-06-11 16:28 - 2021-06-11 16:28 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-06-05 17:25 - 2021-06-05 17:25 - 000214774 _____ C:\Users\ancys\Documents\Clin COVID-19 Vaccine.pdf
2021-06-05 17:22 - 2021-06-05 17:22 - 000205835 _____ C:\Users\ancys\Documents\Shaiju COVID-19 Vaccine.pdf
2021-06-04 00:09 - 2021-06-21 15:17 - 000000000 ____D C:\Users\ancys\AppData\Local\Avast Software
2021-06-04 00:07 - 2021-06-04 00:07 - 000000000 ____D C:\Program Files\AMD
2021-06-01 16:08 - 2021-06-01 16:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite
2021-06-01 16:06 - 2021-06-01 16:59 - 1529155584 _____ C:\Windows 10.iso
2021-06-01 07:04 - 2021-06-01 07:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-06-01 07:00 - 2021-06-01 07:04 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-06-01 07:00 - 2021-06-01 07:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-06-01 06:54 - 2021-06-01 06:54 - 000000000 ____D C:\ProgramData\ssh
2021-06-01 06:42 - 2021-06-01 06:42 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000671744 _____ C:\WINDOWS\system32\hgattest.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-06-01 06:41 - 2021-06-01 06:41 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-06-01 06:41 - 2021-06-01 06:41 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-06-01 06:41 - 2021-06-01 06:41 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-06-01 06:41 - 2021-06-01 06:41 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-06-01 06:40 - 2021-06-01 06:40 - 000374072 _____ C:\WINDOWS\system32\vp9fs.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-06-01 06:40 - 2021-06-01 06:40 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-06-01 06:40 - 2021-06-01 06:40 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-06-01 06:40 - 2021-06-01 06:40 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-06-01 06:39 - 2021-06-01 06:39 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-06-01 06:39 - 2021-06-01 06:39 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-06-01 06:39 - 2021-06-01 06:39 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-06-01 06:38 - 2021-06-01 06:38 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-06-01 06:38 - 2021-06-01 06:38 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-06-01 06:38 - 2021-06-01 06:38 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-06-01 06:38 - 2021-06-01 06:38 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-06-01 06:37 - 2021-06-01 06:37 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-06-01 06:37 - 2021-06-01 06:37 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-06-01 06:37 - 2021-06-01 06:37 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-06-01 06:37 - 2021-06-01 06:37 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-06-01 06:37 - 2021-06-01 06:37 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-06-01 06:36 - 2021-06-01 06:36 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-06-01 06:36 - 2021-06-01 06:36 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-06-01 06:36 - 2021-06-01 06:36 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-06-01 06:36 - 2021-06-01 06:36 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-06-01 06:35 - 2021-06-01 06:35 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-06-01 06:35 - 2021-06-01 06:35 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-06-01 06:35 - 2021-06-01 06:35 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-06-01 06:35 - 2021-06-01 06:35 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-06-01 06:35 - 2021-06-01 06:35 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-06-01 06:35 - 2021-06-01 06:35 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-06-01 06:34 - 2021-06-01 06:34 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-06-01 06:34 - 2021-06-01 06:34 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-06-01 06:33 - 2021-06-01 06:33 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-06-01 06:33 - 2021-06-01 06:33 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-06-01 06:33 - 2021-06-01 06:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-06-01 06:33 - 2021-06-01 06:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-06-01 06:33 - 2021-06-01 06:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-06-01 06:14 - 2021-06-01 06:14 - 000000000 ____D C:\WINDOWS\system32\ml-in
2021-06-01 06:04 - 2021-07-16 11:47 - 000000000 ____D C:\Program Files\Hyper-V
2021-06-01 06:04 - 2021-06-01 06:04 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-06-01 06:04 - 2021-06-01 06:04 - 000000000 ____D C:\Users\Public\Documents\Hyper-V
2021-06-01 05:07 - 2021-06-01 05:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-06-01 04:56 - 2021-06-01 04:56 - 000000020 ___SH C:\Users\ancys\ntuser.ini
2021-06-01 04:53 - 2021-07-16 12:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-01 04:53 - 2021-07-15 23:03 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-01 04:53 - 2021-07-15 23:03 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-01 04:53 - 2021-07-11 12:06 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-562493922-3427777444-3148621644-1001
2021-06-01 04:53 - 2021-07-02 11:45 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-01 04:53 - 2021-07-01 11:12 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-01 04:53 - 2021-06-20 15:36 - 000003274 _____ C:\WINDOWS\system32\Tasks\Adobe Uninstaller
