Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021
Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (15-08-2021 13:08:28)
Running from C:\Users\nlaun\OneDrive\Bureau
Loaded Profiles: nlaun
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {04E0EE3A-227C-4B53-84AD-1B46A5090CE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {33383EED-C6DD-47B6-91C9-E3AB791E788A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A9EF5265-670C-4B2A-A51F-F0724FC51CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D7DD6166-2D39-4BC8-A0F8-A5350E00790D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-15]
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
Chrome:
=======
CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-15]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29]
CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29]
CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29]
CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S2 luminati_net_updater_win_hola_chrome_ext_hola_org; "C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.chrome.ext.hola.org [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 MpKslf8e6217f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CE485C6-F5FD-4C02-87C2-753FF406FDFD}\MpKslDrv.sys [123112 2021-08-14] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2021-08-14 18:43 - 2021-08-14 18:43 - 000007257 _____ C:\Users\nlaun\Downloads\tax form online payment.htm
2021-08-14 17:32 - 2021-08-14 17:32 - 000000000 ____D C:\Users\nlaun\AppData\Local\mbam
2021-08-14 17:30 - 2021-08-14 17:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-14 17:18 - 2021-08-14 17:21 - 000000000 ____D C:\AdwCleaner
2021-08-14 16:20 - 2021-08-14 16:20 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\WildTangent
2021-08-13 16:52 - 2021-08-13 16:52 - 000000000 ____D C:\Users\nlaun\AppData\Local\luminati
2021-08-13 06:58 - 2021-08-13 06:58 - 000634744 _____ (Hola Networks Ltd.) C:\Users\nlaun\Downloads\Hola-Setup-Chrome-Agreed.exe
2021-08-12 19:42 - 2021-08-12 19:42 - 000009141 _____ C:\Users\nlaun\Downloads\2fa_backup_code_USCIS_myAccount.pdf
2021-08-12 18:45 - 2021-08-12 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-08-12 18:44 - 2021-08-12 18:45 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-08-11 06:35 - 2021-08-11 06:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-08-11 06:34 - 2021-08-11 06:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-08-11 06:30 - 2021-08-11 06:30 - 000000020 ___SH C:\Users\nlaun\ntuser.ini
2021-08-11 04:13 - 2021-08-11 01:44 - 000000000 ____D C:\Windows.old
2021-08-11 04:09 - 2021-08-11 04:13 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-08-11 04:07 - 2021-08-11 04:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-08-11 04:07 - 2021-08-11 04:07 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-08-11 03:50 - 2021-08-11 03:50 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-08-11 03:49 - 2021-08-11 03:49 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-08-11 03:49 - 2021-08-11 03:49 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-08-11 03:49 - 2021-08-11 03:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 03:48 - 2021-08-11 03:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-08-11 03:48 - 2021-08-11 03:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-11 03:48 - 2021-08-11 03:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-08-11 03:47 - 2021-08-11 03:47 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-11 03:47 - 2021-08-11 03:47 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-11 03:47 - 2021-08-11 03:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-08-11 03:47 - 2021-08-11 03:47 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-08-11 03:47 - 2021-08-11 03:47 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-08-11 03:47 - 2021-08-11 03:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-08-11 03:46 - 2021-08-11 03:46 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-08-11 03:46 - 2021-08-11 03:46 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-08-11 03:45 - 2021-08-11 03:45 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-08-11 03:45 - 2021-08-11 03:45 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-11 03:45 - 2021-08-11 03:45 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-08-11 03:45 - 2021-08-11 03:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-11 03:45 - 2021-08-11 03:45 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-08-11 03:30 - 2019-10-15 16:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-08-11 03:30 - 2019-04-18 21:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\MSBuild
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-08-11 01:42 - 2021-08-14 17:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-11 01:42 - 2021-08-11 01:43 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-11 01:42 - 2021-08-11 01:43 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Administrator
2021-08-11 01:42 - 2021-08-11 01:43 - 000002984 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-08-11 01:42 - 2021-08-11 01:43 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-500
2021-08-11 01:42 - 2021-08-11 01:42 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-11 01:42 - 2021-08-11 01:42 - 000003242 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-11 01:42 - 2021-08-11 01:42 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f
2021-08-11 01:42 - 2021-08-11 01:42 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-11 01:42 - 2021-08-11 01:42 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsNotifyTask_Administrator
2021-08-11 01:42 - 2021-08-11 01:42 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001
2021-08-11 01:42 - 2021-08-11 01:42 - 000002406 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-08-11 01:42 - 2021-08-11 01:42 - 000002400 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-08-11 01:42 - 2021-08-11 01:42 - 000002340 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-08-11 01:42 - 2021-08-11 01:42 - 000002274 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUSTek Computer Inc
