Keyboard locking up, odd characters in GMER

Hi-

 

I recently set up an old laptop with Win10. After a few weeks, the keyboard and mouse becomes unresponsive for one user (my wife). I can log in and work with no issues.

I ran various troubleshooting steps for the keyboard, also opened the laptop and checked connections, all seem OK.

So I thought I’d check for malware or viruses by running gmer. Right off I noticed several Processes with odd characters, either Chinese or Arabic? When I click anywhere on Gmer it abruptly disappears. I was not able to get a screenshot of it. Gmer does not generate any logs that I can find.

 

Checking Windows defender, it shows no scans have been performed even though I tried running some manually.

 

So, any help is appreciated, FRST logs follow:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2022
Ran by mark (administrator) on CASTOR (Dell Inc. Precision 3510) (13-02-2022 11:33:37)
Running from C:UsersmarkDesktop
Loaded Profiles: mark
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApntEx.exe
(C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunAppVShNotify.exe <2>
(C:Program FilesDellTPadApoint.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApMsgFwd.exe
(C:Program FilesDellTPadApoint.exe ->) (ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:Program FilesDellTPadhidfind.exe
(C:Program FilesDellTPadHidMonitorSvc.exe ->) (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadApoint.exe
(C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MpCopyAccelerator.exe
(DriverStoreFileRepositorycui_dch.inf_amd64_7208949846a9b9dcigfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7208949846a9b9dcigfxEM.exe
(DriverStoreFileRepositoryu0360470.inf_amd64_35c64671e7fac064B360357atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0360470.inf_amd64_35c64671e7fac064B360357atieclxx.exe
(explorer.exe ->) (Google LLC -> ) C:Program FilesGoogleDrive File Stream55.0.3.0crashpad_handler.exe <3>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe <7>
(explorer.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:Program FilesNordVPNNordVPN.exe
(explorer.exe ->) (Notepad++ -> Don HO [email protected]) C:Program FilesNotepad++notepad++.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.122GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.122GoogleCrashHandler64.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryu0360470.inf_amd64_35c64671e7fac064B360357atiesrxx.exe
(services.exe ->) (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:Program FilesDellTPadHidMonitorSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_7208949846a9b9dcigfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryigcc_dch.inf_amd64_9cf4db1a1fd1b22dOneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_22e8552b44b17c6dIntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_22e8552b44b17c6dIntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorylms.inf_amd64_fddb643595e0b8d0LMS.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:WindowsSystem32DriverStoreFileRepositoryiclsclient.inf_amd64_76523213b78d9046libTPMProvisioningService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydal.inf_amd64_b5484efd38adbe8djhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_f881c4be237ce854RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0NisSrv.exe
(services.exe ->) (nordvpn s.a. -> TEFINCOM S.A.) C:Program FilesNordVPNnordvpn-service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [Apoint] => C:Program FilesDellTPadApoint.exe [767480 2021-09-02] (ALPS ALPINE CO.,LTD. -> ALPSALPINE Co., Ltd.)
HKUS-1-5-19…Run: [GoogleDriveFS] => C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKUS-1-5-20…Run: [GoogleDriveFS] => C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKUS-1-5-21-3347679955-1309227196-75804269-1005…Run: [GoogleDriveFS] => C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKUS-1-5-21-3347679955-1309227196-75804269-1006…Run: [GoogleDriveFS] => C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKUS-1-5-21-3347679955-1309227196-75804269-1006…Run: [NordVPN] => C:Program FilesNordVPNNordVPN.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
HKUS-1-5-18…Run: [GoogleDriveFS] => C:Program FilesGoogleDrive File Stream55.0.3.0GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication98.0.4758.82Installerchrmstp.exe [2022-02-09] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0206CEB9-8DAE-455F-A042-3FD46AF8AE5E} – System32TasksMozillaFirefox Background Update 308046B0AF4A39CB => C:Program FilesMozilla Firefoxfirefox.exe –MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 –MOZ_LOG_FILE C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38updates308046B0AF4A39CBbackgroundupdate.moz_log –backgroundtask backgroundupdate
Task: {255CAA41-5FE3-43DD-9664-D5D536967DBE} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-12-18] (Google LLC -> Google LLC)
Task: {2C4DDBFB-59CB-4422-8462-A1B71C9054B1} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46326D1B-5AB5-42BC-9768-7C9F68553C72} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program Files (x86)Microsoft OfficerootOffice16msoia.exe [6469008 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DBEDB17-9F00-4503-A1AD-86A3360E3E5F} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {50B8503D-6A19-4B17-9004-F63194B057D7} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program Files (x86)Microsoft OfficerootOffice16msoia.exe [6469008 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {681C600F-9A08-4873-BE50-B0AE393F2782} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6A01FA1F-E7CA-458C-85F0-0837740552CF} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22882216 2022-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {706E21D4-3B20-46AF-8668-5EE687911557} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110968 2022-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {79866445-E032-4B5B-B9C5-EC50DB40E328} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22882216 2022-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {8C1A093A-9E27-489D-9CCC-811AC7F34730} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe do-task “308046B0AF4A39CB”
Task: {98AA812B-269E-4142-9E25-511DED7D16F9} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C057D072-E118-4C65-BFF7-EE7A01329553} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156232 2021-12-18] (Google LLC -> Google LLC)
Task: {DA8BB5CA-F129-4397-903D-6F3655669105} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program Files (x86)Microsoft OfficerootOffice16sdxhelper.exe [110968 2022-02-13] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip..Interfaces{a9a32634-a82a-4473-be92-7e212f3eff72}: [DhcpNameServer] 192.168.177.1
Tcpip..Interfaces{aca9479a-b63b-4db2-a81f-43a91c65fd09}: [NameServer] 103.86.99.99,103.86.96.96