2021-06-01 04:53 - 2021-06-15 23:47 - 000002122 _____ C:\WINDOWS\system32\Tasks\StartDVR
2021-06-01 04:53 - 2021-06-15 23:46 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-01 04:53 - 2021-06-15 23:46 - 000002672 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2021-06-01 04:53 - 2021-06-15 23:46 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-06-01 04:53 - 2021-06-15 23:46 - 000002524 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-06-01 04:53 - 2021-06-15 23:46 - 000002374 _____ C:\WINDOWS\system32\Tasks\StartCNBM
2021-06-01 04:53 - 2021-06-15 23:46 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2021-06-01 04:53 - 2021-06-11 14:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-01 04:53 - 2021-06-01 04:54 - 000002648 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-06-01 04:53 - 2021-06-01 04:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-562493922-3427777444-3148621644-1001
2021-06-01 04:53 - 2021-06-01 04:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Nero
2021-06-01 04:46 - 2021-06-21 20:58 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2021-06-01 04:46 - 2021-06-21 20:58 - 000001890 _____ C:\WINDOWS\diagerr.xml
2021-06-01 04:30 - 2021-07-16 12:24 - 000795742 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-01 04:20 - 2021-07-16 12:39 - 000000000 ____D C:\Users\ancys
2021-06-01 04:20 - 2021-07-11 12:06 - 000002427 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-01 04:17 - 2021-07-10 11:29 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-06-01 04:13 - 2021-07-16 13:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-01 04:13 - 2021-07-16 12:10 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2021-06-01 04:13 - 2021-07-16 11:51 - 000437968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-01 00:30 - 2021-06-01 00:30 - 000000000 ____D C:\Program Files\Common Files\logishrd
2021-05-31 21:06 - 2021-05-31 21:35 - 000002412 _____ C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-05-31 21:05 - 2021-05-31 21:05 - 000000000 ____D C:\Users\ancys\AppData\Roaming\Teams
2021-05-31 05:58 - 2021-05-31 05:58 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2021-05-30 15:54 - 2021-05-31 01:43 - 000000000 ____D C:\found.001
2021-05-30 02:11 - 2021-05-30 02:11 - 000000000 ____D C:\Users\ancys\Documents\Custom Office Templates
2021-05-30 02:06 - 2021-07-11 12:06 - 000000000 ___RD C:\Users\ancys\OneDrive
2021-05-30 02:00 - 2021-05-30 02:00 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-05-30 02:00 - 2021-05-30 02:00 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-05-30 01:59 - 2021-06-01 07:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-30 01:59 - 2021-05-30 01:59 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-05-30 01:59 - 2021-05-30 01:59 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-05-30 01:43 - 2021-07-15 14:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-30 01:42 - 2021-05-30 01:42 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-05-30 01:19 - 2021-06-14 14:09 - 000000000 ____D C:\Users\ancys\Desktop\assignments
2021-05-28 12:44 - 2021-05-28 13:20 - 3758917632 _____ C:\ProPlus2019Retail.img
2021-05-27 18:53 - 2021-05-27 18:57 - 000000000 ____D C:\Users\ancys\Documents\Driver's Ed - Feni
2021-05-27 16:56 - 2021-05-27 16:56 - 000000000 ___HD C:\$WinREAgent
2021-05-27 16:24 - 2021-05-27 16:24 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-16 14:08 - 2020-03-15 14:57 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-16 13:57 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-07-16 12:51 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-16 12:44 - 2020-04-18 18:05 - 000000583 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-07-16 12:43 - 2020-03-30 15:24 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-16 12:42 - 2020-03-30 15:24 - 000000000 ____D C:\Users\ancys\AppData\LocalLow\Mozilla
2021-07-16 12:38 - 2021-02-20 13:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-16 12:24 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-16 12:19 - 2020-03-15 15:22 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-16 12:16 - 2020-03-15 12:55 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-07-16 11:49 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-16 11:47 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-16 11:47 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-16 11:37 - 2020-03-16 15:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-15 18:24 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-15 15:42 - 2020-03-15 12:30 - 000000000 ____D C:\Users\ancys\AppData\Local\Packages
2021-07-15 15:28 - 2020-03-30 15:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-15 13:16 - 2020-06-21 10:45 - 000000000 ____D C:\Users\ancys\AppData\Roaming\vlc
2021-07-15 10:37 - 2020-03-30 15:24 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-10 11:29 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-10 11:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-07-09 14:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-03 12:47 - 2019-12-07 04:52 - 000000000 ____D C:\WINDOWS\OCR
2021-07-03 12:47 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-07-01 11:33 - 2020-03-15 12:36 - 000000000 ____D C:\Users\ancys\AppData\Local\PlaceholderTileLogoFolder