2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-08-11 01:42 - 2020-09-27 09:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500
2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-08-11 01:34 - 2021-08-13 17:15 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-11 01:22 - 2021-08-15 12:54 - 000000000 ____D C:\Users\nlaun
2021-08-11 01:22 - 2019-12-07 04:10 - 000001105 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-11 01:18 - 2020-01-16 01:52 - 000104160 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-08-11 01:18 - 2020-01-16 01:52 - 000100064 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-08-11 01:14 - 2021-08-15 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-11 01:14 - 2021-08-14 17:26 - 000311936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-10 22:00 - 2021-08-10 22:00 - 000000000 ___HD C:\$WinREAgent
2021-08-10 20:35 - 2021-08-11 06:30 - 000000000 ___DC C:\WINDOWS\Panther
2021-08-10 20:29 - 2021-08-11 04:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-08-10 20:29 - 2021-08-10 20:29 - 000000000 ____D C:\Program Files\7-Zip
2021-08-10 19:51 - 2021-08-10 19:51 - 000000000 ___HD C:\$Windows.~WS
2021-08-09 18:30 - 2021-08-15 13:09 - 000000000 ____D C:\FRST
2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip
2021-08-07 13:59 - 2021-08-15 13:06 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP
2021-08-07 13:59 - 2021-08-14 16:44 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-15 13:01 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-15 12:51 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-15 12:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-15 12:47 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-15 12:47 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-15 12:45 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-14 17:26 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-14 17:25 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-14 17:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-14 17:23 - 2020-10-21 18:25 - 000000000 ____D C:\ProgramData\ASUS
2021-08-14 17:23 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-08-14 16:21 - 2020-10-21 18:26 - 000000000 ____D C:\ProgramData\WinZip
2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\WildTangent
2021-08-14 16:07 - 2016-04-12 12:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-08-14 16:02 - 2016-04-12 12:26 - 000000000 ____D C:\ProgramData\CyberLink
2021-08-14 15:59 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-13 17:03 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles
2021-08-13 17:03 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-13 17:02 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-12 18:49 - 2020-10-21 06:58 - 000000000 ____D C:\Users\nlaun\AppData\Local\D3DSCache
2021-08-11 16:54 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-08-11 06:48 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-11 06:32 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 06:31 - 2020-10-21 06:43 - 000000000 ___RD C:\Users\nlaun\3D Objects
2021-08-11 06:31 - 2020-09-27 09:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-11 04:13 - 2020-12-12 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-11 04:13 - 2020-11-12 20:45 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.8
2021-08-11 04:13 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020
2021-08-11 04:13 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 04:13 - 2020-10-22 00:20 - 000000000 ____D C:\Program Files\UNP
2021-08-11 04:13 - 2020-10-20 22:24 - 000000000 ____D C:\Program Files\Intel
2021-08-11 04:13 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-08-11 04:13 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2021-08-11 04:13 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Help
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-08-11 04:13 - 2016-04-12 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-08-11 04:13 - 2015-11-24 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-08-11 04:13 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2021-08-11 04:13 - 2015-11-24 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-08-11 04:11 - 2020-10-20 19:12 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-08-11 04:11 - 2020-10-20 19:08 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-08-11 04:10 - 2020-10-20 22:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-11 04:09 - 2020-11-09 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-08-11 04:09 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files\Realtek
2021-08-11 04:09 - 2020-10-20 19:11 - 000000000 ____D C:\Program Files\Synaptics
2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-08-11 04:09 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\OCR
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Resources
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-08-11 04:09 - 2016-04-12 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2021-08-11 03:59 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-11 03:57 - 2019-12-07 04:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-08-11 01:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 01:43 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-11 01:42 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-08-11 01:39 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive
2021-08-11 01:31 - 2019-12-07 04:14 - 000000000 __RSD C:\WINDOWS\Media
2021-08-11 01:30 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-11 01:25 - 2020-12-12 14:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-11 01:25 - 2020-10-21 18:28 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2021-08-11 01:23 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages
2021-08-11 01:20 - 2020-10-20 19:11 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-08-11 01:19 - 2020-10-20 22:26 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2021-08-11 01:19 - 2020-10-20 19:12 - 000000000 ____D C:\ProgramData\SetupTPDriver
