Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01 Ran by RRRIO (administrator) on RRRIO (Alienware Alienware 17) (27-02-2024 11:50:56) Running from C:\Users\EMI\Desktop\FRST64 (2).exe Loaded Profiles: RRRIO Platform: Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Dell Inc. -> Alienware) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [MacDrive 10 helper] => C:\Program Files\Mediafour\MacDrive 10\MDHelper.exe [299872 2017-09-28] (Mediafour Corporation -> Mediafour Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel) HKLM-x32\...\Run: [WinZip UN] => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [Native Instruments Maschine MK3 Control Panel] => C:\Program Files\Native Instruments\Maschine MK3 Driver\nimc3cpl.exe [10499696 2017-08-08] (Native Instruments GmbH -> Native Instruments GmbH) HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [loopMIDI] => C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe [5516048 2019-12-14] (Tobias Erichsen -> Tobias Erichsen) HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [MicrosoftEdgeAutoLaunch_915AF156048C6E34903DA16F370929C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4131264 2023-10-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\WINDOWS\system32\custmon64.dll [87040 2016-12-16] () [File not signed] HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2019-12-03] (Copyright (c) Code Industry Ltd) [File not signed] HKLM\...\Print\Monitors\PDFescape Desktop Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\pdfescape desktop_pdfpmon_v.4.12.26.3.dll [932984 2020-03-12] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com)) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\118.0.5993.70\Installer\chrmstp.exe [2023-10-11] (Google LLC -> Google LLC) Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2020-11-13] ShortcutAndArgument: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN56O354WN05X4;CONNECTION=USB;MONITOR=1; Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myCANAL.lnk [2022-11-21] ShortcutTarget: myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2023-04-17] ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-03-12] ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Préchargeur.lnk [2020-11-13] ShortcutTarget: WinZip Préchargeur.lnk -> C:\Program Files (x86)\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing) GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {9A31BD0F-DF3E-4152-B267-0DC6BA559102} - System32\Tasks\AdobeAAMUpdater-1.0-RRRIO-RRRIO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {1F56F72E-25FE-4F57-A3DD-C8F324A83C49} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {1C07886B-D6C7-476D-83C8-BF14A28E0F8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [739168 2023-10-09] (Dell Inc -> Dell Inc.) Task: {2936F1DC-6A2C-470D-AD72-CE501F302B25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC) Task: {CDB5CB1C-4994-4862-9EE9-8A2CA9C7B640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC) Task: {D93D2F83-C6B8-4152-8D15-0DE716587AF6} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {ECF9327F-6EEC-4477-AADB-87006AD10DA9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {AA6A185B-E9E7-4CCB-B086-2FF0D34C8218} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {49E5449D-91EC-45CC-88B3-858C56D61D96} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File) Task: {97BDE1D6-74FC-449C-8D8D-C49FE2FCE4A2} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File) Task: {324CA5E4-6A9A-4AFB-BF7F-705FAB4D17CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E2C86FD1-8477-4402-9D74-AC870C438953} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {420D00BB-0B3D-488C-8DCD-E51E63273BA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D4E1D4BD-884B-4A7F-B0AE-E346676D30DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A854247F-A49C-44F4-BE49-21426C369409} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed] Task: {A2867FCA-771B-44A2-9773-1E4FFA941291} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed] Task: {0592B3C9-526D-46A2-9088-8A5536378D4B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-500 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed] Task: {62FBF37B-2FA8-4173-B328-A96A9587936A} - System32\Tasks\Opera scheduled assistant Autoupdate 1566558003 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\EMI\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {BA92E9A9-EEE3-4368-B4A4-ECB7B830271C} - System32\Tasks\Opera scheduled Autoupdate 1566558001 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File) Task: {3D712841-DD0D-47AA-946F-B7EB923B2267} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {773F3AA3-37B1-4B6F-926D-D0FE64C35469} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-11] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" Task: {B7F7E568-A85C-4C69-BA51-956D2B8E0F46} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation) Task: {AA058A36-6271-4DEE-ABE8-C373AAC4293F} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation) Task: {AFF56F3F-40EB-4648-BABA-71BC15F9B465} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpDomain] home Tcpip\..