Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Surface Go wifi random drops [Solved]


  • This topic is locked This topic is locked

#1
geekyandhow

geekyandhow

    Member

  • Member
  • PipPip
  • 74 posts

Ever since I've changed to another ISP, my Microsoft Surface Go tablet has random 1-2 minute disconnections/drops almost everyday, sometimes multiple times a day. All other devices connected to the same network are working fine when this happens. I'm not sure if this is ISP related or something is wrong with my surface go wifi adapter or there's some sort of virus. Can someone help me figure this out?


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.
 
Here we can check your computer for malware.
 
To begin with, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

  • 0

#3
geekyandhow

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hello and thank you, here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-06-2021
Ran by katra (administrator) on DESKTOP-AKN8A88 (Microsoft Corporation Surface Go) (16-06-2021 13:42:24)
Running from C:\Users\katra\OneDrive\Desktop
Loaded Profiles: katra
Platform: Windows 10 Home Version 20H2 19042.1052 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dc16e5f1dbf8051f\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dc16e5f1dbf8051f\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\WirelessPowerBackoffService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [672192 2018-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-10] (Google LLC -> Google LLC)
Startup: C:\Users\katra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2019-07-30]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A56FCA2-C164-4265-BC99-97543EA17BF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3464B2D4-A66B-4E00-AD5D-0FC39FD67CA1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {5992B244-9B36-4194-A86F-0E9DC2126940} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {5A6A4293-F187-4144-8163-D4EE9EB730D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {624803BC-D704-400C-83AC-9F07B1E658FC} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\katra\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {88582656-4486-4657-914C-46102D428173} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-03-31] (Google Inc -> Google LLC)
Task: {BADFD88A-60AA-4C03-9725-907DD60B1A0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C840488A-4B53-4C03-82CB-FAF6A426B599} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E7D18765-B130-4E93-AFC6-9615E040F185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-03-31] (Google Inc -> Google LLC)
Task: {EA2AF92C-55AE-4810-8ABC-6C11CDAE4419} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-481405570-3132218789-2497384090-1001] => 36.90.181.93:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{221a9511-aa44-4253-a18f-706f5098cc34}: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{a64836e6-e9d8-4cf8-91c3-4f83ab638da2}: [DhcpNameServer] 13.6.0.99
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\katra\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-10]
Edge DownloadDir: Default -> C:\Users\katra\OneDrive\Desktop
Edge HomePage: Default -> hxxps://www.google.ca/
 