2021-08-11 01:18 - 2020-10-20 22:24 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-08-10 20:26 - 2020-11-08 22:57 - 000000000 ____D C:\ESD
2021-08-09 22:12 - 2020-12-05 17:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Easeware
2021-08-09 20:17 - 2020-11-19 22:06 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-08-09 19:44 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-09 19:43 - 2020-10-22 06:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps
2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft
2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020
2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
2021-07-16 09:45 - 2020-10-22 06:45 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-07-16 09:45 - 2020-10-22 06:45 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
==================== Files in the root of some directories ========
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys
2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll
2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4633d305-22f7-11eb-826d-806e6f6e6963}
{4633d306-22f7-11eb-826d-806e6f6e6963}
{4633d307-22f7-11eb-826d-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {4633d305-22f7-11eb-826d-806e6f6e6963}
description UEFI:CD/DVD Drive
Firmware Application (101fffff)
-------------------------------
identifier {4633d306-22f7-11eb-826d-806e6f6e6963}
description UEFI:Removable Device
Firmware Application (101fffff)
-------------------------------
identifier {4633d307-22f7-11eb-826d-806e6f6e6963}
description UEFI:Network Device
Windows Boot Loader
-------------------
identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Setup
-------------
identifier {7254a080-1510-4e85-ac0f-e7fb3d444736}
device ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c}
bootstatdevice partition=C:
custom:11000083 partition=C:
path \windows\system32\winload.efi
description Windows Rollback
locale en-US
bootstatfilepath \$WINDOWS.~BT\Sources\SafeOS\bootstat.dat
inherit {bootloadersettings}
restartonfailure Yes
osdevice ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c}
custom:21000152 partition=C:
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Resume from Hibernate
---------------------
identifier {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {5db5bb57-1332-11eb-b44f-ee3bd680112c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
Device options
--------------
identifier {68e4b37e-fa84-11eb-8af8-b5175f7de73a}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (15-08-2021 13:08:28)
Running from C:\Users\nlaun\OneDrive\Bureau
Loaded Profiles: nlaun
Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {04E0EE3A-227C-4B53-84AD-1B46A5090CE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe
Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {33383EED-C6DD-47B6-91C9-E3AB791E788A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC)
Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A9EF5265-670C-4B2A-A51F-F0724FC51CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {D7DD6166-2D39-4BC8-A0F8-A5350E00790D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-15]
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
Chrome:
=======
CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-15]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/"
CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29]
CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29]
CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29]
CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29]
CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03]
CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29]
CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S2 luminati_net_updater_win_hola_chrome_ext_hola_org; "C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.chrome.ext.hola.org [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
R3 MpKslf8e6217f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CE485C6-F5FD-4C02-87C2-753FF406FDFD}\MpKslDrv.sys [123112 2021-08-14] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2021-08-14 18:43 - 2021-08-14 18:43 - 000007257 _____ C:\Users\nlaun\Downloads\tax form online payment.htm
2021-08-14 17:32 - 2021-08-14 17:32 - 000000000 ____D C:\Users\nlaun\AppData\Local\mbam
2021-08-14 17:30 - 2021-08-14 17:30 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-14 17:18 - 2021-08-14 17:21 - 000000000 ____D C:\AdwCleaner
2021-08-14 16:20 - 2021-08-14 16:20 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\WildTangent
2021-08-13 16:52 - 2021-08-13 16:52 - 000000000 ____D C:\Users\nlaun\AppData\Local\luminati
2021-08-13 06:58 - 2021-08-13 06:58 - 000634744 _____ (Hola Networks Ltd.) C:\Users\nlaun\Downloads\Hola-Setup-Chrome-Agreed.exe
2021-08-12 19:42 - 2021-08-12 19:42 - 000009141 _____ C:\Users\nlaun\Downloads\2fa_backup_code_USCIS_myAccount.pdf
2021-08-12 18:45 - 2021-08-12 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-08-12 18:44 - 2021-08-12 18:45 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-08-11 06:35 - 2021-08-11 06:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-08-11 06:34 - 2021-08-11 06:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-08-11 06:30 - 2021-08-11 06:30 - 000000020 ___SH C:\Users\nlaun\ntuser.ini
2021-08-11 04:13 - 2021-08-11 01:44 - 000000000 ____D C:\Windows.old