\Interfaces\{4a7eccec-c505-40ee-b01b-9a980c42a6ef}: [DhcpNameServer] 192.168.80.53 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}: [DhcpNameServer] 192.168.140.42 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpNameServer] 192.168.203.245 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpDomain] access.network Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpNameServer] 10.197.0.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpDomain] wifirst.net Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\35471676961696275637: [DhcpNameServer] 195.36.145.100 195.36.228.100 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpDomain] home Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\7416C61687970214132353030334: [DhcpNameServer] 192.168.249.18 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D25374D293447323: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D293447323: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpDomain] .home Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpDomain] .home Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpDomain] home Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\E454452554749454: [DhcpNameServer] 185.48.254.18 85.14.174.253 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Profile: C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-25] Edge Extension: (Google Docs Offline) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25] Edge Extension: (Edge relevant text changes) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25] FireFox: ======== FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default [2024-02-27] CHR DownloadDir: D:\downloads CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.fnac.com; hxxps://www.nova.fr CHR DefaultSearchURL: Default -> hxxp://selected-search.com/search?q={searchTerms}& CHR DefaultSearchKeyword: Default -> ss CHR Extension: (The Search Selector) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdinjalofclbacjijgifpahcnjapclb [2020-07-22] CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-27] CHR Extension: (Google Docs hors connexion) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-16] CHR Extension: (Screenshot YouTube) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2021-12-21] CHR Extension: (Shazam : le nom des chansons en un clic) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2023-10-11] CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05] CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-21] CHR HKLM\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb] CHR HKLM\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi] CHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb] CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi] CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKLM-x32\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb] CHR HKLM-x32\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi] CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] Opera: ======= OPR Profile: C:\Users\EMI\AppData\Roaming\Opera Software\Opera Stable [2020-11-13] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [115648 2015-08-03] (Andrea Electronics -> Andrea Electronics Corporation) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [16104 2014-10-30] (Dell Inc. -> Alienware) S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.) S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.) S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.) S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> ) S2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell) S4 FilmoTV Server; C:\ProgramData\FilmoTV\nssm.exe [294912 2019-07-18] () [File not signed] S4 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC) S2 MacDrive10Service; C:\Program Files\Mediafour\MacDrive 10\MacDrive10Service.exe [223088 2018-03-21] (Mediafour Corporation -> Mediafour Corporation) S2 myCANAL Server; C:\ProgramData\myCANAL\nssm.exe [294912 2022-09-01] () [File not signed] S2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [24607464 2022-08-05] (Native Instruments GmbH -> Native Instruments GmbH) S4 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2452344 2019-07-01] (PDFescape -> Red Software) S4 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [575352 2019-07-01] (PDFescape -> Red Software) S4 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [1383800 2019-07-01] (PDFescape -> Red Software) S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [405136 2016-12-16] (SafeNet Canada, Inc. -> SafeNet, Inc.) S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1261200 2016-12-14] (SafeNet Canada, Inc. -> SafeNet, Inc) S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.) S2 slpd; C:\Windows\SysWOW64\slpd.exe [102400 2011-02-17] () [File not