Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021 Ran by ndsky (administrator) on DESKTOP-NPCRNS2 (LENOVO 82BJ) (10-08-2021 11:14:43) Running from C:\Users\ndsky\Desktop Loaded Profiles: ndsky Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~3.INF\DAX3API.exe (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <67> (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_f75fa513cf0ccec1\esif_uf.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxCUIServiceN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_9ea30e7f88626f47\igfxEMN.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_caa7639078e34732\OneApp.IGCC.WinService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_94109c5b9041ee5d\IntelCpHDCPSvc.exe (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_18cd7aaa960d80ce\RstMwService.exe (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2fcf64020e032ea8\LenovoUtilityService.exe (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\ndsky\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mspaint.exe <10> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Smart Sound Technology -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_639c92dde0957139\AS\IAS\IntelAudioService.exe (Texas Instruments Inc. -> Texas Instuments) C:\Windows\System32\TISmartAmpService.exe <2> (Wacom Co., Ltd. -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_6e70ca145e5df695\WTabletServiceISD.exe <2> ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1158944 2020-09-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> ) HKU\S-1-5-21-1019089769-636335406-1104063552-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] () [File not signed] HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP DC11 Status Monitor: C:\WINDOWS\system32\hpinkstsDC11LM.dll [391984 2019-03-15] (HP Inc -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-04] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00BD905B-7C33-4BB7-9A6B-8A6F2ECBA41E} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.) Task: {19F3C1D9-1688-4053-B58C-0CE35D35E41F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {247DFEC4-FD5B-4EA5-866A-DFCE2B577C46} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.) Task: {26C9B86C-DB67-4C6F-8731-CBACED14B522} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2EBBE5F4-5BC5-4803-9968-A93EC41E3DC4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {3DA9D75A-1C6B-441E-A29C-5369E7C93F38} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ndsky\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-09] (ESET, spol. s r.o. -> ESET) Task: {4749607A-2642-4DE5-A778-F81125A4D2D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {686A6345-0A50-427C-B563-331B3A844F9D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {68A5D56D-7FF0-4208-A3AF-0B0C869BC286} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-25] (Google LLC -> Google LLC) Task: {819FAB3B-2F0D-4243-A87B-766FD345580C} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ndsky\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-08-09] (ESET, spol. s r.o. -> ESET) Task: {911275E3-9591-4EA7-9971-853A8A10853F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C0395B29-8CD1-4731-9D7F-C7E0419FD47B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-25] (Google LLC -> Google LLC) Task: {D89111A4-5F59-45B4-90D4-2F53417FC774} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-03] (Microsoft Corporation -> Microsoft Corporation) Task: {DF1513FA-B9CC-4534-9FEA-EE523AA014A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.131.30 Tcpip\..\Interfaces\{f61c50f2-49dd-48ef-98df-1319415db90c}: [DhcpNameServer] 192.168.131.30 Edge: ======= Edge Profile: C:\Users\ndsky\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-10] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default [2021-08-10] CHR DownloadDir: C:\Users\ndsky\Downloads CHR Notifications: Default -> hxxps://web.whatsapp.com CHR HomePage: Default -> hxxp://marquee.blogs.cnn.com/ CHR Extension: (Slides) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-25] CHR Extension: (Docs) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-25] CHR Extension: (Google Drive) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-25] CHR Extension: (YouTube) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-25] CHR Extension: (Sheets) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-25] CHR Extension: (Google Docs Offline) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-26] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-25] CHR