Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2021 Ran by nlaun (administrator) on DESKTOP-ET78V9H (ASUSTeK COMPUTER INC. K501LX) (15-08-2021 13:08:28) Running from C:\Users\nlaun\OneDrive\Bureau Loaded Profiles: nlaun Platform: Windows 10 Home Version 21H1 19043.1165 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 1999-12-31] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-02] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1710568 2015-10-02] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed] HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [Dashlane] => C:\Users\nlaun\AppData\Roaming\Dashlane\Dashlane.exe [505296 2017-05-24] (Dashlane -> Dashlane, Inc.) HKU\S-1-5-21-2547849061-2848747678-2711715184-1001\...\Run: [DashlanePlugin] => C:\Users\nlaun\AppData\Roaming\Dashlane\DashlanePlugin.exe [552400 2017-05-24] (Dashlane -> Dashlane, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC) GroupPolicy: Restriction ? <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019F32F2-55E4-43B7-B169-E428FFF63D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC) Task: {04E0EE3A-227C-4B53-84AD-1B46A5090CE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {0E7305EA-F078-4CD5-A9FF-BBBB8B174A41} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe Task: {110A0F8D-9033-4339-B988-A47F86BDF486} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [513896 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {1110FDCE-32C1-4874-A0B6-23E73C7CC440} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {12FC8145-EAEB-4607-AB44-8844BA32DA4F} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [989864 2015-03-13] (Microsoft Corporation -> Microsoft Corporation) Task: {21E47A11-D85A-404C-9191-273FD935874D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {33383EED-C6DD-47B6-91C9-E3AB791E788A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7D24EDED-9F10-4CC9-909B-008BA6DF8AF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-29] (Google LLC -> Google LLC) Task: {9F4501B7-C4C1-48A1-B45E-E223FF98282F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19782224 2015-05-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {A9EF5265-670C-4B2A-A51F-F0724FC51CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B8583A8D-A1AD-45DD-81A3-DCF1AA4CB3E4} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122168 2015-03-10] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) Task: {C07CBF99-E536-4480-AB40-42471D22BABB} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [480616 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {D7DD6166-2D39-4BC8-A0F8-A5350E00790D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F4744714-6921-4F3E-BAFE-67A6154E6F49} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{311660dd-fd97-49ad-bded-a599df26fb12}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{c5818acf-3f2e-4b77-b761-bc780e320036}: [DhcpNameServer] 40.54.1.17 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\nlaun\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-15] FireFox: ======== FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Software Incorporated -> Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel(R) Identity Protection Technology Software -> Intel Corporation) Chrome: ======= CHR Profile: C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default [2021-08-15] CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.fr/" CHR Extension: (Slides) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-29] CHR Extension: (Docs) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-29] CHR Extension: (Google Drive) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-29] CHR Extension: (YouTube) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-29] CHR Extension: (Sheets) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-29] CHR Extension: (Google Docs Offline) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-08-03] CHR Extension: (Hola Free VPN Proxy Unblocker - Best VPN) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2021-08-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31] CHR Extension: (Gmail) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-29] CHR Extension: (Chrome Media Router) - C:\Users\nlaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-24] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-09] (Microsoft Windows Publisher -> Microsoft Corporation) S4 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X] S2 luminati_net_updater_win_hola_chrome_ext_hola_org; "C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.chrome.ext.hola.org [X] S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.) R2 ASMMAP64; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [18048 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUS) R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.) S3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUSTeK Computer Inc. -> ASUS Corporation) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS) R3 