Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021 Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (09-08-2021 18:32:00) Running from C:\Users\nlaun\OneDrive\Bureau Loaded Profiles: nlaun Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Corel Corporation -> ) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe (Corel Corporation -> Corel Corporation) [File not signed] C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe (CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <40> (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Janos Mathe -> H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\browserhost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\servicehost.exe (McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\WebAdvisor\uihost.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.345.171.0.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.) HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC) Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1618080 2015-05-14] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed] Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation) Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {490CE7C1-E1E2-41AB-97F6-BE6AAFB860AE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe Task: {61C21ACB-DF26-4FD1-9C00-F1E5AD654678} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6B7B6881-340C-4194-9807-197A76EE6F40} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_nlaun => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [5820440 2020-03-12] (Janos Mathe -> H.D.S. Hungary) Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC) Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {A0D9C344-88CB-4385-9F1C-C214023B6AFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A53F5839-FA2F-480A-B8EC-EA1C2B0AE614} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) Task: {B0D92780-61F3-4631-A385-89CE9729A9D5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {C20A06A0-4A18-49BC-9B5D-E5B86D037F56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C7ACB346-E6C4-463D-B3B7-230E1E475AF6} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [585000 2016-09-21] (Dropbox, Inc -> ) Task: {CC1A2D32-4151-4149-B3A7-52033C2A815B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [62536 2015-06-09] (ASUSTeK Computer Inc. -> ASUS) Task: {DCE099A2-6E08-435D-A16E-0120B6397AB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E04FBC00-9D72-4031-898A-A1441C616A2B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware) Task: {E958F268-6632-4042-B85C-2A9A989CF340} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-08] FireFox: ======== FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] (WildTangent Inc -> ) Chrome: ======= CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-09] CHR Notifications: Default -> hxxps://www.facebook.com CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.fr/" CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29] CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29] CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29] CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29] CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29] CHR Extension: (McAfee® WebAdvisor) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-08-03] CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31] CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29] CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.) S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> ) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent Inc -> WildTangent) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-03] (McAfee, LLC -> McAfee, LLC) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> ) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer -> TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-08-08] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinZip Compression Smart Monitor Service; C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [495872 2017-09-01] (Corel Corporation -> ) [File not signed] S2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation) R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS) R3 MpKslb85764bb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{014C623A-046A-4B87-A231-D6DE2C64CE97}\MpKslDrv.sys [123112 2021-08-08] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-08-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-08-08] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-08-08] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-09 18:30 - 2021-08-09 18:33 - 000000000 ____D C:\FRST 2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip 2021-08-07 13:59 - 2021-08-09 18:18 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP 2021-08-07 13:59 - 2021-08-09 18:05 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe 2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip 2021-05-29 11:47 - 2021-05-29 11:47 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-29 11:46 - 2021-05-29 11:46 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-29 11:45 - 2021-05-29 11:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-29 11:45 - 2021-05-29 11:45 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-29 11:45 - 2021-05-29 11:45 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-29 11:45 - 2021-05-29 11:45 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-29 11:44 - 2021-05-29 11:44 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-29 11:43 - 2021-05-29 11:43 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-29 11:43 - 2021-05-29 11:43 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-29 11:43 - 2021-05-29 11:43 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-29 11:41 - 2021-05-29 11:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-29 11:41 - 2021-05-29 11:41 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-09 18:37 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-09 18:32 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-08-09 18:24 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-09 18:17 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-08-09 17:59 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles 2021-08-09 17:59 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-08-08 21:53 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA 2021-08-08 21:51 - 2020-09-27 09:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-08 18:06 - 2021-03-17 21:02 - 000002385 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-08 18:06 - 2020-11-09 01:21 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001 2021-08-08 18:06 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive 2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-08 16:14 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-08 09:26 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-08-08 09:26 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-08-08 09:23 - 2020-11-09 01:12 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-08-08 09:23 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software 2021-08-08 09:15 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-08 09:15 - 2020-09-27 09:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-08 09:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps 2021-08-08 09:14 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-08-07 22:06 - 2020-11-09 00:30 - 000000000 ____D C:\Users\nlaun 2021-08-07 22:03 - 2021-04-27 19:57 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f 2021-08-07 22:03 - 2020-11-09 01:21 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-07 22:03 - 2020-11-09 01:21 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-07 22:03 - 2020-09-27 09:53 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft 2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder 2021-08-07 19:17 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages 2021-08-07 16:54 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020 2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020 2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg 2021-08-07 13:15 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-06 20:37 - 2015-11-24 00:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2021-08-06 20:37 - 2015-11-24 00:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2021-08-06 19:35 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-03 14:22 - 2020-11-09 21:42 - 000000000 ____D C:\Users\nlaun\AppData\Local\WinZip 2021-08-03 14:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-07-27 17:47 - 2020-11-09 01:21 - 000004010 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2021-07-27 17:47 - 2020-11-09 01:21 - 000003778 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore ==================== Files in the root of some directories ======== 2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys 2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg ==================== SigCheckExt ========================= 2016-04-12 11:52 - 2015-08-06 11:43 - 000177088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2016-04-12 11:55 - 2015-10-02 21:22 - 001756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2016-04-12 11:55 - 2015-10-02 21:22 - 001710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll 2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {4633d305-22f7-11eb-826d-806e6f6e6963} {4633d306-22f7-11eb-826d-806e6f6e6963} {4633d307-22f7-11eb-826d-806e6f6e6963} timeout 2 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {4633d305-22f7-11eb-826d-806e6f6e6963} description UEFI:CD/DVD Drive Firmware Application (101fffff) ------------------------------- identifier {4633d306-22f7-11eb-826d-806e6f6e6963} description UEFI:Removable Device Firmware Application (101fffff) ------------------------------- identifier {4633d307-22f7-11eb-826d-806e6f6e6963} description UEFI:Network Device Windows Boot Loader ------------------- identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c} device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale en-US inherit {bootloadersettings} recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {5db5bb52-1332-11eb-b44f-ee3bd680112c} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c} path \windows\system32\winload.efi description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================