Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021 Ran by ndsky (administrator) on DESKTOP-NPCRNS2 (LENOVO 82BJ) (09-08-2021 08:48:04) Running from C:\Users\ndsky\Desktop Loaded Profiles: ndsky Platform: Windows 10 Home Version 20H2 19042.1110 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <77> (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxCUIServiceN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxEMN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_caa7639078e34732\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_94109c5b9041ee5d\IntelCpHDCPSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_18cd7aaa960d80ce\RstMwService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2fcf64020e032ea8\LenovoUtilityService.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\ndsky\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\ndsky\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Smart Sound Technology -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_639c92dde0957139\AS\IAS\IntelAudioService.exe (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2> (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_6e70ca145e5df695\WTabletServiceISD.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [1158944 2020-09-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> ) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () [File not signed] HKLM\...\Print\Monitors\HP DC11 Status Monitor: C:\Windows\system32\hpinkstsDC11LM.dll [391984 2019-03-15] (HP Inc -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-04] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00BD905B-7C33-4BB7-9A6B-8A6F2ECBA41E} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.) Task: {19F3C1D9-1688-4053-B58C-0CE35D35E41F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {245A19C2-9ED9-44CB-ACF4-B9EF2D30F737} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {247DFEC4-FD5B-4EA5-866A-DFCE2B577C46} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.) Task: {2EBBE5F4-5BC5-4803-9968-A93EC41E3DC4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {686A6345-0A50-427C-B563-331B3A844F9D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {68A5D56D-7FF0-4208-A3AF-0B0C869BC286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-25] (Google LLC -> Google LLC) Task: {915FA48D-2C4D-413D-9065-20F0712C8BA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C0395B29-8CD1-4731-9D7F-C7E0419FD47B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-25] (Google LLC -> Google LLC) Task: {C74F941B-2383-49AE-A972-73BB0EFFC7A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D89111A4-5F59-45B4-90D4-2F53417FC774} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {FFD45199-C52E-4378-9EE8-BE4E6C442D2F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{f61c50f2-49dd-48ef-98df-1319415db90c}: [DhcpNameServer] 10.0.0.1 Edge: ======= Edge Profile: C:\Users\ndsky\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-08] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default [2021-08-09] CHR DownloadDir: C:\Users\ndsky\Downloads CHR Notifications: Default -> hxxps://web.whatsapp.com CHR HomePage: Default -> hxxp://marquee.blogs.cnn.com/ CHR Extension: (Slides) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-25] CHR Extension: (Docs) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-25] CHR Extension: (Google Drive) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-25] CHR Extension: (YouTube) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-25] CHR Extension: (Sheets) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-25] CHR Extension: (Google Docs Offline) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-26] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-25] CHR Extension: (Downloader for OnlyFans.com) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdbbabjcnanbkimdgcdfbnghhmchomnh [2021-02-25] CHR Extension: (Gmail) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-25] CHR Extension: (Chrome Media Router) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27] CHR HKU\S-1-5-21-1019089769-636335406-1104063552-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe [2173912 2020-10-16] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 FMAPOService; C:\Windows\System32\FMService64.exe [361128 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_639c92dde0957139\\AS\\IAS\\IntelAudioService.exe [528232 2020-08-26] (Smart Sound Technology -> Intel) R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2fcf64020e032ea8\LenovoUtilityService.exe [531360 2021-02-23] (Lenovo -> Lenovo(beijing) Limited) R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1820080 2021-02-06] (Lenovo -> Lenovo(beijing) Limited) R2 TISmartAmpService; C:\Windows\System32\TISmartAmpService.exe [537064 2020-07-20] (Texas Instruments Inc. -> Texas Instuments) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 YMC; C:\Windows\System32\YMC.exe [856920 2020-06-17] (Lenovo -> Lenovo Group Ltd.