Extension: (Downloader for OnlyFans.com) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdbbabjcnanbkimdgcdfbnghhmchomnh [2021-02-25] CHR Extension: (Gmail) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-25] CHR Extension: (Chrome Media Router) - C:\Users\ndsky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-27] CHR HKU\S-1-5-21-1019089769-636335406-1104063552-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e9ebbe69987eef47\DAX3API.exe [2173912 2020-10-16] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [361128 2020-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_639c92dde0957139\\AS\\IAS\\IntelAudioService.exe [528232 2020-08-26] (Smart Sound Technology -> Intel) R2 LenovoFnAndFunctionKeys; C:\WINDOWS\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_2fcf64020e032ea8\LenovoUtilityService.exe [531360 2021-02-23] (Lenovo -> Lenovo(beijing) Limited) R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1820080 2021-02-06] (Lenovo -> Lenovo(beijing) Limited) R2 TISmartAmpService; C:\WINDOWS\System32\TISmartAmpService.exe [537064 2020-07-20] (Texas Instruments Inc. -> Texas Instuments) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 YMC; C:\WINDOWS\System32\YMC.exe [856920 2020-06-17] (Lenovo -> Lenovo Group Ltd.) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2d381b4e92c4580e\iaLPSS2_GPIO2_TGL.sys [129288 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_18d252599a45c7f5\iaLPSS2_I2C_TGL.sys [198408 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_a377b182eb0b1769\iaLPSS2_SPI_TGL.sys [156936 2020-06-05] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_17edb8d819140063\iaLPSS2_UART2_TGL.sys [311560 2020-06-05] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1421168 2020-09-25] (Intel(R) Rapid Storage Technology -> Intel Corporation) R3 WacHIDFilterISD; C:\WINDOWS\System32\drivers\WacHIDRouterISDU.sys [181872 2020-09-17] (Wacom Co., Ltd. -> Wacom Technology, Corp.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-05] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-10 07:13 - 2021-08-10 07:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-08-10 07:13 - 2021-08-10 07:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-08-10 07:12 - 2021-08-10 07:12 - 000000020 ___SH C:\Users\ndsky\ntuser.ini 2021-08-10 07:12 - 2021-08-10 06:16 - 000000000 ____D C:\Windows.old 2021-08-10 06:18 - 2021-08-10 06:18 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-08-10 06:16 - 2021-08-10 10:23 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{79148DE8-7812-41BC-9D43-5530B9E201D6} 2021-08-10 06:16 - 2021-08-10 06:16 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-08-10 06:16 - 2021-08-10 06:16 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-08-10 06:16 - 2021-08-10 06:16 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-08-10 06:16 - 2021-08-10 06:16 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-08-10 06:16 - 2021-08-10 06:16 - 000003020 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn 2021-08-10 06:16 - 2021-08-10 06:16 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1019089769-636335406-1104063552-1001 2021-08-10 06:16 - 2021-08-10 06:16 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1019089769-636335406-1104063552-500 2021-08-10 06:16 - 2021-08-10 06:16 - 000002640 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime 2021-08-10 06:16 - 2021-08-10 06:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-08-10 06:16 - 2021-08-10 06:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel 2021-08-10 06:16 - 2021-08-10 06:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2021-08-10 06:16 - 2020-09-27 07:58 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-283516741-3080081594-3377497909-500 2021-08-10 06:15 - 2021-08-10 06:16 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2021-08-10 06:15 - 2021-08-10 06:16 - 000007623 _____ C:\WINDOWS\diagerr.xml 2021-08-10 06:12 - 2021-08-10 10:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-08-10 06:12 - 2021-08-10 06:12 - 000435384 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-08-10 06:09 - 2021-08-10 07:12 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-08-10 06:08 - 2021-08-10 07:12 - 000000000 ____D C:\Users\ndsky 2021-08-10 06:08 - 2021-08-10 06:09 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-08-10 06:08 - 2019-12-07 02:10 - 000001105 _____ C:\Users\ndsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-08-10 06:05 - 2021-08-10 06:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-08-10 