FireFox:
========
FF DefaultProfile: 49bfheou.default
FF ProfilePath: C:\Users\katra\AppData\Roaming\Mozilla\Firefox\Profiles\49bfheou.default [2021-04-29]
FF ProfilePath: C:\Users\katra\AppData\Roaming\Mozilla\Firefox\Profiles\s9qipza1.default-release [2021-06-16]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default [2021-06-16]
CHR DownloadDir: C:\Users\katra\OneDrive\Desktop
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://my.questrade.com; hxxps://www.easemytrip.com; hxxps://www.flydubai.com
CHR HomePage: Default -> hxxps://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.adda52rummy.com/"
CHR Extension: (Slides) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-31]
CHR Extension: (Google Drive) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2021-01-17]
CHR Extension: (Docs) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-31]
CHR Extension: (Google Drive) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-31]
CHR Extension: (Adobe Acrobat) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-29]
CHR Extension: (Sheets) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-19]
CHR Extension: (Voot Lite) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbbefopkdpjpobcbfmbomcmmmmajdob [2020-09-02]
CHR Extension: (Better YouTube Watch History) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2019-03-31]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-24]
CHR Extension: (AVG Online Security) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmoafcmbajniiapeidgficgifbfmjfo [2021-02-12]
CHR Extension: (Video Speed Controller) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2020-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-04]
CHR Profile: C:\Users\katra\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-04]
CHR HKU\S-1-5-21-481405570-3132218789-2497384090-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-20] (Express Vpn LLC -> ExpressVPN)
S2 PanelCalibration Service; C:\WINDOWS\wpcsc64Service.exe [94896 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-29] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
U2 WirelessPowerBackoffService; C:\WINDOWS\WirelessPowerBackoffService.exe [152240 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> )
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-20] (ExprsVPN LLC -> ExpressVPN)
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [33160 2018-10-07] (WDKTestCert TX7,131534493142891343 -> Surface)
R3 Surface1824DigitizerIntegration; C:\WINDOWS\System32\drivers\Surface1824DigitizerIntegration.sys [36312 2018-05-31] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemTelemetry; C:\WINDOWS\System32\drivers\SurfaceSystemTelemetryDriver.sys [159088 2019-12-17] (OEMTest OS Driver Leaf -> Microsoft Corporation)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2020-08-20] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-16 13:42 - 2021-06-16 13:42 - 000000000 ____D C:\FRST
2021-06-08 21:39 - 2021-06-08 21:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-08 21:39 - 2021-06-08 21:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-08 21:39 - 2021-06-08 21:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-08 21:39 - 2021-06-08 21:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-08 21:39 - 2021-06-08 21:39 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-08 21:39 - 2021-06-08 21:39 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-08 21:38 - 2021-06-08 21:38 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-08 21:38 - 2021-06-08 21:38 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-08 21:38 - 2021-06-08 21:38 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-08 21:38 - 2021-06-08 21:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-08 21:38 - 2021-06-08 21:38 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 21:38 - 2021-06-08 21:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-08 21:38 - 2021-06-08 21:38 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-08 21:37 - 2021-06-08 21:37 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-04 21:26 - 2021-06-04 21:26 - 000001178 _____ C:\Users\Public\Desktop\Adda52Poker.lnk
2021-06-04 21:26 - 2021-06-04 21:26 - 000001178 _____ C:\ProgramData\Desktop\Adda52Poker.lnk
2021-06-04 21:26 - 2021-06-04 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adda52Poker
2021-06-04 21:26 - 2021-06-04 21:26 - 000000000 ____D C:\Program Files (x86)\Adda52Poker
2021-06-01 03:12 - 2021-06-01 12:34 - 000000000 ____D C:\Users\katra\AppData\Local\PokerClient
2021-06-01 02:18 - 2021-06-04 20:54 - 000000000 ____D C:\AmericasCardroom
2021-06-01 02:18 - 2021-06-01 04:00 - 000000000 ____D C:\Users\katra\AppData\Roaming\Loading
2021-05-19 13:55 - 2021-05-19 09:12 - 000676864 _____ C:\Users\katra\OneDrive\Documents\Yasnep.exe
2021-05-19 13:45 - 2021-05-19 13:45 - 000000000 ____H C:\Users\katra\OneDrive\Documents\Default.rdp
2021-05-18 07:35 - 2021-06-13 23:37 - 000000000 ____D C:\Users\katra\AppData\Roaming\GGPCOM
2021-05-18 07:35 - 2021-05-18 07:35 - 000000000 ____D C:\Users\katra\OneDrive\Documents\POKER-GGPCOM-LIVE
2021-05-18 07:35 - 2021-05-18 07:35 - 000000000 ____D C:\Users\katra\AppData\Roaming\Macromedia
2021-05-18 07:32 - 2021-06-13 23:37 - 000000000 ____D C:\Program Files (x86)\GGPoker
2021-05-18 07:32 - 2021-05-18 07:32 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000002501 _____ C:\Users\Public\Desktop\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000002501 _____ C:\ProgramData\Desktop\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GGPoker
2021-05-18 01:05 - 2021-06-12 20:13 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-06-12 20:13 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-06-12 20:13 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-05-18 01:06 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-18 01:05 - 2021-05-18 01:06 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-17 09:37 - 2021-05-17 09:37 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-17 09:37 - 2021-05-17 09:37 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-17 09:37 - 2021-05-17 09:37 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-17 09:36 - 2021-05-17 09:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-17 09:36 - 2021-05-17 09:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-17 09:36 - 2021-05-17 09:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-16 13:42 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-16 13:40 - 2021-04-29 12:31 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8BA96C7B-6AC0-4E38-9408-9CEE7F3EFBD7}
2021-06-16 13:40 - 2020-12-02 17:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-16 13:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-06-16 13:40 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-16 13:40 - 2019-03-31 16:14 - 000000000 ____D C:\Program Files\CCleaner