Edge:
=======
Edge Profile: C:UsersmarkAppDataLocalMicrosoftEdgeUser DataDefault [2021-12-31]

FireFox:
========
FF DefaultProfile: cvqupz8p.default
FF ProfilePath: C:UsersmarkAppDataRoamingMozillaFirefoxProfilescvqupz8p.default [2021-12-18]
FF ProfilePath: C:UsersmarkAppDataRoamingMozillaFirefoxProfilespjq72vtf.default-release [2022-02-13]
FF Extension: (LastPass: Free Password Manager) – C:UsersmarkAppDataRoaming[email protected]lastpass.com.xpi [2022-02-12]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program Files (x86)Microsoft OfficerootOffice16NPSPWRAP.DLL [2021-12-18] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKUS-1-5-21-3347679955-1309227196-75804269-1005SOFTWAREGoogleChromeExtensions…ChromeExtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKUS-1-5-21-3347679955-1309227196-75804269-1006SOFTWAREGoogleChromeExtensions…ChromeExtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:Program FilesDellTPadHidMonitorSvc.exe [114976 2021-09-02] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [12124536 2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:Program FilesNordVPNnordvpn-service.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6136536 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2201.10-0MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:WindowsSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:WindowsSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 googledrivefs3688; C:WindowsSystem32DRIVERSgoogledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 NDivert; C:WindowsSystem32driversNDivert.sys [105184 2021-06-08] (TEFINCOM S.A. -> )
R1 nordlwf; C:Windowssystem32DRIVERSnordlwf.sys [42576 2021-06-13] (nordvpn s.a. -> TEFINCOM S.A.)
R3 tapnordvpn; C:WindowsSystem32driverstapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:Windowssystem32DRIVERSwintun.sys [29680 2022-02-13] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
U3 uwldqpow; C:UsersmarkAppDataLocalTempuwldqpow.sys [56584 2022-02-12] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> GMER) [File not signed] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-13 11:33 – 2022-02-13 11:33 – 000000000 ____D C:UsersmarkDesktopFRST-OlderVersion
2022-02-13 11:29 – 2022-02-13 11:29 – 000029680 _____ (WireGuard LLC) C:Windowssystem32Driverswintun.sys
2022-02-12 12:33 – 2022-02-12 12:34 – 000000000 ____D C:ProgramDataMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-12 12:33 – 2022-02-12 12:33 – 000000000 ____D C:Windowssystem32TasksMozilla
2022-02-12 12:14 – 2022-02-12 12:15 – 000024208 _____ C:UsersmarkDesktopAddition.txt
2022-02-12 12:13 – 2022-02-13 11:34 – 000015503 _____ C:UsersmarkDesktopFRST.txt
2022-02-12 12:13 – 2022-02-13 11:33 – 000000000 ____D C:FRST
2022-02-12 12:10 – 2022-02-13 11:33 – 002312192 _____ (Farbar) C:UsersmarkDesktopFRST64.exe
2022-02-12 10:34 – 2022-02-12 10:24 – 000380928 _____ C:UsersmarkDesktop65wif2o9.exe
2022-02-12 10:24 – 2022-02-12 10:24 – 000380928 _____ C:UsersmarkDownloads65wif2o9.exe
2022-02-12 10:23 – 2022-02-12 12:33 – 000000000 ____D C:Program FilesMozilla Firefox
2022-02-12 09:39 – 2022-02-12 09:39 – 000726134 _____ C:UsersjoyceDesktopVendor List.pdf
2022-02-12 09:38 – 2022-02-12 09:38 – 000726134 _____ C:UsersjoyceDownloadsVendor List.pdf
2022-02-10 11:37 – 2022-02-10 11:37 – 000223744 _____ C:WindowsSysWOW64TpmTool.exe
2022-02-10 11:37 – 2022-02-10 11:37 – 000011813 _____ C:Windowssystem32DrtmAuthTxt.wim