signed] S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) <==== ATTENTION ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG) S1 CBDisk; C:\WINDOWS\system32\drivers\CBDisk.sys [70344 2015-06-09] (EldoS Corporation -> EldoS Corporation) S3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell) S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] (Compal Electronics, Inc. -> ) S1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-11-08] (Martin Malik - REALiX -> REALiX(tm)) R0 MDAPFS; C:\Windows\System32\Drivers\MDAPFS.sys [458800 2017-12-04] (Mediafour Corporation -> Other World Computing) R0 MDAPFSCT; C:\Windows\System32\Drivers\MDAPFSCT.sys [47944 2017-12-04] (Mediafour Corporation -> Other World Computing) R0 MDDISK; C:\Windows\System32\Drivers\MDDISK.sys [37808 2017-12-04] (Mediafour Corporation -> Other World Computing) S0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [321856 2017-12-04] (Mediafour Corporation -> Other World Computing) R0 MDMOUNT; C:\Windows\System32\Drivers\MDMOUNT.sys [29064 2017-12-04] (Mediafour Corporation -> Other World Computing) S3 nimc3audio; C:\WINDOWS\System32\Drivers\nimc3audio.sys [374296 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH) S3 nimc3usb; C:\WINDOWS\System32\drivers\nimc3usb.sys [91088 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH) S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc. -> Razer Inc) S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc. -> Razer Inc) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics) S3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Unified Intents AB -> Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-07] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [140672 2014-11-24] (Microsoft Windows Hardware Compatibility Publisher -> MBB) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-07] (Microsoft Windows -> Microsoft Corporation) S3 MpKsl72da0771; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80163905-E30D-4E3D-A898-DBDD91690F65}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three months (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-27 11:50 - 2024-02-27 11:51 - 000029335 _____ C:\Users\EMI\Desktop\FRST.txt 2024-02-27 11:50 - 2024-02-27 11:51 - 000000000 ____D C:\FRST 2024-02-27 11:44 - 2024-02-27 11:44 - 000571366 _____ C:\Users\EMI\Desktop\ZHPDiag.html 2024-02-27 11:44 - 2024-02-27 11:44 - 000430041 _____ C:\Users\EMI\Desktop\ZHPDiag.txt 2024-02-27 11:34 - 2024-02-27 11:47 - 000000000 ____D C:\Users\EMI\AppData\Roaming\ZHP 2024-02-27 11:34 - 2024-02-27 11:34 - 000000863 _____ C:\Users\EMI\Desktop\ZHPSuite.lnk 2024-02-27 11:34 - 2024-02-27 11:34 - 000000000 ____D C:\Users\EMI\AppData\Local\ZHP 2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe 2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe ==================== Three months (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2024-02-27 11:51 - 2023-10-19 09:53 - 003260452 _____ C:\WINDOWS\ntbtlog.txt 2024-02-27 11:38 - 2021-05-26 12:50 - 001049538 _____ C:\WINDOWS\system32\perfh00C.dat 2024-02-27 11:38 - 2021-05-26 12:50 - 000269618 _____ C:\WINDOWS\system32\perfc00C.dat 2024-02-27 11:38 - 2021-05-26 11:20 - 000006144 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-02-27 11:33 - 2023-10-19 09:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2024-02-27 11:33 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp 2024-02-27 11:33 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2024-02-27 11:32 - 2021-12-19 20:13 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-02-27 11:32 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-02-27 11:32 - 2019-08-21 08:47 - 000000000 ____D C:\Program Files (x86)\Google 2024-02-27 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-02-27 11:30 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-02-27 11:30 - 2018-10-14 19:50 - 000000000 ____D C:\ProgramData\NVIDIA 2024-02-27 11:30 - 2018-10-14 19:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2024-02-27 11:24 - 2019-08-31 14:35 - 000000000 ____D C:\ProgramData\boost_interprocess 2024-02-27 11:23 - 2021-05-26 11:13 - 000000000 ____D C:\Users\EMI 2024-02-27 11:15 - 2019-12-14 11:54 - 000000000 ____D C:\Users\EMI\AppData\Local\Adobe ==================== Files in the root of some directories ======== 2020-05-29 21:30 - 2020-05-29 21:30 - 000304864 _____ () C:\Users\EMI\AppData\Roaming\Bacagude 2020-05-16 23:30 - 2020-05-16 23:30 - 000310915 _____ () C:\Users\EMI\AppData\Roaming\Bomiponohe 2020-06-12 10:59 - 2020-06-12 10:59 - 000352786 _____ () C:\Users\EMI\AppData\Roaming\Gifepe 2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ () C:\Users\EMI\AppData\Roaming\msregsvv.dll 2020-04-09 23:01 - 2020-09-08 17:59 - 000000381 _____ () C:\Users\EMI\AppData\Roaming\WB.CFG 2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2C.tmp 2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2D.tmp 2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8986.tmp 