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [417792 2021-06-13] (Microsoft Windows -> Microsoft Corporation) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2d381b4e92c4580e\iaLPSS2_GPIO2_TGL.sys [129288 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_18d252599a45c7f5\iaLPSS2_I2C_TGL.sys [198408 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_a377b182eb0b1769\iaLPSS2_SPI_TGL.sys [156936 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_17edb8d819140063\iaLPSS2_UART2_TGL.sys [311560 2020-06-05] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421168 2020-09-25] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 WacHIDFilterISD; C:\Windows\System32\drivers\WacHIDRouterISDU.sys [181872 2020-09-17] (Wacom Co., Ltd. -> Wacom Technology, Corp.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-08-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-08-05] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-09 08:48 - 2021-08-09 08:48 - 000016853 _____ C:\Users\ndsky\Desktop\FRST.txt 2021-08-09 08:47 - 2021-08-09 08:48 - 000000000 ____D C:\FRST 2021-08-09 08:46 - 2021-08-09 08:46 - 002300416 _____ (Farbar) C:\Users\ndsky\Desktop\FRST64.exe 2021-08-08 17:40 - 2021-08-08 17:40 - 000533634 _____ C:\Windows\gethelp_audiotroubleshooter_latestpackage.zip 2021-08-08 17:40 - 2021-08-08 17:40 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder 2021-08-07 06:59 - 2021-08-07 06:59 - 000003165 _____ C:\Users\ndsky\Downloads\AdultTime.html 2021-08-06 14:36 - 2021-08-06 14:36 - 000031794 _____ C:\Users\ndsky\Downloads\attachment.jpeg 2021-08-03 07:20 - 2021-08-03 07:46 - 041558691 _____ C:\Users\ndsky\Downloads\2061682-b919b8f8e8a7aa330b9092c581d7e77c.mp4 2021-07-31 13:22 - 2021-07-31 13:27 - 178653445 _____ C:\Users\ndsky\Downloads\0gssjd7k8d3ctntbwol0z_240p.mp4 2021-07-31 13:22 - 2021-07-31 13:27 - 137464496 _____ C:\Users\ndsky\Downloads\0gssjd4ah2eql05rzwbil_240p.mp4 2021-07-31 11:00 - 2021-07-31 11:00 - 000003859 _____ C:\Users\ndsky\Downloads\chat_script_6-31-2021_18_678.txt 2021-07-26 18:48 - 2021-07-26 18:48 - 121847548 _____ C:\Users\ndsky\Downloads\genny.zip 2021-07-26 18:37 - 2021-07-26 18:44 - 012591550 _____ C:\Users\ndsky\Downloads\1971307-dbfe236808bb409dce46e1e4e9f52ecb.mp4 2021-07-26 18:20 - 2021-07-26 18:20 - 005680970 _____ C:\Users\ndsky\Downloads\1878670-1ed6e83b83ae8c8ce2985b9a51c1aec6.mp4 2021-07-26 08:40 - 2021-07-26 08:41 - 005302956 _____ C:\Users\ndsky\Downloads\Product_Instruction_4001k_eBook.pdf 2021-07-21 17:13 - 2021-07-21 17:13 - 000006642 _____ C:\Users\ndsky\Downloads\chat_script_6-22-2021_0_887.txt 2021-07-15 21:23 - 2021-07-15 21:23 - 002652937 _____ C:\Users\ndsky\Downloads\HandyPleasedLamb-mobile.mp4 2021-07-15 14:49 - 2021-07-15 14:49 - 000123627 _____ C:\Users\ndsky\Downloads\FastFood.html 2021-07-15 13:46 - 2021-07-15 13:46 - 000100728 _____ C:\Users\ndsky\Downloads\CmeHistory_163930_0.pdf 2021-07-15 07:00 - 2021-07-15 07:00 - 000000000 ____D C:\Users\ndsky\AppData\Local\Quicken 2021-07-14 08:20 - 2021-07-14 08:20 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-07-14 08:20 - 2021-07-14 08:20 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-07-14 08:20 - 2021-07-14 08:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb 2021-07-14 08:20 - 2021-07-14 08:20 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb 2021-07-14 08:20 - 2021-07-14 08:20 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb 2021-07-14 08:20 - 2021-07-14 08:20 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb 2021-07-13 18:05 - 2021-07-13 18:06 - 047742733 _____ C:\Users\ndsky\Downloads\0grjnkw169wi0j2vt0sqv_source 2.mp4 2021-07-13 07:35 - 2021-07-13 07:35 - 000142125 _____ C:\Users\ndsky\Downloads\WhatsApp Image 2021-07-12 at 11.44.02 AM.jpeg 2021-07-12 14:46 - 2021-07-12 14:46 - 000023176 _____ C:\Users\ndsky\Downloads\WhatsApp Image 2021-07-12 at 8.13.58 AM.jpeg 2021-07-12 04:15 - 2021-07-12 04:15 - 002371072 _____ C:\Windows\system32\rdpnano.dll 2021-07-12 04:15 - 2021-07-12 04:15 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll 2021-07-12 04:15 - 2021-07-12 04:15 