2021-06-30 15:41 - 2020-03-15 15:20 - 000000000 ____D C:\Users\ancys\AppData\Local\D3DSCache
2021-06-29 11:14 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-29 11:12 - 2020-11-04 20:06 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-29 11:12 - 2020-04-21 22:59 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-29 11:12 - 2020-03-15 15:26 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-28 13:37 - 2020-03-15 13:06 - 000000000 ____D C:\ProgramData\Packages
2021-06-27 18:29 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-27 00:36 - 2020-03-15 14:58 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-27 00:36 - 2020-03-15 14:58 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-22 12:13 - 2020-03-21 21:20 - 000002483 _____ C:\Users\ancys\Desktop\Ancy - Chrome.lnk
2021-06-21 15:02 - 2020-03-16 07:31 - 000000000 ____D C:\Users\ancys\AppData\Local\CrashDumps
2021-06-20 19:17 - 2020-08-20 19:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-20 00:37 - 2021-02-21 11:53 - 000000000 ____D C:\saves
2021-06-18 23:36 - 2020-04-20 00:02 - 000000000 ____D C:\Users\ancys\AppData\Roaming\FAHClient
==================== Files in the root of some directories ========
2021-06-19 11:37 - 2021-06-19 11:38 - 000334288 _____ (Mozilla Foundation) C:\ProgramData\freebl3.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2021-06-19 11:37 - 2021-06-19 11:38 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000144848 _____ (Mozilla Foundation) C:\ProgramData\softokn3.dll
2021-06-19 11:38 - 2021-06-19 11:38 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2021-02-03 17:33 - 2021-02-03 17:33 - 000000127 _____ () C:\Users\ancys\AppData\Roaming\ezpinst.log
2021-01-06 12:52 - 2021-01-06 12:52 - 000099384 _____ () C:\Users\ancys\AppData\Roaming\inst.exe
2021-01-06 12:52 - 2021-01-06 12:52 - 000007859 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.cat
2021-01-06 12:52 - 2021-01-06 12:52 - 000001167 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.inf
2021-01-06 12:52 - 2021-01-06 12:52 - 000000055 _____ () C:\Users\ancys\AppData\Roaming\pcouffin.log
2021-01-06 12:52 - 2021-01-06 12:52 - 000082816 _____ (VSO Software) C:\Users\ancys\AppData\Roaming\pcouffin.sys
2020-03-16 15:03 - 2020-03-16 15:03 - 000000410 _____ () C:\Users\ancys\AppData\Local\oobelibMkey.log
2020-03-16 15:16 - 2021-02-19 11:50 - 000007608 _____ () C:\Users\ancys\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2019-08-30 03:05 - 2019-08-30 03:05 - 000105984 _____ (Beepa P/L) C:\WINDOWS\system32\frapsv64.dll
2021-01-09 10:28 - 2021-06-04 00:24 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2015-08-05 08:07 - 2015-08-05 08:07 - 000203776 _____ C:\WINDOWS\SysWOW64\clinfo.exe
2019-08-30 03:05 - 2019-08-30 03:05 - 000094208 _____ (Beepa P/L) C:\WINDOWS\SysWOW64\frapsvid.dll
2020-03-15 13:39 - 2020-01-09 16:23 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEShims.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71u.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-01-06 11:21 - 2003-01-26 14:41 - 000040960 _____ (vbAccelerator) C:\WINDOWS\SysWOW64\ssubtmr6.dll
2021-07-16 13:48 - 2021-07-16 13:49 - 002300416 _____ (Farbar) C:\Users\ancys\Downloads\explorer.exe
2021-07-16 13:53 - 2021-07-16 13:53 - 001622528 _____ C:\Users\ancys\Downloads\ResetBrowser.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{30802ba4-dea2-11eb-9567-3e95096dc4db}
{3704b4d6-d25a-11eb-939d-d107e7d58442}
{e32f416e-f126-11e9-a964-3c95096dc4dc}
{a620a7ac-8fc3-11e9-8247-54e1ad57f393}
{1862b484-72d9-11eb-9511-806e6f6e6963}
{1862b483-72d9-11eb-9511-806e6f6e6963}
{1862b482-72d9-11eb-9511-806e6f6e6963}
{1862b481-72d9-11eb-9511-806e6f6e6963}
{1862b485-72d9-11eb-9511-806e6f6e6963}
{1862b486-72d9-11eb-9511-806e6f6e6963}
{841e6b8c-d5fb-11eb-a987-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {d86bf214-d674-11eb-b705-b041a4154a0d}
displayorder {current}
{bec80b0b-744c-11e7-9eff-54e1ad57f393}
{bec80b0a-744c-11e7-9eff-54e1ad57f393}
{bec80b0c-744c-11e7-9eff-54e1ad57f393}
{bec80b0d-744c-11e7-9eff-54e1ad57f393}
{bec80b0e-744c-11e7-9eff-54e1ad57f393}
{bec80b0f-744c-11e7-9eff-54e1ad57f393}
{5094249e-e3b9-11e8-826e-806e6f6e6963}
toolsdisplayorder {memdiag}
timeout 0
Windows Boot Manager
--------------------
identifier {a620a7ac-8fc3-11e9-8247-54e1ad57f393}
device partition=\Device\HarddiskVolume1
path \EFI\refind\refind_x64.efi
description Ubuntu Secure Boot
locale en-US
inherit {globalsettings}
default {df73a9c9-5e1d-11e9-9223-dd458d06ed04}
resumeobject {df73a9c8-5e1d-11e9-9223-dd458d06ed04}
displayorder {bec80b0b-744c-11e7-9eff-54e1ad57f393}
{bec80b0a-744c-11e7-9eff-54e1ad57f393}
{bec80b0c-744c-11e7-9eff-54e1ad57f393}
{bec80b0d-744c-11e7-9eff-54e1ad57f393}
{bec80b0e-744c-11e7-9eff-54e1ad57f393}
{bec80b0f-744c-11e7-9eff-54e1ad57f393}
{5094249e-e3b9-11e8-826e-806e6f6e6963}
{df73a9c9-5e1d-11e9-9223-dd458d06ed04}
bootsequence {bec80b0b-744c-11e7-9eff-54e1ad57f393}
toolsdisplayorder {memdiag}
timeout 10
Windows Boot Manager
--------------------
identifier {e32f416e-f126-11e9-a964-3c95096dc4dc}
device partition=\Device\HarddiskVolume1
path \EFI\grub2win\g2bootmgr\gnugrub.kernel64.efi
description Grub2Win EFI - 64 Bit
inherit {globalsettings}
Firmware Application (101fffff)
-------------------------------
