Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021
Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (09-08-2021 18:32:00)
Running from C:\Users\nlaun\OneDrive\Bureau
Loaded Profiles: nlaun
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Corel Corporation -> ) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Corel Corporation -> Corel Corporation) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40>
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.345.171.0.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {490CE7C1-E1E2-41AB-97F6-BE6AAFB860AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {61C21ACB-DF26-4FD1-9C00-F1E5AD654678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6B7B6881-340C-4194-9807-197A76EE6F40} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_nlaun => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5820440 2020-03-12] (Janos Mathe -> H.D.S. Hungary)
Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A0D9C344-88CB-4385-9F1C-C214023B6AFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A53F5839-FA2F-480A-B8EC-EA1C2B0AE614} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {B0D92780-61F3-4631-A385-89CE9729A9D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {C20A06A0-4A18-49BC-9B5D-E5B86D037F56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7ACB346-E6C4-463D-B3B7-230E1E475AF6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> )
Task: {CC1A2D32-4151-4149-B3A7-52033C2A815B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2015-06-09] (ASUSTeK Computer Inc. -> ASUS)
Task: {DCE099A2-6E08-435D-A16E-0120B6397AB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E04FBC00-9D72-4031-898A-A1441C616A2B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {E958F268-6632-4042-B85C-2A9A989CF340} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-08]
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
Chrome:
=======
CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-09]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29]
CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29]
CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29]
CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-03] (McAfee, LLC -> McAfee, LLC)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed]
S2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 MpKslb85764bb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{014C623A-046A-4B87-A231-D6DE2C64CE97}\MpKslDrv.sys [123112 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-09 18:30 - 2021-08-09 18:33 - 000000000 ____D C:\FRST
2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip
2021-08-07 13:59 - 2021-08-09 18:18 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP
2021-08-07 13:59 - 2021-08-09 18:05 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip
2021-05-29 11:47 - 2021-05-29 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-29 11:46 - 2021-05-29 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-29 11:45 - 2021-05-29 11:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-29 11:45 - 2021-05-29 11:45 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-29 11:45 - 2021-05-29 11:45 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-29 11:45 - 2021-05-29 11:45 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-29 11:44 - 2021-05-29 11:44 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-29 11:43 - 2021-05-29 11:43 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-29 11:43 - 2021-05-29 11:43 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-29 11:43 - 2021-05-29 11:43 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-29 11:41 - 2021-05-29 11:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-29 11:41 - 2021-05-29 11:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-09 18:37 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-09 18:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-09 18:24 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-09 18:17 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-09 17:59 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles
2021-08-09 17:59 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-08 21:53 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-08 21:51 - 2020-09-27 09:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-08 18:06 - 2021-03-17 21:02 - 000002385 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-08 18:06 - 2020-11-09 01:21 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001
2021-08-08 18:06 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive
2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-08 09:26 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-08 09:26 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-08-08 09:23 - 2020-11-09 01:12 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-08 09:23 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-08-08 09:15 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-08 09:15 - 2020-09-27 09:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-08 09:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps
2021-08-08 09:14 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-07 22:06 - 2020-11-09 00:30 - 000000000 ____D C:\Users\nlaun
2021-08-07 22:03 - 2021-04-27 19:57 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f
2021-08-07 22:03 - 2020-11-09 01:21 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-07 22:03 - 2020-11-09 01:21 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-07 22:03 - 2020-09-27 09:53 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft
2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 19:17 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages
2021-08-07 16:54 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020
2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020
2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
2021-08-07 13:15 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-06 20:37 - 2015-11-24 00:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-06 20:37 - 2015-11-24 00:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-06 19:35 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-03 14:22 - 2020-11-09 21:42 - 000000000 ____D C:\Users\nlaun\AppData\Local\WinZip
2021-08-03 14:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-27 17:47 - 2020-11-09 01:21 - 000004010 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-07-27 17:47 - 2020-11-09 01:21 - 000003778 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
==================== Files in the root of some directories ========
2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys
2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2016-04-12 11:52 - 2015-08-06 11:43 - 000177088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-04-12 11:55 - 2015-10-02 21:22 - 001756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-04-12 11:55 - 2015-10-02 21:22 - 001710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll
2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4633d305-22f7-11eb-826d-806e6f6e6963}
{4633d306-22f7-11eb-826d-806e6f6e6963}
{4633d307-22f7-11eb-826d-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {4633d305-22f7-11eb-826d-806e6f6e6963}
description UEFI:CD/DVD Drive
Firmware Application (101fffff)
-------------------------------
identifier {4633d306-22f7-11eb-826d-806e6f6e6963}
description UEFI:Removable Device
Firmware Application (101fffff)
-------------------------------
identifier {4633d307-22f7-11eb-826d-806e6f6e6963}
description UEFI:Network Device
Windows Boot Loader
-------------------
identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (09-08-2021 18:32:00)