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2021-07-12 04:15 - 2021-07-12 04:15 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2021-07-12 04:15 - 2021-07-12 04:15 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2021-07-12 04:15 - 2021-07-12 04:15 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2021-07-12 04:15 - 2021-07-12 04:15 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys 2021-07-12 04:15 - 2021-07-12 04:15 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl 2021-07-12 04:15 - 2021-07-12 04:15 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl 2021-07-12 04:15 - 2021-07-12 04:15 - 000060928 _____ C:\Windows\system32\runexehelper.exe 2021-07-10 10:06 - 2021-07-10 10:07 - 027237039 _____ C:\Users\ndsky\Downloads\2021-07-10_0gsbuu11ahqpfr76up9y5_source.mp4 2021-07-10 10:05 - 2021-07-10 10:06 - 004266459 _____ C:\Users\ndsky\Downloads\2021-07-10_0gsbutumgg3t6vhb7hcoo_source.mp4 ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-09 08:37 - 2021-02-25 14:11 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-09 08:37 - 2020-09-27 07:50 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-08-09 08:37 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-09 06:24 - 2021-07-04 21:31 - 000004166 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{79148DE8-7812-41BC-9D43-5530B9E201D6} 2021-08-08 20:58 - 2021-02-25 14:23 - 000000000 ___RD C:\Users\ndsky\Google Drive 2021-08-08 11:15 - 2021-02-23 06:06 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI 2021-08-08 11:15 - 2019-12-07 02:13 - 000000000 ____D C:\Windows\INF 2021-08-08 11:12 - 2021-02-25 14:34 - 000000000 ____D C:\Program Files\Microsoft Office 2021-08-08 11:12 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-08-08 11:11 - 2021-02-25 11:35 - 000000000 ___RD C:\Users\ndsky\OneDrive 2021-08-08 11:11 - 2021-02-25 08:52 - 000000000 __SHD C:\Users\ndsky\IntelGraphicsProfiles 2021-08-08 11:11 - 2021-02-23 06:01 - 000000000 ____D C:\Intel 2021-08-08 11:11 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-08 11:11 - 2020-09-27 07:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-08-08 11:11 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\ServiceState 2021-08-08 11:10 - 2019-12-07 02:03 - 000786432 _____ C:\Windows\system32\config\BBI 2021-08-08 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\AppReadiness 2021-08-08 09:17 - 2021-02-25 14:45 - 000000000 ____D C:\Users\ndsky\AppData\Roaming\discord 2021-08-07 12:24 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-07 06:58 - 2020-09-27 07:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-07 06:58 - 2020-09-27 07:53 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-08-05 04:52 - 2020-09-27 07:51 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-08-04 20:09 - 2021-02-25 14:11 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-04 20:09 - 2021-02-25 14:11 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-04 14:35 - 2021-02-25 14:15 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-04 14:35 - 2021-02-25 14:15 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-08-04 11:35 - 2021-02-25 14:45 - 000000000 ____D C:\Users\ndsky\AppData\Local\Discord 2021-08-02 18:15 - 2021-02-25 11:35 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1019089769-636335406-1104063552-1001 2021-08-02 18:15 - 2021-02-25 11:32 - 000002379 _____ C:\Users\ndsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-07-29 20:17 - 2020-09-27 07:53 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-07-29 20:17 - 2020-09-27 07:53 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-07-17 00:58 - 2021-02-25 11:32 - 000000000 ____D C:\Users\ndsky 2021-07-17 00:58 - 2020-09-27 07:50 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2021-07-17 00:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SystemResources 2021-07-17 00:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-07-17 00:58 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\bcastdvr 2021-07-17 00:58 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-14 08:21 - 2019-12-07 02:03 - 000000000 ____D C:\Windows\CbsTemp 2021-07-14 08:17 - 2021-02-28 23:34 - 000000000 ____D C:\Windows\system32\MRT 2021-07-14 08:16 - 2021-02-28 23:34 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\setup 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\oobe 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\system32\Dism 2021-07-12 13:19 - 2019-12-07 02:14 - 000000000 ____D C:\Windows\Provisioning ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================