identifier {1862b47e-72d9-11eb-9511-806e6f6e6963}
description Setup
Firmware Application (101fffff)
-------------------------------
identifier {1862b47f-72d9-11eb-9511-806e6f6e6963}
description Boot Menu
Firmware Application (101fffff)
-------------------------------
identifier {1862b480-72d9-11eb-9511-806e6f6e6963}
description Diagnostic Splash
Firmware Application (101fffff)
-------------------------------
identifier {1862b481-72d9-11eb-9511-806e6f6e6963}
description USB FDD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b482-72d9-11eb-9511-806e6f6e6963}
description USB HDD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b483-72d9-11eb-9511-806e6f6e6963}
description USB CD:
Firmware Application (101fffff)
-------------------------------
identifier {1862b484-72d9-11eb-9511-806e6f6e6963}
description ATAPI CD: PLDS DVD-RW DA8AESH
Firmware Application (101fffff)
-------------------------------
identifier {1862b485-72d9-11eb-9511-806e6f6e6963}
description ATA HDD: WDC WD5000LPCX-24VHAT0
Firmware Application (101fffff)
-------------------------------
identifier {1862b486-72d9-11eb-9511-806e6f6e6963}
description PCI LAN: EFI Network (IPv4)
Firmware Application (101fffff)
-------------------------------
identifier {30802ba4-dea2-11eb-9567-3e95096dc4db}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
Firmware Application (101fffff)
-------------------------------
identifier {3704b4d6-d25a-11eb-939d-d107e7d58442}
device partition=\Device\HarddiskVolume1
path \EFI\refind\refind_x64.efi
description rEFInd Boot Manager
Firmware Application (101fffff)
-------------------------------
identifier {841e6b8c-d5fb-11eb-a987-806e6f6e6963}
description PCI LAN: EFI Network (IPv6)
Windows Boot Loader
-------------------
identifier {3704b4d9-d25a-11eb-939d-d107e7d58442}
device ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{3704b4da-d25a-11eb-939d-d107e7d58442}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{3704b4da-d25a-11eb-939d-d107e7d58442}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {616f0681-d579-11eb-b492-a32495bfab41}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{616f0682-d579-11eb-b492-a32495bfab41}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{616f0682-d579-11eb-b492-a32495bfab41}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {677e3135-d3bb-11eb-8ae8-c253c50ef2af}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{677e3136-d3bb-11eb-8ae8-c253c50ef2af}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{677e3136-d3bb-11eb-8ae8-c253c50ef2af}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {3704b4d9-d25a-11eb-939d-d107e7d58442}
displaymessageoverride CommandPrompt
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {9ecc8e98-c2d2-11eb-b9fd-94b0ff299f30}
nx OptIn
bootmenupolicy Legacy
hypervisorlaunchtype Auto
useplatformclock Yes
Windows Boot Loader
-------------------
identifier {d86bf216-d674-11eb-b705-b041a4154a0d}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{d86bf217-d674-11eb-b705-b041a4154a0d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{d86bf217-d674-11eb-b705-b041a4154a0d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {9ecc8e98-c2d2-11eb-b9fd-94b0ff299f30}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {3704b4d9-d25a-11eb-939d-d107e7d58442}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {ntldr}
device partition=\Device\HarddiskVolume1
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {3704b4da-d25a-11eb-939d-d107e7d58442}
description Windows Recovery
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {a620a7b1-8fc3-11e9-8247-54e1ad57f393}
description Ubuntu
Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
==================== End of FRST.txt ========================
Additions.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2021Ran by ancys (16-07-2021 14:21:42)
Running from C:\Users\ancys\Downloads
Windows 10 Pro Version 20H2 19042.1110 (X64) (2021-06-01 09:54:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-562493922-3427777444-3148621644-500 - Administrator - Disabled)
ancys (S-1-5-21-562493922-3427777444-3148621644-1001 - Administrator - Enabled) => C:\Users\ancys
DefaultAccount (S-1-5-21-562493922-3427777444-3148621644-503 - Limited - Disabled)
Guest (S-1-5-21-562493922-3427777444-3148621644-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-562493922-3427777444-3148621644-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Absolute Uninstaller 5.3.1.26 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.26 - Glarysoft Ltd)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_3) (Version: 14.0.3 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_3) (Version: 14.0.3 - Adobe Systems Incorporated)
Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_2) (Version: 1.5.2 - Adobe Systems Incorporated)
AMD APP SDK 3.0 (HKLM-x32\...\{8829787C-6269-4112-ADF8-59BEFFC7CDB6}) (Version: 3.0.130.135 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
Atom (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\atom) (Version: 1.45.0 - GitHub Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
EaseUS Partition Master 15.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EasyBCD 2.4 (HKLM-x32\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies)
EasyUEFI version 4.6 (HKLM\...\EasyUEFI_is1) (Version: 4.6 - Hasleo Software.)