2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8996.tmp 2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB1C.tmp 2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB2D.tmp 2021-10-01 11:17 - 2021-10-01 11:17 - 000000091 _____ () C:\Users\EMI\AppData\Local\fusioncache.dat 2019-12-23 12:10 - 2019-12-23 12:10 - 000000000 _____ () C:\Users\EMI\AppData\Local\oobelibMkey.log 2019-11-13 08:27 - 2019-11-13 08:27 - 000000079 _____ () C:\Users\EMI\AppData\Local\Temp{8E2FF397-A327-4B40-962D-61A48186742A}.ini ==================== SigCheckExt ========================= 2019-03-19 05:45 - 2019-03-19 05:45 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionMgr.dll 2021-05-13 19:52 - 2021-05-13 19:52 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll 2019-03-19 05:44 - 2019-03-19 05:44 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll 2020-12-09 17:47 - 2020-12-09 17:47 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMFNVSDeviceBridge.dll 2021-04-09 11:35 - 2016-12-16 11:12 - 000087040 _____ C:\WINDOWS\system32\custmon64.dll 2017-09-29 14:42 - 2017-09-29 14:42 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcComImplementations.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 001210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dml.dll 2021-01-13 23:56 - 2021-01-13 23:56 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2021-01-13 23:56 - 2021-01-13 23:56 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll 2019-09-07 14:11 - 2019-09-07 14:11 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemonitor.dll 2018-07-21 16:58 - 2018-06-29 06:11 - 004876800 _____ (Gracenote, Inc.) C:\WINDOWS\system32\gnsdk_fp.dll 2019-09-07 14:11 - 2019-09-07 14:11 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-04-12 00:33 - 2018-04-12 00:33 - 003447296 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrvWn8.dll 2018-04-12 00:33 - 2018-04-12 00:33 - 000303616 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia2DrvRootWn8.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPPMon.dll 2019-12-23 17:41 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll 2019-09-07 14:11 - 2019-09-07 14:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Core.dll 2018-06-16 04:25 - 2018-06-08 06:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2019-03-19 05:43 - 2019-03-19 05:43 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mitigationscanner.exe 2021-02-09 18:21 - 2019-12-03 18:33 - 000026112 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalmon.dll 2021-02-09 18:21 - 2019-12-03 18:33 - 000016896 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalui.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000049664 _____ C:\WINDOWS\system32\PerceptionSimulationInput.exe 2018-04-12 00:34 - 2018-04-12 00:34 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneDataSync.dll 2019-03-19 05:45 - 2019-03-19 05:45 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureBioSysprep.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvcPAL.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe 2018-04-12 00:34 - 2018-04-12 00:34 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmClientApi.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2017-09-29 14:41 - 2017-09-29 14:41 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedic.exe 2021-01-13 23:57 - 2021-01-13 23:57 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.ShellPosition.dll 2017-09-29 14:41 - 2017-09-29 14:41 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Sets.dll 2019-12-23 17:41 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll 2019-12-23 17:41 - 2019-12-04 11:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll 2019-12-23 17:41 - 2019-12-04 11:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll 2019-03-19 05:45 - 2019-03-19 05:45 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\canonurl.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cflapi.dll 2017-09-29 14:42 - 2017-09-29 14:42 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreShellExtFramework.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 001161216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dml.dll 2021-10-12 11:21 - 2020-01-30 11:50 - 003296256 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\FarPoint.Spread8U.Excel2007.dll 2019-12-23 17:41 - 2015-10-24 18:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll 2021-10-12 11:21 - 2020-01-30 11:50 - 000766025 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\fpimage.