MpKslf8e6217f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CE485C6-F5FD-4C02-87C2-753FF406FDFD}\MpKslDrv.sys [123112 2021-08-14] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-09] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-09] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe 2021-08-14 18:43 - 2021-08-14 18:43 - 000007257 _____ C:\Users\nlaun\Downloads\tax form online payment.htm 2021-08-14 17:32 - 2021-08-14 17:32 - 000000000 ____D C:\Users\nlaun\AppData\Local\mbam 2021-08-14 17:30 - 2021-08-14 17:30 - 000000000 ____D C:\Program Files\Malwarebytes 2021-08-14 17:18 - 2021-08-14 17:21 - 000000000 ____D C:\AdwCleaner 2021-08-14 16:20 - 2021-08-14 16:20 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\WildTangent 2021-08-13 16:52 - 2021-08-13 16:52 - 000000000 ____D C:\Users\nlaun\AppData\Local\luminati 2021-08-13 06:58 - 2021-08-13 06:58 - 000634744 _____ (Hola Networks Ltd.) C:\Users\nlaun\Downloads\Hola-Setup-Chrome-Agreed.exe 2021-08-12 19:42 - 2021-08-12 19:42 - 000009141 _____ C:\Users\nlaun\Downloads\2fa_backup_code_USCIS_myAccount.pdf 2021-08-12 18:45 - 2021-08-12 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2021-08-12 18:44 - 2021-08-12 18:45 - 000000000 ____D C:\Program Files\CrystalDiskInfo 2021-08-11 06:35 - 2021-08-11 06:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-08-11 06:34 - 2021-08-11 06:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-08-11 06:30 - 2021-08-11 06:30 - 000000020 ___SH C:\Users\nlaun\ntuser.ini 2021-08-11 04:13 - 2021-08-11 01:44 - 000000000 ____D C:\Windows.old 2021-08-11 04:09 - 2021-08-11 04:13 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-08-11 04:07 - 2021-08-11 04:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-08-11 04:07 - 2021-08-11 04:07 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-08-11 03:50 - 2021-08-11 03:50 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-08-11 03:50 - 2021-08-11 03:50 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-08-11 03:50 - 2021-08-11 03:50 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-08-11 03:49 - 2021-08-11 03:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-08-11 03:49 - 2021-08-11 03:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-08-11 03:49 - 2021-08-11 03:49 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-08-11 03:49 - 2021-08-11 03:49 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-08-11 03:49 - 2021-08-11 03:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-08-11 03:49 - 2021-08-11 03:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-08-11 03:49 - 2021-08-11 03:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-08-11 03:49 - 2021-08-11 03:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-08-11 03:49 - 2021-08-11 03:49 - 000011347 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-08-11 03:48 - 2021-08-11 03:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-08-11 03:48 - 2021-08-11 03:48 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-08-11 03:48 - 2021-08-11 03:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-08-11 03:47 - 2021-08-11 03:47 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-08-11 03:47 - 2021-08-11 03:47 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-08-11 03:47 - 2021-08-11 03:47 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-08-11 03:47 - 2021-08-11 03:47 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-08-11 03:47 - 2021-08-11 03:47 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-08-11 03:47 - 2021-08-11 03:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-08-11 03:46 - 2021-08-11 03:46 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-08-11 03:46 - 2021-08-11 03:46 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-08-11 03:46 - 2021-08-11 03:46 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-08-11 03:46 - 2021-08-11 03:46 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-08-11 03:46 - 2021-08-11 03:46 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-08-11 03:45 - 2021-08-11 03:45 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-08-11 03:45 - 2021-08-11 03:45 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2021-08-11 03:45 - 2021-08-11 03:45 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-08-11 03:45 - 2021-08-11 03:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-08-11 03:45 - 2021-08-11 03:45 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-08-11 03:30 - 2019-10-15 16:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml 2021-08-11 03:30 - 2019-04-18 21:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml 2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\Reference Assemblies 2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files\MSBuild 2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2021-08-11 03:23 - 2021-08-11 03:23 - 000000000 ____D C:\Program Files (x86)\MSBuild 2021-08-11 01:42 - 2021-08-14 17:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-11 