Ext2Fsd 0.69 (HKLM\...\Ext2Fsd_is1) (Version: 0.69 - Matt Wu)
Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.13 - Folding@home.org)
Free Download Manager (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.2.3973 - Softdeluxe)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.14131.20320 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0 (x64 en-US)) (Version: 90.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
Nero BurningROM 2020 (HKLM-x32\...\{BC220CBF-A8E5-48D1-816F-0403E7F6E7FC}) (Version: 22.0.00700 - Nero AG)
Nero Core (HKLM-x32\...\{5E063AA4-5E7D-40D1-99A1-D8E9F5F9BB0E}) (Version: 2.0.05800 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 21.0.1007 - Nero AG)
NTLite v2.1.1.7917 (HKLM\...\NTLite_is1) (Version: 2.1.1.7917 - Nlitesoft)
OCL_SDK_Light version 1.0 (HKLM-x32\...\OCL_SDK_Light_is1) (Version: 1.0 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
SplitCam (HKLM\...\{4BE0A527-00F0-48AC-A336-C8647101D654}) (Version: 10.3.42 - SplitCam Co.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.69 - VSO Software)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Zoom (HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\ZoomUMX) (Version: 5.6.7 (1016) - Zoom Video Communications, Inc.)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Corporation)
Dragon Mania Legends -> C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_5.9.11.0_x64__h6adky7gbf63m [2021-01-05] (Gameloft SE)
Dynamic Theme -> C:\Program Files\WindowsApps\55888ChristopheLavalle.DynamicTheme_1.4.30233.0_x64__jdggxwd41xcr0 [2021-01-05] (Christophe Lavalle)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-06-28] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-01-05] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-01] (Microsoft Corporation) [MS Ad]
Microsoft Emulator -> C:\Program Files\WindowsApps\Microsoft.MicrosoftEmulator_1.1.1081.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2021-06-01] (Microsoft Studios)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-05] (Microsoft Corporation)
Simple Video Trim & Merge -> C:\Program Files\WindowsApps\35745bSoftStudio.SimpleVideoTrimMerge_1.1.1.0_x64__376dcxkkpqbxy [2021-01-05] (bSoft Studio) [MS Ad]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_1804.2020.5.0_x64__79rhkp1fndgsc [2020-04-18] (Canonical Group Limited)
Windows® 10X Emulator Image 10.0.19578.0 (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows10XEmulatorImage10.0.19578.0Previ_1.0.1.0_x64__8wekyb3d8bbwe [2020-04-19] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-94EE8EF6A066} -> [Creative Cloud Files] => C:\Users\ancys\Creative Cloud Files [2020-03-16 15:13]
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\ancys\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-562493922-3427777444-3148621644-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-29] (Avast Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ancys\Desktop\Ancy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\ancys\Desktop\Clin - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\Desktop\FENECIA - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Prodigy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=iapdpibhbhfecmiegbeelepdnkebkhcp
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\CLIN - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2020-03-15 15:03 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\sharepoint.com -> hxxps://mylc-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-04-18 18:05 - 2021-07-16 12:44 - 000000583 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.23.96.1 VadakkalPC.mshome.net # 2026 7 3 15 17 44 13 585
0 23 12 52 506
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Ext2Srv => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: tbaseprovisioning => 2
HKLM\...\StartupApproved\StartupFolder: => "eyepro.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_DOLBYDRAGON"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdBlocker Ultimate"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\StartupFolder: => "Folding@home.lnk"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\StartupFolder: => "RBTray.lnk"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-562493922-3427777444-3148621644-1001\...\StartupApproved\Run: => "Free Download Manager"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{096FE75D-5989-43CC-A9AA-9DF438225374}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B325A419-24C4-4940-8413-A4DD1C77CAD2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43A81247-8D53-4075-BAD2-9913E6850AC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E6A3DE0-8B6E-4122-87B7-52569C709D81}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{77048940-2763-4522-9C05-3AA7F9D84683}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4AD4DF3-7B0E-4381-8DB0-C75BC3F7AB1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6869B501-221E-4D6A-BFCA-FF11379BD87D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5FF569E3-C546-4AB5-BCC2-3580F285E3FE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FA748C7D-EDD1-400F-A4D9-937DBF3669A4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BB74BF55-0FD8-48E8-A421-656767AD2BB5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F03EF0F-A3B5-469D-A514-D20CD6DE5131}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F355AFF-417D-4470-8650-77CD9FB4CF27}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B5B0C79-18AF-468C-9693-FD84D448C0F7}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\nero.exe (Nero AG -> Nero AG)
FirewallRules: [{B5582D78-C630-4A6F-BD89-C8E2406CD594}] => (Allow) C:\Program Files (x86)\Nero\Nero 2020\Nero Burning ROM\StartNBR.exe (Nero AG -> Nero AG)