Running from C:\Users\nlaun\OneDrive\Bureau
Loaded Profiles: nlaun
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Corel Corporation -> ) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe
(Corel Corporation -> Corel Corporation) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40>
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.345.171.0.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {490CE7C1-E1E2-41AB-97F6-BE6AAFB860AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {61C21ACB-DF26-4FD1-9C00-F1E5AD654678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6B7B6881-340C-4194-9807-197A76EE6F40} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_nlaun => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5820440 2020-03-12] (Janos Mathe -> H.D.S. Hungary)
Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A0D9C344-88CB-4385-9F1C-C214023B6AFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A53F5839-FA2F-480A-B8EC-EA1C2B0AE614} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {B0D92780-61F3-4631-A385-89CE9729A9D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {C20A06A0-4A18-49BC-9B5D-E5B86D037F56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7ACB346-E6C4-463D-B3B7-230E1E475AF6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> )
Task: {CC1A2D32-4151-4149-B3A7-52033C2A815B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2015-06-09] (ASUSTeK Computer Inc. -> ASUS)
Task: {DCE099A2-6E08-435D-A16E-0120B6397AB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E04FBC00-9D72-4031-898A-A1441C616A2B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {E958F268-6632-4042-B85C-2A9A989CF340} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-08]
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> )
Chrome:
=======
CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-09]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29]
CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29]
CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29]
CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-03] (McAfee, LLC -> McAfee, LLC)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed]
S2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 MpKslb85764bb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{014C623A-046A-4B87-A231-D6DE2C64CE97}\MpKslDrv.sys [123112 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-08-08] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-09 18:30 - 2021-08-09 18:33 - 000000000 ____D C:\FRST
2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip
2021-08-07 13:59 - 2021-08-09 18:18 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP
2021-08-07 13:59 - 2021-08-09 18:05 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip
2021-05-29 11:47 - 2021-05-29 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-29 11:46 - 2021-05-29 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-29 11:45 - 2021-05-29 11:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-29 11:45 - 2021-05-29 11:45 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-29 11:45 - 2021-05-29 11:45 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-29 11:45 - 2021-05-29 11:45 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-29 11:44 - 2021-05-29 11:44 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-29 11:43 - 2021-05-29 11:43 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-29 11:43 - 2021-05-29 11:43 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-29 11:43 - 2021-05-29 11:43 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-29 11:41 - 2021-05-29 11:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-29 11:41 - 2021-05-29 11:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-09 18:37 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-09 18:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-09 18:24 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-09 18:17 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-09 17:59 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles
2021-08-09 17:59 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-08 21:53 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-08 21:51 - 2020-09-27 09:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-08 18:06 - 2021-03-17 21:02 - 000002385 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-08 18:06 - 2020-11-09 01:21 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001
2021-08-08 18:06 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive
2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-08 09:26 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-08 09:26 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-08-08 09:23 - 2020-11-09 01:12 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-08 09:23 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-08-08 09:15 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-08 09:15 - 2020-09-27 09:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-08 09:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps
2021-08-08 09:14 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-07 22:06 - 2020-11-09 00:30 - 000000000 ____D C:\Users\nlaun
2021-08-07 22:03 - 2021-04-27 19:57 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f
2021-08-07 22:03 - 2020-11-09 01:21 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-07 22:03 - 2020-11-09 01:21 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-07 22:03 - 2020-09-27 09:53 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft
2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 19:17 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages
2021-08-07 16:54 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020
2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020
2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
2021-08-07 13:15 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-06 20:37 - 2015-11-24 00:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-06 20:37 - 2015-11-24 00:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-06 19:35 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-03 14:22 - 2020-11-09 21:42 - 000000000 ____D C:\Users\nlaun\AppData\Local\WinZip
2021-08-03 14:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-27 17:47 - 2020-11-09 01:21 - 000004010 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-07-27 17:47 - 2020-11-09 01:21 - 000003778 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
==================== Files in the root of some directories ========
2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys
2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2016-04-12 11:52 - 2015-08-06 11:43 - 000177088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-04-12 11:55 - 2015-10-02 21:22 - 001756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-04-12 11:55 - 2015-10-02 21:22 - 001710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll
2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4633d305-22f7-11eb-826d-806e6f6e6963}
{4633d306-22f7-11eb-826d-806e6f6e6963}
{4633d307-22f7-11eb-826d-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {4633d305-22f7-11eb-826d-806e6f6e6963}
description UEFI:CD/DVD Drive
Firmware Application (101fffff)
-------------------------------
identifier {4633d306-22f7-11eb-826d-806e6f6e6963}
description UEFI:Removable Device
Firmware Application (101fffff)
-------------------------------
identifier {4633d307-22f7-11eb-826d-806e6f6e6963}
description UEFI:Network Device
Windows Boot Loader
-------------------
identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================