01:42 - 2021-08-11 01:43 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-08-11 01:42 - 2021-08-11 01:43 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Administrator 2021-08-11 01:42 - 2021-08-11 01:43 - 000002984 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3 2021-08-11 01:42 - 2021-08-11 01:43 - 000002918 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-500 2021-08-11 01:42 - 2021-08-11 01:42 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-11 01:42 - 2021-08-11 01:42 - 000003242 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-08-11 01:42 - 2021-08-11 01:42 - 000003214 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c694583533f 2021-08-11 01:42 - 2021-08-11 01:42 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-11 01:42 - 2021-08-11 01:42 - 000003066 _____ C:\WINDOWS\system32\Tasks\WpsNotifyTask_Administrator 2021-08-11 01:42 - 2021-08-11 01:42 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2547849061-2848747678-2711715184-1001 2021-08-11 01:42 - 2021-08-11 01:42 - 000002406 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice 2021-08-11 01:42 - 2021-08-11 01:42 - 000002400 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus 2021-08-11 01:42 - 2021-08-11 01:42 - 000002340 _____ C:\WINDOWS\system32\Tasks\RTKCPL 2021-08-11 01:42 - 2021-08-11 01:42 - 000002274 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260 2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUSTek Computer Inc 2021-08-11 01:42 - 2021-08-11 01:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS 2021-08-11 01:42 - 2020-09-27 09:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500 2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2021-08-11 01:40 - 2021-08-11 01:42 - 000007623 _____ C:\WINDOWS\diagerr.xml 2021-08-11 01:34 - 2021-08-13 17:15 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-08-11 01:22 - 2021-08-15 12:54 - 000000000 ____D C:\Users\nlaun 2021-08-11 01:22 - 2019-12-07 04:10 - 000001105 _____ C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-11 01:18 - 2020-01-16 01:52 - 000104160 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2021-08-11 01:18 - 2020-01-16 01:52 - 000100064 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2021-08-11 01:14 - 2021-08-15 12:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-11 01:14 - 2021-08-14 17:26 - 000311936 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-08-10 22:00 - 2021-08-10 22:00 - 000000000 ___HD C:\$WinREAgent 2021-08-10 20:35 - 2021-08-11 06:30 - 000000000 ___DC C:\WINDOWS\Panther 2021-08-10 20:29 - 2021-08-11 04:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-08-10 20:29 - 2021-08-10 20:29 - 000000000 ____D C:\Program Files\7-Zip 2021-08-10 19:51 - 2021-08-10 19:51 - 000000000 ___HD C:\$Windows.~WS 2021-08-09 18:30 - 2021-08-15 13:09 - 000000000 ____D C:\FRST 2021-08-09 18:04 - 2021-08-09 18:04 - 003018308 _____ C:\Users\nlaun\Downloads\ZHPSuite.zip 2021-08-07 13:59 - 2021-08-15 13:06 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\ZHP 2021-08-07 13:59 - 2021-08-14 16:44 - 000000000 ____D C:\Users\nlaun\AppData\Local\ZHP 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe 2021-08-07 13:29 - 2021-08-07 13:30 - 006724951 _____ C:\Users\nlaun\Downloads\CrystalDiskInfo8_12_5.zip ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-15 13:01 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-15 12:51 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-08-15 12:48 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-15 12:47 - 2020-09-27 09:53 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-15 12:47 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-15 12:45 - 2020-10-29 20:53 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-14 17:26 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-08-14 17:25 - 2020-09-27 09:50 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-14 17:25 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-08-14 17:23 - 2020-10-21 18:25 - 000000000 ____D C:\ProgramData\ASUS 2021-08-14 17:23 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files (x86)\ASUS 2021-08-14 16:21 - 2020-10-21 18:26 - 000000000 ____D C:\ProgramData\WinZip 2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2021-08-14 16:20 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\WildTangent 2021-08-14 16:07 - 2016-04-12 12:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-08-14 16:02 - 2016-04-12 12:26 - 000000000 ____D C:\ProgramData\CyberLink 2021-08-14 15:59 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-13 17:03 - 2020-10-21 06:43 - 000000000 __SHD C:\Users\nlaun\IntelGraphicsProfiles 2021-08-13 17:03 - 2020-10-20 22:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-08-13 17:02 - 2020-10-20 22:26 - 000000000 ____D C:\ProgramData\NVIDIA 2021-08-12 18:49 - 2020-10-21 06:58 - 000000000 ____D C:\Users\nlaun\AppData\Local\D3DSCache 2021-08-11 16:54 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2021-08-11 06:48 