2021-08-11 04:09 - 2021-08-11 04:13 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-08-11 04:07 - 2021-08-11 04:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-08-11 04:07 - 2021-08-11 04:07 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-08-11 03:50 - 2021-08-11 03:50 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-11 03:49 - 2021-08-11 03:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-08-11 03:49 - 2021-08-11 03:49 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-08-11 03:49 - 2021-08-11 03:49 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-08-11 03:49 - 2021-08-11 03:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-08-11 03:49 - 2021-08-11 03:49 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-08-11 03:48 - 2021-08-11 03:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-08-11 03:48 - 2021-08-11 03:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-08-11 03:48 - 2021-08-11 03:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-08-11 03:47 - 2021-08-11 03:47 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-08-11 03:47 - 2021-08-11 03:47 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-08-11 03:47 - 2021-08-11 03:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-08-11 03:47 - 2021-08-11 03:47 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-08-11 03:47 - 2021-08-11 03:47 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-08-11 03:47 - 2021-08-11 03:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-08-11 03:46 - 2021-08-11 03:46 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-08-11 03:46 - 2021-08-11 03:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-08-11 03:46 - 2021-08-11 03:46 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-08-11 03:45 - 2021-08-11 03:45 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-08-11 03:45 - 2021-08-11 03:45 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-11 03:45 - 2021-08-11 03:45 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-08-11 03:45 - 2021-08-11 03:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-08-11 03:45 - 2021-08-11 03:45 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-08-11 03:30 - 2019-10-15 16:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-08-11 03:30 - 2019-04-18 21:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\MSBuild
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-08-11 01:42 - 2021-08-14 17:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-11 01:42 - 2021-08-11 01:43 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-11 01:42 - 2021-08-11 01:43 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Administrator
2021-08-11 01:42 - 2021-08-11 01:43 - 000002984 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-08-11 01:42 - 2021-08-11 01:43 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-500
2021-08-11 01:42 - 2021-08-11 01:42 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-11 01:42 - 2021-08-11 01:42 - 000003242 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-11 01:42 - 2021-08-11 01:42 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f
2021-08-11 01:42 - 2021-08-11 01:42 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-11 01:42 - 2021-08-11 01:42 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsNotifyTask_Administrator
2021-08-11 01:42 - 2021-08-11 01:42 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001
2021-08-11 01:42 - 2021-08-11 01:42 - 000002406 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-08-11 01:42 - 2021-08-11 01:42 - 000002400 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-08-11 01:42 - 2021-08-11 01:42 - 000002340 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-08-11 01:42 - 2021-08-11 01:42 - 000002274 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUSTek Computer Inc
2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-08-11 01:42 - 2020-09-27 09:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500
2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagerr.xml
2021-08-11 01:34 - 2021-08-13 17:15 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-11 01:22 - 2021-08-15 12:54 - 000000000 ____D C:\Users\nlaun
2021-08-11 01:22 - 2019-12-07 04:10 - 000001105 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-08-11 01:18 - 2020-01-16 01:52 - 000104160 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2021-08-11 01:18 - 2020-01-16 01:52 - 000100064 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2021-08-11 01:14 - 2021-08-15 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-11 01:14 - 2021-08-14 17:26 - 000311936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-08-10 22:00 - 2021-08-10 22:00 - 000000000 ___HD C:\$WinREAgent
2021-08-10 20:35 - 2021-08-11 06:30 - 000000000 ___DC C:\WINDOWS\Panther
2021-08-10 20:29 - 2021-08-11 04:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-08-10 20:29 - 2021-08-10 20:29 - 000000000 ____D C:\Program Files\7-Zip
2021-08-10 19:51 - 2021-08-10 19:51 - 000000000 ___HD C:\$Windows.~WS
2021-08-09 18:30 - 2021-08-15 13:09 - 000000000 ____D C:\FRST
2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip
2021-08-07 13:59 - 2021-08-15 13:06 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP
2021-08-07 13:59 - 2021-08-14 16:44 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-08-15 13:01 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-15 12:51 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-15 12:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-15 12:47 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-15 12:47 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-15 12:45 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-14 17:26 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-08-14 17:25 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-14 17:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-14 17:23 - 2020-10-21 18:25 - 000000000 ____D C:\ProgramData\ASUS
2021-08-14 17:23 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-08-14 16:21 - 2020-10-21 18:26 - 000000000 ____D C:\ProgramData\WinZip
2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\WildTangent
2021-08-14 16:07 - 2016-04-12 12:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-08-14 16:02 - 2016-04-12 12:26 - 000000000 ____D C:\ProgramData\CyberLink
2021-08-14 15:59 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-08-13 17:03 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles
2021-08-13 17:03 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-13 17:02 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-12 18:49 - 2020-10-21 06:58 - 000000000 ____D C:\Users\nlaun\AppData\Local\D3DSCache
2021-08-11 16:54 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2021-08-11 06:48 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-08-11 06:32 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-08-11 06:31 - 2020-10-21 06:43 - 000000000 ___RD C:\Users\nlaun\3D Objects