2022-02-10 11:36 – 2022-02-10 11:36 – 000288768 _____ C:Windowssystem32Windows.Management.InprocObjects.dll
2022-02-10 11:36 – 2022-02-10 11:36 – 000272384 _____ C:Windowssystem32TpmTool.exe
2022-02-10 11:36 – 2022-02-10 11:36 – 000162816 _____ C:Windowssystem32DataStoreCacheDumpTool.exe
2022-02-10 11:31 – 2022-02-10 11:31 – 000000000 ___HD C:$WinREAgent
2022-02-09 16:02 – 2022-02-09 16:02 – 004106284 _____ C:UsersjoyceDownloadsAuction Form – Carolina (2).pdf
2022-02-09 16:02 – 2022-02-09 16:02 – 004106284 _____ C:UsersjoyceDesktopAuction Form – Carolina (2).pdf
2022-01-31 17:59 – 2022-02-11 00:09 – 000000000 ____D C:UsersjoyceAppDataRoamingNotepad++
2022-01-31 17:13 – 2022-01-31 17:13 – 007965825 _____ C:UsersjoyceDownloadsGolfDigestPlanner-Events-Ebook-c (2).pdf
2022-01-31 17:13 – 2022-01-31 17:13 – 007965825 _____ C:UsersjoyceDownloadsGolfDigestPlanner-Events-Ebook-c (1).pdf
2022-01-31 17:12 – 2022-01-31 17:12 – 007965825 _____ C:UsersjoyceDesktopGolfDigestPlanner-Events-Ebook-c.pdf
2022-01-31 17:03 – 2022-01-31 17:03 – 007965825 _____ C:UsersjoyceDownloadsGolfDigestPlanner-Events-Ebook-c.pdf
2022-01-31 15:17 – 2022-01-31 15:17 – 009325313 _____ C:UsersjoyceDownloadsGolfDigestPlanner-Best-Practices-Ebook.pdf
2022-01-31 15:07 – 2022-01-31 15:08 – 000000000 ____D C:UsersjoyceDesktopAmbassador Schedules
2022-01-31 15:05 – 2022-01-31 15:05 – 000000000 ____D C:UsersjoyceAppDataLocalElevatedDiagnostics
2022-01-31 15:04 – 2022-01-31 15:04 – 000000000 ____D C:UsersmarkAppDataLocalElevatedDiagnostics
2022-01-29 15:09 – 2022-01-29 15:09 – 004106284 _____ C:UsersjoyceDownloadsAuction Form – Carolina.pdf
2022-01-29 15:09 – 2022-01-29 15:09 – 004106284 _____ C:UsersjoyceDownloadsAuction Form – Carolina (1).pdf
2022-01-28 20:01 – 2022-01-28 20:01 – 000000000 ____D C:UsersjoyceDesktopGolf minutes
2022-01-24 13:28 – 2022-01-24 13:28 – 000529078 _____ C:UsersjoyceDownloadsPauseforaCause Rv2.pdf
2022-01-22 15:21 – 2022-01-22 15:21 – 000023666 _____ C:UsersjoyceDownloadsBuncoRoster.xlsx
2022-01-20 09:24 – 2022-01-20 09:24 – 000189804 _____ C:UsersjoyceDownloadsLHHI_Ambassador _Schedule_FebMar2022.pdf
2022-01-15 00:18 – 2022-01-15 00:18 – 000523776 _____ (curl, hxxps://curl.se/) C:Windowssystem32curl.exe
2022-01-15 00:18 – 2022-01-15 00:18 – 000464384 _____ (curl, hxxps://curl.se/) C:WindowsSysWOW64curl.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-13 11:32 – 2021-12-18 16:11 – 000000000 ____D C:UsersmarkAppDataLocalLowMozilla
2022-02-13 11:29 – 2019-12-07 04:13 – 000000000 ____D C:WindowsINF
2022-02-13 11:19 – 2021-12-18 15:59 – 000000000 ____D C:Program Files (x86)Microsoft Office
2022-02-13 11:16 – 2021-12-18 15:07 – 000000000 ____D C:Program Files (x86)Google
2022-02-13 11:14 – 2021-12-15 22:51 – 000000000 ____D C:Windowssystem32SleepStudy
2022-02-13 11:14 – 2019-12-07 04:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-02-12 12:33 – 2021-12-17 15:55 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2022-02-12 12:33 – 2021-12-17 15:55 – 000000000 ____D C:ProgramDataMozilla
2022-02-12 12:33 – 2021-12-17 15:55 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2022-02-12 12:28 – 2021-12-18 14:57 – 000000000 ____D C:Usersjoyce
2022-02-12 09:55 – 2021-12-15 22:57 – 000795738 _____ C:Windowssystem32PerfStringBackup.INI
2022-02-12 09:52 – 2021-12-18 16:09 – 000000000 __SHD C:UsersmarkIntelGraphicsProfiles
2022-02-12 09:52 – 2019-12-07 04:14 – 000000000 ____D C:WindowsAppReadiness
2022-02-12 09:51 – 2021-12-15 22:51 – 000008192 ___SH C:DumpStack.log.tmp