FirewallRules: [{CF020AC0-888B-498A-872C-CDFA4744BFD9}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{26F9F3A8-E50A-4FDC-894B-2B83590A26FD}] => (Block) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [{FB5C438C-EB8E-46EA-9C34-A17BA01F2306}] => (Block) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [UDP Query User{07929FF0-1C22-4D04-A3C3-3E74E626CBD4}C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe] => (Allow) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [TCP Query User{FE3C07F9-A071-4388-967E-DAC679D801E7}C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe] => (Allow) C:\users\ancys\appdata\local\temp\7zs2317\enterprisedu.exe => No File
FirewallRules: [UDP Query User{0A4C9658-C4FF-45AE-817D-70788F6A6A98}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [TCP Query User{B28B5BF2-52A7-42D1-B149-168A9F53164F}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [{A8BF1250-D738-4ECB-80D4-6E48C0ADA398}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{348D1986-E744-43B7-BC7B-3E690689958E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{D1D53309-A195-4A2D-927C-78098F932BCA}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{65AFDEDD-F769-45B7-9B40-B5112BC47069}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [{754DB310-4247-4132-8EC0-842D8B28AD80}] => (Allow) C:\Users\ancys\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{716BB4E2-38CA-4036-B587-9B45360CB218}] => (Allow) C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FC6E8352-E706-4904-BAB8-BCE0E6546FCE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E054CC9D-A6D6-43A7-AA6C-4402BDC80250}] => (Allow) LPort=5357
FirewallRules: [{A0C5580C-BF70-4F1A-A62D-25313AA788F2}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1F9E81F4-4F53-4039-ACF9-AE86BE5CF64C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5DE8E5DD-412B-47E5-9C97-DB817127A9CA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{914ABADD-F223-4542-AD8D-FD5C5FBB7537}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
08-07-2021 15:20:37 Scheduled Checkpoint
08-07-2021 15:41:22 Windows Modules Installer
08-07-2021 15:54:06 Windows Modules Installer
09-07-2021 11:54:34 Windows Modules Installer
15-07-2021 16:14:04 Windows Modules Installer
15-07-2021 16:17:51 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/15/2021 11:06:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program YourPhone.exe version 1.20112.72.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 948
Start Time: 01d779f49fada199
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe\YourPhone.exe
Report Id: 3a451c8d-f4a7-4783-b964-ad2b3ff83fe0
Faulting package full name: Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (07/15/2021 04:47:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program YourPhone.exe version 1.20112.72.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 22e4
Start Time: 01d779c03f65b2e3
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe\YourPhone.exe
Report Id: 74011d71-f726-4fef-91a2-4925d419a2de
Faulting package full name: Microsoft.YourPhone_1.20112.72.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (07/15/2021 04:25:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe, PID: 4160, ProfSvc PID: 1364.
Error: (07/15/2021 04:17:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/15/2021 04:14:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (07/13/2021 08:41:09 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (07/12/2021 10:43:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1081 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 26f0
Start Time: 01d777334fe582c4
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: ec21076e-8792-474c-b622-8c421d26d9a7
Faulting package full name: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
Hang type: Quiesce
Error: (07/10/2021 11:12:16 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: VADAKKALPC)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878
System errors:
=============
Error: (07/16/2021 12:43:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD User Experience Program Launcher service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/16/2021 12:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ext2Fsd service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (07/16/2021 12:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMD User Experience Program Launcher service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/16/2021 12:18:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ext2Fsd service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Error: (07/16/2021 12:16:40 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (07/16/2021 12:16:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (07/16/2021 12:16:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (07/16/2021 12:16:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
CodeIntegrity:
===============
Date: 2021-07-16 12:45:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-07-16 12:44:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Lenovo 1QCN32WW 08/18/2016
Motherboard: LENOVO Nano 5A8
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 85%
Total physical RAM: 3490.6 MB
Available physical RAM: 489.88 MB
Total Virtual: 7074.6 MB
Available Virtual: 857.11 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:460.51 GB) (Free:319.92 GB) NTFS
Drive d: () (Fixed) (Total:3.99 GB) (Free:2.09 GB) FAT32
\\?\Volume{6efd3acd-1c84-4a3f-bf62-b0c543c56f71}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.72 GB) NTFS
\\?\Volume{287231f9-2781-4a7c-8f9c-caeaa93204f9}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D32F849E)
Partition: GPT.