06:05 - 2021-08-10 06:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-08-10 06:05 - 2021-08-10 06:05 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-08-10 06:05 - 2021-08-10 06:05 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-08-10 06:05 - 2021-08-10 06:05 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-08-10 06:05 - 2021-08-10 06:05 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-08-10 06:05 - 2021-08-10 06:05 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-08-10 06:05 - 2021-08-10 06:05 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-08-10 06:05 - 2021-08-10 06:05 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-08-10 06:05 - 2021-08-10 06:05 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-08-10 06:05 - 2021-08-10 06:05 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-08-10 06:05 - 2021-08-10 06:05 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-08-10 06:05 - 2021-08-10 06:05 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-08-10 06:05 - 2021-08-10 06:05 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-08-10 06:05 - 2021-08-10 06:05 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-08-10 06:05 - 2021-08-10 06:05 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-08-10 06:05 - 2021-08-10 06:05 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-08-10 06:05 - 2021-08-10 06:05 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-08-10 06:05 - 2021-08-10 06:05 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-08-10 06:05 - 2021-08-10 06:05 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-08-10 06:05 - 2021-08-10 06:05 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-08-10 06:05 - 2021-08-10 06:05 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-08-10 06:05 - 2021-08-10 06:05 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-08-10 06:05 - 2021-08-10 06:05 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-08-10 05:56 - 2021-08-10 05:56 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-08-09 22:42 - 2021-08-10 07:12 - 000000000 ___DC C:\WINDOWS\Panther 2021-08-09 22:00 - 2021-08-09 22:42 - 000000000 ____D C:\ESD 2021-08-09 21:58 - 2021-08-09 21:58 - 000000000 ___HD C:\$Windows.~WS 2021-08-09 12:45 - 2021-08-09 21:38 - 000001216 _____ C:\Users\ndsky\Desktop\Fixlog.txt 2021-08-09 12:45 - 2021-08-09 12:45 - 000000106 _____ C:\Users\ndsky\Desktop\yzsvrpdobymunz.txt 2021-08-09 11:54 - 2021-08-09 11:54 - 000000264 _____ C:\Users\ndsky\Desktop\eset.txt 2021-08-09 10:56 - 2021-08-09 10:56 - 000001378 _____ C:\Users\ndsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-08-09 10:56 - 2021-08-09 10:56 - 000001272 _____ C:\Users\ndsky\Desktop\ESET Online Scanner.lnk 2021-08-09 10:56 - 2021-08-09 10:56 - 000000000 ____D C:\Users\ndsky\AppData\Local\ESET 2021-08-09 10:55 - 2021-08-09 10:55 - 011697056 _____ (ESET) C:\Users\ndsky\Desktop\esetonlinescanner.exe 2021-08-09 08:48 - 2021-08-10 11:15 - 000016803 _____ C:\Users\ndsky\Desktop\FRST.txt 2021-08-09 08:48 - 2021-08-09 08:49 - 000034654 _____ C:\Users\ndsky\Desktop\Addition.txt 2021-08-09 08:47 - 2021-08-10 11:14 - 000000000 ____D C:\FRST 2021-08-09 08:46 - 2021-08-09 08:46 - 002300416 _____ (Farbar) C:\Users\ndsky\Desktop\FRST64.exe 2021-08-08 17:40 - 2021-08-08 17:40 - 000533634 _____ C:\WINDOWS\gethelp_audiotroubleshooter_latestpackage.zip 2021-08-08 17:40 - 2021-08-08 17:40 - 000000000 ____D C:\ProgramData\WindowsPerformanceRecorder 2021-08-07 06:59 - 2021-08-07 06:59 - 000003165 _____ C:\Users\ndsky\Downloads\AdultTime.html 2021-08-06 14:36 - 2021-08-06 14:36 - 000031794 _____ C:\Users\ndsky\Downloads\attachment.jpeg 2021-08-03 07:20 - 2021-08-03 07:46 - 041558691 _____ C:\Users\ndsky\Downloads\2061682-b919b8f8e8a7aa330b9092c581d7e77c.mp4 2021-07-31 13:22 - 2021-07-31 13:27 - 178653445 _____ C:\Users\ndsky\Downloads\0gssjd7k8d3ctntbwol0z_240p.mp4 2021-07-31 13:22 - 2021-07-31 13:27 - 137464496 _____ C:\Users\ndsky\Downloads\0gssjd4ah2eql05rzwbil_240p.mp4 2021-07-31 11:00 - 2021-07-31 11:00 - 000003859 _____ C:\Users\ndsky\Downloads\chat_script_6-31-2021_18_678.txt 2021-07-26 18:48 - 2021-07-26 18:48 - 121847548 _____ C:\Users\ndsky\Downloads\genny.zip 2021-07-26 18:37 - 2021-07-26 18:44 - 012591550 _____ C:\Users\ndsky\Downloads\1971307-dbfe236808bb409dce46e1e4e9f52ecb.mp4 2021-07-26 18:20 - 2021-07-26 18:20 - 005680970 _____ C:\Users\ndsky\Downloads\1878670-1ed6e83b83ae8c8ce2985b9a51c1aec6.mp4 2021-07-26 08:40 - 2021-07-26 08:41 - 005302956 _____ C:\Users\ndsky\Downloads\Product_Instruction_4001k_eBook.pdf 