2022-02-12 09:51 – 2021-12-15 22:51 – 000000006 ____H C:WindowsTasksSA.DAT
2022-02-12 09:51 – 2021-12-15 20:16 – 000000000 ____D C:Intel
2022-02-12 09:35 – 2021-12-15 22:51 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-02-12 09:35 – 2019-12-07 04:14 – 000000000 ___HD C:Program FilesWindowsApps
2022-02-11 00:11 – 2021-12-18 14:57 – 000000000 __SHD C:UsersjoyceIntelGraphicsProfiles
2022-02-11 00:10 – 2021-12-15 22:51 – 000439016 _____ C:Windowssystem32FNTCACHE.DAT
2022-02-11 00:10 – 2021-12-15 20:18 – 000065536 _____ C:Windowssystem32spu_storage.bin
2022-02-11 00:10 – 2019-12-07 04:03 – 001048576 _____ C:Windowssystem32configBBI
2022-02-11 00:09 – 2019-12-07 04:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSysWOW64Dism
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:WindowsSystemResources
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32et-EE
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32es-MX
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32Dism
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32appraiser
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:WindowsShellExperiences
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:WindowsPolicyDefinitions
2022-02-11 00:09 – 2019-12-07 04:14 – 000000000 ____D C:Windowsbcastdvr
2022-02-11 00:09 – 2019-12-07 04:03 – 000000000 ____D C:Windowsservicing
2022-02-10 11:40 – 2019-12-07 04:03 – 000000000 ____D C:WindowsCbsTemp
2022-02-10 11:36 – 2021-12-15 22:55 – 002877440 _____ (Microsoft Corporation) C:WindowsSysWOW64PrintConfig.dll
2022-02-10 11:30 – 2021-12-18 18:41 – 000000000 ____D C:Windowssystem32MRT
2022-02-10 11:28 – 2021-12-18 18:41 – 149611728 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe
2022-02-10 11:27 – 2021-12-15 22:51 – 000000000 ____D C:Windowssystem32Driverswd
2022-02-09 15:16 – 2021-12-18 15:08 – 000002247 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2022-02-09 15:16 – 2021-12-18 15:08 – 000002206 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2022-02-07 20:15 – 2021-12-19 19:33 – 000000000 ____D C:UsersjoyceAppDataRoamingZoom
2022-02-07 18:37 – 2021-12-18 17:07 – 000002057 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Drive.lnk
2022-02-07 18:37 – 2021-12-18 16:09 – 000000000 ____D C:UsersmarkAppDataLocalD3DSCache
2022-02-03 16:31 – 2021-12-18 16:09 – 000000000 ____D C:UsersmarkAppDataLocalPackages
2022-01-31 15:02 – 2021-12-18 16:10 – 000003584 _____ C:Windowssystem32TasksOneDrive Reporting Task-S-1-5-21-3347679955-1309227196-75804269-1006
2022-01-31 15:02 – 2021-12-18 16:10 – 000003356 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-3347679955-1309227196-75804269-1006
2022-01-31 15:02 – 2021-12-18 16:10 – 000002376 _____ C:UsersmarkAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2022-01-28 10:24 – 2021-12-15 22:51 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-01-28 10:24 – 2021-12-15 22:51 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2022-01-24 09:10 – 2021-12-18 14:57 – 000000000 ____D C:UsersjoyceAppDataLocalD3DSCache
2022-01-21 13:11 – 2021-12-18 15:08 – 000003420 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineUA
2022-01-21 13:11 – 2021-12-18 15:08 – 000003296 _____ C:Windowssystem32TasksGoogleUpdateTaskMachineCore
2022-01-15 00:32 – 2019-12-07 04:14 – 000000000 ___SD C:Windowssystem32DiagSvcs
2022-01-15 00:32 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32setup
2022-01-15 00:32 – 2019-12-07 04:14 – 000000000 ____D C:Windowssystem32oobe