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-08-11 06:32 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-08-11 06:31 - 2020-10-21 06:43 - 000000000 ___RD C:\Users\nlaun\3D Objects 2021-08-11 06:31 - 2020-09-27 09:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-08-11 04:13 - 2020-12-12 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-08-11 04:13 - 2020-11-12 20:45 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.8 2021-08-11 04:13 - 2020-11-12 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Video Editor 2020 2021-08-11 04:13 - 2020-10-22 02:30 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-08-11 04:13 - 2020-10-22 00:20 - 000000000 ____D C:\Program Files\UNP 2021-08-11 04:13 - 2020-10-20 22:24 - 000000000 ____D C:\Program Files\Intel 2021-08-11 04:13 - 2020-10-20 18:53 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2021-08-11 04:13 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\WCN 2021-08-11 04:13 - 2019-12-07 04:18 - 000000000 ____D C:\WINDOWS\Setup 2021-08-11 04:13 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 __RHD C:\Users\Public\Libraries 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\spool 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Registration 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\IME 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Help 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-08-11 04:13 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-08-11 04:13 - 2016-04-12 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2021-08-11 04:13 - 2015-11-24 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office 2021-08-11 04:13 - 2015-11-24 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF 2021-08-11 04:13 - 2015-11-24 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2021-08-11 04:11 - 2020-10-20 19:12 - 000000000 ____D C:\WINDOWS\system32\Intel 2021-08-11 04:11 - 2020-10-20 19:08 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\winrm 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\slmgr 2021-08-11 04:11 - 2019-12-07 04:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-08-11 04:11 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\MUI 2021-08-11 04:10 - 2020-10-20 22:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\dsc 2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-08-11 04:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-08-11 04:09 - 2020-11-09 21:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2021-08-11 04:09 - 2020-10-20 22:25 - 000000000 ____D C:\Program Files\Realtek 2021-08-11 04:09 - 2020-10-20 19:11 - 000000000 ____D C:\Program Files\Synaptics 2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-08-11 04:09 - 2019-12-07 04:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-08-11 04:09 - 2019-12-07 04:51 - 000000000 ____D C:\WINDOWS\OCR 2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Resources 2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-08-11 04:09 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-08-11 04:09 - 2016-04-12 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower 2021-08-11 03:59 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-08-11 03:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing 2021-08-11 03:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-08-11 03:57 - 2019-12-07 04:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-08-11 01:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-08-11 01:43 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-08-11 01:42 - 2019-12-07 04:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-08-11 01:39 - 2020-10-21 06:55 - 000000000 ___RD C:\Users\nlaun\OneDrive 2021-08-11 01:31 - 2019-12-07 04:14 - 000000000 __RSD C:\WINDOWS\Media 2021-08-11 01:30 - 2020-10-29 20:56 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-11 01:25 - 2020-12-12 14:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-08-11 01:25 - 2020-10-21 18:28 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane 2021-08-11 01:23 - 2020-10-21 06:43 - 000000000 ____D C:\Users\nlaun\AppData\Local\Packages 2021-08-11 01:20 - 2020-10-20 19:11 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2021-08-11 01:19 - 2020-10-20 22:26 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX3 2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\WINDOWS\system32\DAX2 2021-08-11 01:19 - 2020-10-20 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek 2021-08-11 01:19 - 2020-10-20 19:12 - 000000000 ____D C:\ProgramData\SetupTPDriver 2021-08-11 01:18 - 2020-10-20 22:24 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2021-08-10 20:26 - 2020-11-08 22:57 - 000000000 ____D C:\ESD 2021-08-09 22:12 - 2020-12-05 17:03 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\Easeware 2021-08-09 20:17 - 2020-11-19 22:06 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2021-08-09 19:44 - 2020-09-27 09:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-08-09 19:43 - 2020-10-22 06:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-08-09 18:00 - 2020-10-22 02:29 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-08-08 09:15 - 2020-10-21 06:59 - 000000000 ____D C:\ProgramData\Avast Software 2021-08-08 09:14 - 2020-10-22 01:24 - 000000000 ____D C:\Users\nlaun\AppData\Local\CrashDumps 2021-08-07 21:24 - 2020-11-12 19:47 - 000000000 ____D C:\Users\nlaun\AppData\Roaming\VideoWinSoft 2021-08-07 21:07 - 2020-10-21 06:49 - 000000000 ____D C:\Users\nlaun\AppData\Local\PlaceholderTileLogoFolder 2021-08-07 16:54 - 2020-11-12 19:46 - 000000000 ____D C:\Program Files\Windows Video Editor 2020 2021-08-07 14:00 - 2020-12-05 17:52 - 000007599 _____ C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg 2021-07-16 09:45 - 2020-10-22 06:45 - 000740152 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2021-07-16 09:45 - 2020-10-22 06:45 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll ==================== Files in the root of some directories ======== 2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe 2020-10-21 06:46 - 2021-04-18 15:13 - 000000165 _____ () C:\Users\nlaun\AppData\Roaming\sp_data.sys 2020-12-05 17:52 - 2021-08-07 14:00 - 000007599 _____ () C:\Users\nlaun\AppData\Local\Resmon.ResmonCfg ==================== SigCheckExt ========================= 2015-05-21 19:00 - 2015-05-21 19:00 - 000002560 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IusEventLog.dll 2016-04-12 11:52 - 2015-08-06 11:43 - 000155464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2016-04-12 11:55 - 2015-10-02 21:23 - 001317192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2016-04-12 11:55 - 2015-10-02 21:23 - 001423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2021-08-15 12:54 - 2021-08-15 12:54 - 003475096 _____ (Nicolas Coolman) C:\Users\nlaun\ZHPSuite.exe 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3 (1).exe 2021-08-07 13:59 - 2021-08-07 13:59 - 003278488 _____ (Nicolas Coolman) C:\Users\nlaun\Downloads\ZHPDiag3.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {4633d305-22f7-11eb-826d-806e6f6e6963} {4633d306-22f7-11eb-826d-806e6f6e6963} {4633d307-22f7-11eb-826d-806e6f6e6963} timeout 2 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {4633d305-22f7-11eb-826d-806e6f6e6963} description UEFI:CD/DVD Drive Firmware Application (101fffff) ------------------------------- identifier {4633d306-22f7-11eb-826d-806e6f6e6963} description UEFI:Removable Device Firmware Application (101fffff) ------------------------------- identifier {4633d307-22f7-11eb-826d-806e6f6e6963} description UEFI:Network Device Windows Boot Loader ------------------- identifier {5b0fbfd8-00cd-11e6-8254-2c56dcbe017c} device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{5b0fbfd9-00cd-11e6-8254-2c56dcbe017c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {5db5bb55-1332-11eb-b44f-ee3bd680112c} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c} path \windows\system32\winload.efi description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{5db5bb56-1332-11eb-b44f-ee3bd680112c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale en-US inherit {bootloadersettings} recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {68e4b37b-fa84-11eb-8af8-b5175f7de73a} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {68e4b37d-fa84-11eb-8af8-b5175f7de73a} device ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a} path \windows\system32\winload.efi description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{68e4b37e-fa84-11eb-8af8-b5175f7de73a} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Setup ------------- identifier {7254a080-1510-4e85-ac0f-e7fb3d444736} device ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c} bootstatdevice partition=C: custom:11000083 partition=C: path \windows\system32\winload.efi description Windows Rollback locale en-US bootstatfilepath \$WINDOWS.~BT\Sources\SafeOS\bootstat.dat inherit {bootloadersettings} restartonfailure Yes osdevice ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{5db5bb57-1332-11eb-b44f-ee3bd680112c} custom:21000152 partition=C: systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {5db5bb52-1332-11eb-b44f-ee3bd680112c} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {5db5bb55-1332-11eb-b44f-ee3bd680112c} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Resume from Hibernate --------------------- identifier {68e4b37b-fa84-11eb-8af8-b5175f7de73a} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {68e4b37d-fa84-11eb-8af8-b5175f7de73a} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {5db5bb56-1332-11eb-b44f-ee3bd680112c} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi Device options -------------- identifier {5db5bb57-1332-11eb-b44f-ee3bd680112c} description Windows Setup ramdisksdidevice partition=C: ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi Device options -------------- identifier {68e4b37e-fa84-11eb-8af8-b5175f7de73a} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================