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamemonitor.dll 2019-12-23 17:41 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll 2018-04-12 00:34 - 2018-04-12 00:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsTelemetry.dll 2021-10-01 11:17 - 2011-02-17 16:44 - 000102400 _____ C:\WINDOWS\SysWOW64\slpd.exe 2021-10-01 11:17 - 2012-05-29 15:37 - 000069632 _____ C:\WINDOWS\SysWOW64\slptool.exe 2017-09-29 14:42 - 2017-09-29 14:42 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2017-09-29 14:42 - 2017-09-29 14:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tier2punctuations.dll 2019-12-23 17:41 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll 2019-12-23 17:41 - 2019-12-04 11:00 - 000681984 _____ C:\WINDOWS\SysWOW64\xvidcore.dll 2019-12-23 17:41 - 2019-12-04 11:00 - 000284160 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll 2020-04-09 10:39 - 2020-04-09 07:41 - 1271901190 _____ (Igor Pavlov) C:\Users\EMI\Desktop\ableton_live_suite_10.1.6_64.iso.7z.exe 2021-06-07 21:02 - 2021-01-02 00:59 - 005220352 _____ C:\Users\EMI\Desktop\adb.exe 2021-06-07 21:02 - 2021-01-02 00:59 - 000097792 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinApi.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 000062976 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinUsbApi.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 050103296 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avcodec-58.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 011094016 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avformat-58.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 000866304 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avutil-56.dll 2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe 2021-06-07 21:01 - 2021-01-02 00:59 - 000627589 _____ C:\Users\EMI\Desktop\scrcpy.exe 2021-06-07 21:02 - 2021-01-02 00:59 - 001561088 _____ () C:\Users\EMI\Desktop\SDL2.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 000433664 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swresample-3.dll 2021-06-07 21:02 - 2021-01-02 00:59 - 000552960 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swscale-5.dll 2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe 2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ C:\Users\EMI\AppData\Roaming\msregsvv.dll ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {906d132a-1dc6-11e6-89cf-806e6f6e6963} {f0dd8695-08a1-11e6-8345-806e6f6e6963} {233deb20-d55b-11ee-8d0b-806e6f6e6963} {906d132b-1dc6-11e6-89cf-806e6f6e6963} {61e12fa0-81ec-11f2-8263-806e6f6e6963} {5cecd55c-bc6f-11eb-8c28-806e6f6e6963} {5cecd55d-bc6f-11eb-8c28-806e6f6e6963} {5cecd55e-bc6f-11eb-8c28-806e6f6e6963} timeout 0 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-GB inherit {globalsettings} default {current} resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Firmware Application (101fffff) ------------------------------- identifier {233deb20-d55b-11ee-8d0b-806e6f6e6963} description USB Storage Device Firmware Application (101fffff) ------------------------------- identifier {5cecd55c-bc6f-11eb-8c28-806e6f6e6963} description EFI USB Device Firmware Application (101fffff) ------------------------------- identifier {5cecd55d-bc6f-11eb-8c28-806e6f6e6963} description EFI DVD/CDROM Firmware Application (101fffff) ------------------------------- identifier {5cecd55e-bc6f-11eb-8c28-806e6f6e6963} description EFI Network Firmware Application (101fffff) ------------------------------- identifier {61e12fa0-81ec-11f2-8263-806e6f6e6963} description Network Firmware Application (101fffff) ------------------------------- identifier {906d132a-1dc6-11e6-89cf-806e6f6e6963} description Hard Drive Firmware Application (101fffff) ------------------------------- identifier {906d132b-1dc6-11e6-89cf-806e6f6e6963} description CD/DVD/CD-RW Drive Firmware Application (101fffff) ------------------------------- identifier {f0dd8695-08a1-11e6-8345-806e6f6e6963} description mSATA Windows Boot Loader ------------------- identifier {41f91d98-171a-11e6-b4b9-b5ce41306c8d} device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d} path \windows\system32\winload.efi description Windows Recovery Environment locale en-GB inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {ebcdf32f-cf45-11e3-91dc-ecf4bb2ae70a} device ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a} path \windows\system32\winload.efi description Windows Recovery Environment locale fr-FR inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a} systemroot \windows nx OptIn bootmenupolicy Standard detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale en-GB inherit {bootloadersettings} recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c} nx OptIn bootmenupolicy Standard Windows Boot Loader ------------------- identifier {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c} device ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c} path \windows\system32\winload.efi description Windows Recovery Environment locale en-GB inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-GB inherit {resumeloadersettings} recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-GB inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume6 ramdisksdipath \Recovery\WindowsRE\boot.sdi Device options -------------- identifier {f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume8 ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== End of FRST.txt ========================