==================== Files in the root of some directories ========

2021-12-31 14:06 – 2021-12-31 14:06 – 000007605 _____ () C:UsersmarkAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2022
Ran by mark (13-02-2022 11:35:00)
Running from C:UsersmarkDesktop
Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) (2021-12-16 03:53:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3347679955-1309227196-75804269-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-3347679955-1309227196-75804269-503 – Limited – Disabled)
Guest (S-1-5-21-3347679955-1309227196-75804269-501 – Limited – Enabled)
jas21 (S-1-5-21-3347679955-1309227196-75804269-1002 – Limited – Disabled)
joyce (S-1-5-21-3347679955-1309227196-75804269-1005 – Administrator – Enabled) => C:Usersjoyce
mark (S-1-5-21-3347679955-1309227196-75804269-1006 – Administrator – Enabled) => C:Usersmark
WDAGUtilityAccount (S-1-5-21-3347679955-1309227196-75804269-504 – Limited – Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM…7-Zip) (Version: 21.07 – Igor Pavlov)
Dell Touchpad (HKLM…{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.216 – ALPSALPINE CO., LTD.)
Google Chrome (HKLM-x32…Google Chrome) (Version: 98.0.4758.82 – Google LLC)
Google Drive (HKLM…{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 55.0.3.0 – Google LLC)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 98.0.1108.50 – Microsoft Corporation)
Microsoft Office Professional Plus 2019 – en-us (HKLM…ProPlus2019Retail – en-us) (Version: 16.0.14827.20192 – Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-3347679955-1309227196-75804269-1006…OneDriveSetup.exe) (Version: 22.002.0103.0004 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM…{E876418F-BE59-4D8C-B9A5-74B056B676FA}) (Version: 2.93.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.29.30135 (HKLM-x32…{fa7f6d52-f85e-48ef-8f56-a37268aa5772}) (Version: 14.29.30135.0 – Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM…Mozilla Firefox 97.0 (x64 en-US)) (Version: 97.0 – Mozilla)
Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 95.0.1 – Mozilla)
NordVPN (HKLM…{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.40.5.0 – TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32…{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 – NordVPN)
NordVPN network TUN (HKLM…{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 – NordVPN)
Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 8.1.9.3 – Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32…{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM…{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM…{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 – Microsoft Corporation) Hidden
TrueCrypt (HKLM-x32…TrueCrypt) (Version: 7.2 – TrueCrypt Foundation)
VLC media player (HKLM…VLC media player) (Version: 3.0.16 – VideoLAN)
Zoom (HKUS-1-5-21-3347679955-1309227196-75804269-1005…ZoomUMX) (Version: 5.8.7 (2058) – Zoom Video Communications, Inc.)