==================== End of Addition.txt =======================
Shortcut.txt
Users shortcut scan result (x64) Version: 14-07-2021Ran by ancys (16-07-2021 14:31:00)
Running from C:\Users\ancys\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/easybcd
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk -> C:\Program Files\Adobe\Adobe Media Encoder 2020\Adobe Media Encoder.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2020.lnk -> C:\Program Files\Adobe\Adobe Premiere Pro 2020\Adobe Premiere Pro.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush 1.5.lnk -> C:\Program Files\Adobe\Adobe Premiere Rush\Adobe Premiere Rush.exe (Adobe)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogo Disk.lnk -> C:\Program Files\Jogo DIsk\browser.exe (Digerati)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\LGPL license.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\lgpl-2.1.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\Translate ConvertXToDVD 7.lnk -> C:\ProgramData\VSO\ConvertXToDVD\7\Lang\EditLoc_online.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\Uninstall ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Check.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\NTLite on the Web.lnk -> C:\Program Files\NTLite\Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\NTLite.lnk -> C:\Program Files\NTLite\NTLite.exe (Nlitesoft d.o.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTLite\Uninstall NTLite.lnk -> C:\Program Files\NTLite\unins000.exe (Nlitesoft )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2020\Nero Burning ROM.lnk -> C:\Windows\Installer\{4C0CE9D6-70B4-482B-BD43-0885484A45D4}\ARPPRODUCTICON.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk -> C:\Windows\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk -> C:\Windows\Installer\{D8CCA6A9-E0CA-4589-BA17-54C909B1C8B5}\ARPPRODUCTICON.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero KnowHow PLUS.lnk -> C:\Windows\Installer\{AACDE618-4162-4074-B01D-67C5E8D07233}\ScKHPStartMenu_20B6100142E642F2AF79FA72E4BDFDBA.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Start.lnk -> C:\Windows\Installer\{21845F89-64C5-4872-A341-0ECBB60DC4BF}\ScLauncherStartMen_6C77D23FA3434FDA8BB06A73EB8F8F69.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.4.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn Read Me.lnk -> C:\Program Files (x86)\ImgBurn\ReadMe.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn\Uninstall.lnk -> C:\Program Files (x86)\ImgBurn\uninstall.exe (LIGHTNING UK!)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Hasleo EasyUEFI.lnk -> C:\Program Files\Hasleo\EasyUEFI\bin\EasyUEFI.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Uninstall Hasleo EasyUEFI.lnk -> C:\Program Files\Hasleo\EasyUEFI\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft\Absolute Uninstaller\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Ext2 Volume Manager.lnk -> C:\Program Files\Ext2Fsd\Ext2Mgr.exe (Ext2Fsd Group (www.ext2fsd.com))
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Uninstall Ext2Fsd.lnk -> C:\Program Files\Ext2Fsd\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Frequently Asked Questions.lnk -> C:\Program Files\Ext2Fsd\Documents\FAQ.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Read Me.lnk -> C:\Program Files\Ext2Fsd\Documents\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd\Documents\Release Notes.lnk -> C:\Program Files\Ext2Fsd\Documents\notes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\bin\Main.exe (EaseUS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\Uninstall EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\dvdflick.exe (Dennis "Exl" Meuwissen)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Uninstall DVD Flick.lnk -> C:\Program Files (x86)\DVD Flick\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Changelog.lnk -> C:\Program Files (x86)\DVD Flick\changelog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\GNU GPL License.lnk -> C:\Program Files (x86)\DVD Flick\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Guide.lnk -> C:\Program Files (x86)\DVD Flick\guide\index_en.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\Readme.lnk -> C:\Program Files (x86)\DVD Flick\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\DOSBox 0.74-3 Manual.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\Documentation\README.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Uninstall.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\uninstall.exe (DOSBox Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Video\Video instructions.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\Video Instructions.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software\AMD Radeon Software.lnk -> C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool\AMD Bug Report Tool.lnk -> C:\Program Files\AMD\CIM\Bin64\AMDBugReportTool.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\VMCreate.lnk -> C:\Program Files\Hyper-V\VMCreate.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\ancys\Pictures\Desktop - Shortcut.lnk -> C:\Users\ancys\Desktop ()
Shortcut: C:\Users\ancys\Pictures\Saved Pictures\Pictures - Shortcut.lnk -> C:\Users\ancys\Pictures ()
Shortcut: C:\Users\ancys\Links\Desktop.lnk -> C:\Users\ancys\Desktop ()
Shortcut: C:\Users\ancys\Links\Downloads.lnk -> C:\Users\ancys\Downloads ()
Shortcut: C:\Users\ancys\Documents\Downloads - Shortcut.lnk -> C:\Users\ancys\Downloads ()
Shortcut: C:\Users\ancys\Documents\Minecraft.lnk -> Tile and icon assets
Shortcut: C:\Users\ancys\Desktop\Assignments.lnk -> C:\Users\ancys\Desktop\assignments ()