2021-08-11 06:31 - 2020-09-27 09:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-08-11 04:13 - 2020-12-12 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-11 04:13 - 2020-11-12 20:45 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.8
2021-08-11 04:13 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020
2021-08-11 04:13 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-08-11 04:13 - 2020-10-22 00:20 - 000000000 ____D C:\Program Files\UNP
2021-08-11 04:13 - 2020-10-20 22:24 - 000000000 ____D C:\Program Files\Intel
2021-08-11 04:13 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-08-11 04:13 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup
2021-08-11 04:13 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Help
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-08-11 04:13 - 2016-04-12 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-08-11 04:13 - 2015-11-24 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2021-08-11 04:13 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2021-08-11 04:13 - 2015-11-24 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-08-11 04:11 - 2020-10-20 19:12 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-08-11 04:11 - 2020-10-20 19:08 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-08-11 04:10 - 2020-10-20 22:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-08-11 04:09 - 2020-11-09 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-08-11 04:09 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files\Realtek
2021-08-11 04:09 - 2020-10-20 19:11 - 000000000 ____D C:\Program Files\Synaptics
2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-08-11 04:09 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\OCR
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Resources
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-08-11 04:09 - 2016-04-12 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2021-08-11 03:59 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-11 03:57 - 2019-12-07 04:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-08-11 01:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-08-11 01:43 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-08-11 01:42 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-08-11 01:39 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive
2021-08-11 01:31 - 2019-12-07 04:14 - 000000000 __RSD C:\WINDOWS\Media
2021-08-11 01:30 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-11 01:25 - 2020-12-12 14:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-11 01:25 - 2020-10-21 18:28 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2021-08-11 01:23 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages
2021-08-11 01:20 - 2020-10-20 19:11 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2021-08-11 01:19 - 2020-10-20 22:26 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2021-08-11 01:19 - 2020-10-20 19:12 - 000000000 ____D C:\ProgramData\SetupTPDriver
2021-08-11 01:18 - 2020-10-20 22:24 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2021-08-10 20:26 - 2020-11-08 22:57 - 000000000 ____D C:\ESD
2021-08-09 22:12 - 2020-12-05 17:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Easeware
2021-08-09 20:17 - 2020-11-19 22:06 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2021-08-09 19:44 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-09 19:43 - 2020-10-22 06:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software
2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps
2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft
2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder
2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020
2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
2021-07-16 09:45 - 2020-10-22 06:45 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-07-16 09:45 - 2020-10-22 06:45 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
==================== Files in the root of some directories ========
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys
2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg
==================== SigCheckExt =========================
2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll
2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe
2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{4633d305-22f7-11eb-826d-806e6f6e6963}
{4633d306-22f7-11eb-826d-806e6f6e6963}
{4633d307-22f7-11eb-826d-806e6f6e6963}
timeout 2
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Firmware Application (101fffff)
-------------------------------
identifier {4633d305-22f7-11eb-826d-806e6f6e6963}
description UEFI:CD/DVD Drive
Firmware Application (101fffff)
-------------------------------
identifier {4633d306-22f7-11eb-826d-806e6f6e6963}
description UEFI:Removable Device
Firmware Application (101fffff)
-------------------------------
identifier {4633d307-22f7-11eb-826d-806e6f6e6963}
description UEFI:Network Device
Windows Boot Loader
-------------------
identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Setup
-------------
identifier {7254a080-1510-4e85-ac0f-e7fb3d444736}
device ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c}
bootstatdevice partition=C:
custom:11000083 partition=C:
path \windows\system32\winload.efi
description Windows Rollback
locale en-US
bootstatfilepath \$WINDOWS.~BT\Sources\SafeOS\bootstat.dat
inherit {bootloadersettings}
restartonfailure Yes
osdevice ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c}
custom:21000152 partition=C:
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Resume from Hibernate
---------------------
identifier {68e4b37b-fa84-11eb-8af8-b5175f7de73a}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {5db5bb57-1332-11eb-b44f-ee3bd680112c}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
Device options
--------------
identifier {68e4b37e-fa84-11eb-8af8-b5175f7de73a}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume4
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================