Packages:
=========
Intel® Graphics Command Center -> C:Program FilesWindowsAppsAppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-18] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-31] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-31] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2021-12-08] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:Program FilesGoogleDrive File Stream55.0.3.0drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-12-31 15:22 – 2021-12-26 09:00 – 000093696 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootVFSProgramFilesX64Microsoft OfficeOffice16OCHelper.dll [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program Files (x86)Microsoft OfficerootOffice16OCHelper.dll [2021-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program Files (x86)Microsoft OfficerootOffice16MSOSB.DLL [2022-02-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 04:14 – 2019-12-07 04:12 – 000000824 _____ C:Windowssystem32driversetchosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-3347679955-1309227196-75804269-1005Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
HKUS-1-5-21-3347679955-1309227196-75804269-1006Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg
DNS Servers: 103.86.99.99 – 103.86.96.96
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9AB7BAF0-F259-4D47-BA8E-1731FEB4FA08}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{46196E34-3D28-43BB-891A-063925ACCC7D}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7B010169-6092-4439-B229-640625D7E05D}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D64F0E7-0ABC-4522-B9A4-D4B1D10B8EFC}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2374E09-DAF2-4F76-8F48-B964C24A991E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6B3723EE-D9EB-48C0-A144-E29D8257B0A9}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{527DBB5D-69A5-4560-A3A8-EA637E35BBB6}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FDE7ABF1-CDE7-4805-826F-1B28ABE79D37}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FCB89C51-DF33-4CCA-8BFD-695EC4A00BFD}] => (Allow) C:UsersjoyceAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{02F45488-675D-4C46-9467-C7DDFEB9BA61}] => (Allow) C:UsersjoyceAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{9168CB8B-C9B2-4EE4-AA65-D6520ABC7C05}] => (Allow) C:UsersjoyceAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{A57066E3-EC3B-41C0-B9B8-FFEE0C063D48}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CE5AB737-8C4A-4A36-B65C-C4C8230FDA47}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F6CB46F0-3A15-4B55-92A1-25C6152DF64A}] => (Allow) C:Program Files (x86)Microsoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31341AD8-59E4-4167-8640-EA87C33310DC}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1F160C3C-1277-4DDD-BB37-C85FF5DE3551}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{07D7D31C-7CFE-4EB8-9E76-EF04DE891F88}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4197822A-46F1-491F-B205-2ED74ED90ABB}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D379F64-0063-4411-8246-AABDBB222D72}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C6848ED6-8F86-440B-B2A7-7D7DD4313EF1}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{38EBCB9E-40F2-4848-A729-A3B50D95E9DD}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2C39DED8-32FE-468E-8E3C-30706F5204CA}] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.178.765.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41C1B058-C812-449F-AA1B-7FFF69981CEA}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-01-2022 13:34:58 Scheduled Checkpoint
29-01-2022 11:51:43 Windows Modules Installer
09-02-2022 16:29:26 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: PCI Memory Controller
Description: PCI Memory Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (02/13/2022 11:16:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x00062538
Faulting process id: 0x10ec
Faulting application start time: 0x01d8203be77d30e5
Faulting application path: C:UsersmarkDesktop65wif2o9.exe
Faulting module path: C:UsersmarkDesktop65wif2o9.exe
Report Id: 4548f872-9ef9-4653-9013-a495890226c9
Faulting package full name:
Faulting package-relative application ID:

Error: (02/12/2022 10:52:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0001d061
Faulting process id: 0xbbc
Faulting application start time: 0x01d820279d4f7572
Faulting application path: C:UsersmarkDesktop65wif2o9.exe
Faulting module path: C:UsersmarkDesktop65wif2o9.exe
Report Id: 7b9bbd3e-5487-450b-a14d-5d65b56d5114
Faulting package full name:
Faulting package-relative application ID:

Error: (02/12/2022 10:33:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008dcc4
Faulting process id: 0x1e40
Faulting application start time: 0x01d82025bf74ce66
Faulting application path: C:UsersmarkDownloads65wif2o9.exe
Faulting module path: C:UsersmarkDownloads65wif2o9.exe
Report Id: 21fc516f-96ae-428b-8eb1-82f6d91602c3
Faulting package full name:
Faulting package-relative application ID:

Error: (02/12/2022 10:31:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: 65wif2o9.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008de57
Faulting process id: 0x1640
Faulting application start time: 0x01d82024a8f95d58
Faulting application path: C:UsersmarkDownloads65wif2o9.exe
Faulting module path: C:UsersmarkDownloads65wif2o9.exe
Report Id: 467c788c-3a1c-40ff-a87b-200344b6cea8
Faulting package full name:
Faulting package-relative application ID:

Error: (02/04/2022 01:01:58 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/04/2022 01:01:58 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/29/2022 11:50:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/29/2022 11:50:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

System errors:
=============
Error: (02/12/2022 09:51:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:49:23 AM on ‎2/‎12/‎2022 was unexpected.

Error: (02/11/2022 12:10:16 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (02/11/2022 12:09:33 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (01/31/2022 03:00:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:43:08 PM on ‎1/‎31/‎2022 was unexpected.

Error: (01/29/2022 11:50:50 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (01/29/2022 11:50:28 PM) (Source: DCOM) (EventID: 10010) (User: CASTOR)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/29/2022 11:50:28 PM) (Source: DCOM) (EventID: 10010) (User: CASTOR)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (01/15/2022 12:32:24 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Windows Defender:
================
Date: 2022-02-12 12:09:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-10 11:37:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-09 16:28:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-06 13:29:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-05 11:12:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. 1.9.4 08/26/2016
Motherboard: Dell Inc. 00D283
Processor: Intel® Core™ i7-6820HQ CPU @ 2.70GHz
Percentage of memory in use: 37%
Total physical RAM: 16023.53 MB
Available physical RAM: 10094.74 MB
Total Virtual: 18455.53 MB
Available Virtual: 12808.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:341.75 GB) (Free:282.46 GB) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Protected) (Locked)
Drive f: (ESD-USB) (Removable) (Total:31.99 GB) (Free:26.6 GB) FAT32
Drive g: (Google Drive) (Fixed) (Total:17 GB) (Free:5.67 GB) FAT32

\?Volume{78f7a321-0000-0000-0000-100000000000} (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 78F7A321)
Partition 1: (Active) – (Size=50 MB) – (Type=07 NTFS)
Partition 2: (Not Active) – (Size=341.7 GB) – (Type=07 NTFS)
Partition 3: (Not Active) – (Size=124 GB) – (Type=07 NTFS)

==========================================================
Disk: 1 (Protective MBR) (Size: 57.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================


https://www.bleepingcomputer.com/forums/t/768542/keyboard-locking-up-odd-characters-in-gmer/

Erlando F Rasatro

Next Post

15 Expert-Recommended Resources For Keeping Up With The Latest Tech News

Sun Apr 10 , 2022
getty Almost everyone these days—including professionals in any role as well as consumers who love to read about the newest gadgets—would like to keep up with the latest tech news. However, it can be difficult to find a source that uses simple language and terms a layperson can easily understand.  […]