Shortcut: C:\Users\ancys\Desktop\Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\Creative Cloud Files\_Cloud documents.lnk -> C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ancys\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam.lnk -> C:\Users\ancys\AppData\Roaming\Microsoft\Installer\{4BE0A527-00F0-48AC-A336-C8647101D654}\_75ECEC2234CF1D1D7CB54F.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.lnk -> C:\Program Files\RBtray\RBTray.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc\Atom.lnk -> C:\Users\ancys\AppData\Local\atom\atom.exe (GitHub, Inc.)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Download Manager\Uninstall Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\unins000.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\About Folding@home.lnk -> C:\Program Files (x86)\FAHClient\About Folding@home.url ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Data Directory.lnk -> C:\Users\ancys\AppData\Roaming\FAHClient ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\FAHControl.lnk -> C:\Program Files (x86)\FAHClient\FAHControl.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\FAHViewer.lnk -> C:\Program Files (x86)\FAHClient\FAHViewer.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Uninstall.lnk -> C:\Program Files (x86)\FAHClient\Uninstall.exe ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Web Control.lnk -> C:\Program Files (x86)\FAHClient\FAHWebClient.url ()
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Absolute Uninstaller.lnk -> C:\Program Files (x86)\Glarysoft\Absolute Uninstaller 5\unInstaller.exe (Glarysoft Ltd)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 7.lnk -> C:\Program Files (x86)\VSO\ConvertX\7\ConvertXtoDvd.exe (VSO Software SARL)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\EaseUS Partition Master 15.8.lnk -> C:\Program Files (x86)\EaseUS\EaseUS Partition Master\bin\Main.exe (EaseUS)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk -> C:\Users\ancys\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe (Softdeluxe)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\ancys\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Oregon Trail.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> "C:\DOS\OREGON\OREGON.EXE" -noconsole
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Install.lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /install /deletecpl "Install and please reboot once finished..."
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 7\ Drivers\ Remove Driver (Compatibility Mode).lnk -> C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe (VSO Software SARL) -> /remove /removeatip "Uninstalling... Please reboot aftwerwards!"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2540 series\HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1050 J410 series\HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HP Deskjet 1050 J410 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\DOSBox 0.74-3.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -userconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\DOSBox 0.74-3 Options.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -editconf notepad.exe -editconf "%SystemRoot%\system32\notepad.exe" -editconf "%WINDIR%\notepad.exe"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\Reset KeyMapper.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -erasemapper
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Options\Reset Options.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -eraseconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\DOSBox 0.74-3 (noconsole) - Copy.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -noconsole -userconf C:\DOS\OREGON\OREGON.EXE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\DOSBox 0.74-3 (noconsole).lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -noconsole -userconf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Screenshots & Recordings.lnk -> C:\Program Files (x86)\DOSBox-0.74-3\DOSBox.exe (DOSBox Team) -> -opencaptures explorer.exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74-3\Extras\Video\Install movie codec.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> setupapi,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\DOSBox-0.74-3\Video Codec\zmbv.inf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD\APP SDK 3.0\AMD APP SDK 3.0 Samples.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> C:\Users\ancys\AMD APP SDK\3.0\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Hyper-V Manager.lnk -> C:\Windows\System32\mmc.exe (Microsoft Corporation) -> "%windir%\System32\virtmgmt.msc"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\ancys\Desktop\Ancy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\ancys\Desktop\Clin - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\Desktop\FENECIA - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\ancys\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\ancys\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () -> C:\Program Files (x86)\FAHClient\FAHClient.exe
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Folding@home\Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () -> "C:\Program Files (x86)\FAHClient\FAHClient.exe" --open-web-control
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Prodigy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=iapdpibhbhfecmiegbeelepdnkebkhcp
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\ancys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\CLIN - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\ancys\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI\Hasleo EasyUEFI on the Web.url -> URL: hxxps://www.hasleo.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft\Absolute Uninstaller\Website.url -> URL: hxxp://www.glarysoft.com/absolute-uninstaller/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\EaseUS Partition Master 15.8 Help.url -> URL: hxxps://www.easeus.com/support/partition-master/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 15.8\Visit EaseUS on the Web.url -> URL: hxxps://www.easeus.com/partition-manager/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick\Help and Support\DVD Flick on the Web.url -> URL: hxxp://www.dvdflick.net
InternetURL: C:\Users\ancys\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\ancys\Favorites\The NeoSmart Files.url -> URL: hxxp://neosmart.net/blog/feed/
==================== End of Shortcut.txt =============================