2021-07-21 17:13 - 2021-07-21 17:13 - 000006642 _____ C:\Users\ndsky\Downloads\chat_script_6-22-2021_0_887.txt 2021-07-15 21:23 - 2021-07-15 21:23 - 002652937 _____ C:\Users\ndsky\Downloads\HandyPleasedLamb-mobile.mp4 2021-07-15 14:49 - 2021-07-15 14:49 - 000123627 _____ C:\Users\ndsky\Downloads\FastFood.html 2021-07-15 13:46 - 2021-07-15 13:46 - 000100728 _____ C:\Users\ndsky\Downloads\CmeHistory_163930_0.pdf 2021-07-15 07:00 - 2021-07-15 07:00 - 000000000 ____D C:\Users\ndsky\AppData\Local\Quicken 2021-07-13 18:05 - 2021-07-13 18:06 - 047742733 _____ C:\Users\ndsky\Downloads\0grjnkw169wi0j2vt0sqv_source 2.mp4 2021-07-13 07:35 - 2021-07-13 07:35 - 000142125 _____ C:\Users\ndsky\Downloads\WhatsApp Image 2021-07-12 at 11.44.02 AM.jpeg 2021-07-12 14:46 - 2021-07-12 14:46 - 000023176 _____ C:\Users\ndsky\Downloads\WhatsApp Image 2021-07-12 at 8.13.58 AM.jpeg ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-08-10 11:14 - 2021-02-25 14:11 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-10 11:08 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-10 11:03 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-10 07:56 - 2021-02-25 14:23 - 000000000 ___RD C:\Users\ndsky\Google Drive 2021-08-10 07:34 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-10 07:28 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-08-10 07:16 - 2021-02-25 11:35 - 000000000 ___RD C:\Users\ndsky\OneDrive 2021-08-10 07:12 - 2021-02-25 14:45 - 000000000 ____D C:\Users\ndsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2021-08-10 07:12 - 2021-02-25 14:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2021-08-10 07:12 - 2021-02-25 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2021-08-10 07:12 - 2021-02-25 11:34 - 000000000 ___RD C:\Users\ndsky\3D Objects 2021-08-10 07:12 - 2021-02-25 08:52 - 000000000 __SHD C:\Users\ndsky\IntelGraphicsProfiles 2021-08-10 07:12 - 2021-02-24 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-08-10 07:12 - 2021-02-24 22:50 - 000000000 ____D C:\Users\ndsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DF Software 2021-08-10 07:12 - 2020-09-27 07:54 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-08-10 07:12 - 2019-12-07 02:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\spool 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2021-08-10 07:12 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-08-10 06:31 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-08-10 06:16 - 2021-02-25 14:15 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-10 06:16 - 2021-02-25 14:15 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-08-10 06:16 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-08-10 06:16 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-08-10 06:16 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-08-10 06:14 - 2021-02-23 06:01 - 000000000 ____D C:\Intel 2021-08-10 06:14 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-10 06:14 - 2019-12-07 02:14 - 000000000 __RSD C:\WINDOWS\Media 2021-08-10 06:14 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-08-10 06:13 - 2020-09-27 07:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-08-10 06:13 - 2020-09-27 07:53 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-08-10 06:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-08-10 06:13 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-08-10 06:13 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-08-10 06:11 - 2019-12-07 02:18 - 000000000 ____D C:\WINDOWS\Setup 2021-08-10 06:10 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\USOPrivate 2021-08-10 06:09 - 2021-02-25 11:34 - 000000000 ____D C:\Users\ndsky\AppData\Local\Packages 2021-08-10 06:07 - 2019-12-07 02:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-08-10 06:07 - 2019-12-07 02:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-08-10 06:07 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-08-10 06:07 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-08-08 11:12 - 2021-02-25 14:34 - 000000000 ____D C:\Program Files\Microsoft Office 2021-08-08 09:17 - 2021-02-25 14:45 - 000000000 ____D C:\Users\ndsky\AppData\Roaming\discord 2021-08-05 04:52 - 2020-09-27 07:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-08-04 11:35 - 2021-02-25 14:45 - 000000000 ____D C:\Users\ndsky\AppData\Local\Discord 2021-07-14 08:17 - 2021-02-28 23:34 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-07-14 08:16 - 2021-02-28 23:34 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================