2021-06-15 13:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-15 13:36 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-14 23:39 - 2019-07-30 17:22 - 000000000 ____D C:\Users\katra\OneDrive\Documents\ShareX
2021-06-13 21:47 - 2020-12-02 17:14 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-13 21:39 - 2020-12-16 23:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-13 21:39 - 2020-12-02 17:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-13 21:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-13 21:39 - 2019-06-26 20:11 - 000000000 ____D C:\Intel
2021-06-13 21:38 - 2020-12-02 17:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-13 21:38 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-13 21:38 - 2019-06-22 16:59 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2021-06-13 21:38 - 2019-03-31 15:55 - 000041448 _____ C:\WINDOWS\system32\OV7251_FRONT.aiqd
2021-06-13 21:38 - 2019-03-31 15:55 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2021-06-12 12:29 - 2020-12-02 17:16 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-12 11:59 - 2018-06-22 18:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 21:53 - 2020-10-01 03:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-10 18:44 - 2019-03-31 16:04 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-10 16:53 - 2021-04-25 11:55 - 000000000 ____D C:\Program Files (x86)\TheSpartanPoker.com
2021-06-10 16:06 - 2019-07-30 17:29 - 000000000 ____D C:\Users\katra\AppData\Roaming\vlc
2021-06-09 16:40 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-09 16:36 - 2020-12-02 17:05 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 16:35 - 2020-12-03 06:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-06-09 16:35 - 2020-12-03 06:06 - 000000000 ____D C:\WINDOWS\en-GB
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 04:03 - 2021-04-29 12:58 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-08 21:44 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-08 21:23 - 2019-03-31 18:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-08 21:19 - 2019-03-31 18:06 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-04 20:57 - 2021-04-29 13:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-04 20:55 - 2019-03-31 19:16 - 000000000 ____D C:\Program Files (x86)\PokerStars.IN
2021-06-04 20:54 - 2019-03-31 19:16 - 000000000 ____D C:\Users\katra\AppData\Local\PokerStars.IN
2021-06-01 00:27 - 2020-12-02 17:08 - 000000000 ____D C:\Users\katra
2021-05-31 21:48 - 2019-04-01 17:57 - 000000000 ____D C:\Users\katra\AppData\Local\D3DSCache
2021-05-26 14:50 - 2019-07-30 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2021-05-26 14:50 - 2019-07-30 17:22 - 000000000 ____D C:\Program Files\ShareX
2021-05-25 07:48 - 2020-10-01 03:41 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-25 07:48 - 2020-02-19 15:59 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-21 14:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-20 08:59 - 2021-05-16 05:32 - 000000000 ____D C:\Users\katra\AppData\Local\PokerStars
2021-05-19 13:53 - 2020-12-16 23:04 - 000000000 ____D C:\Users\katra\AppData\Local\TeamViewer
2021-05-18 01:08 - 2019-03-31 15:47 - 000000000 ____D C:\Users\katra\AppData\Local\Packages
2021-05-18 01:01 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-17 09:42 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-06-2021
Ran by katra (administrator) on DESKTOP-AKN8A88 (Microsoft Corporation Surface Go) (16-06-2021 13:42:24)
Running from C:\Users\katra\OneDrive\Desktop
Loaded Profiles: katra
Platform: Windows 10 Home Version 20H2 19042.1052 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <31>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dc16e5f1dbf8051f\IntelCpHDCPSvc.exe
(Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dc16e5f1dbf8051f\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\WirelessPowerBackoffService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [672192 2018-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465120 2020-08-20] (Express Vpn LLC -> ExpressVPN)
HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.101\Installer\chrmstp.exe [2021-06-10] (Google LLC -> Google LLC)
Startup: C:\Users\katra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2019-07-30]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A56FCA2-C164-4265-BC99-97543EA17BF6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3464B2D4-A66B-4E00-AD5D-0FC39FD67CA1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform)
Task: {5992B244-9B36-4194-A86F-0E9DC2126940} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-26] (Adobe Inc. -> Adobe Inc.)
Task: {5A6A4293-F187-4144-8163-D4EE9EB730D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {624803BC-D704-400C-83AC-9F07B1E658FC} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\katra\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {88582656-4486-4657-914C-46102D428173} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-03-31] (Google Inc -> Google LLC)
Task: {BADFD88A-60AA-4C03-9725-907DD60B1A0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C840488A-4B53-4C03-82CB-FAF6A426B599} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E7D18765-B130-4E93-AFC6-9615E040F185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-03-31] (Google Inc -> Google LLC)
Task: {EA2AF92C-55AE-4810-8ABC-6C11CDAE4419} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-481405570-3132218789-2497384090-1001] => 36.90.181.93:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{221a9511-aa44-4253-a18f-706f5098cc34}: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{a64836e6-e9d8-4cf8-91c3-4f83ab638da2}: [DhcpNameServer] 13.6.0.99
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\katra\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-10]
Edge DownloadDir: Default -> C:\Users\katra\OneDrive\Desktop
Edge HomePage: Default -> hxxps://www.google.ca/
 
FireFox:
========
FF DefaultProfile: 49bfheou.default
FF ProfilePath: C:\Users\katra\AppData\Roaming\Mozilla\Firefox\Profiles\49bfheou.default [2021-04-29]
FF ProfilePath: C:\Users\katra\AppData\Roaming\Mozilla\Firefox\Profiles\s9qipza1.default-release [2021-06-16]
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default [2021-06-16]
CHR DownloadDir: C:\Users\katra\OneDrive\Desktop
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://my.questrade.com; hxxps://www.easemytrip.com; hxxps://www.flydubai.com
CHR HomePage: Default -> hxxps://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.adda52rummy.com/"
CHR Extension: (Slides) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-03-31]
CHR Extension: (Google Drive) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2021-01-17]
CHR Extension: (Docs) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-03-31]
CHR Extension: (Google Drive) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-03-31]
CHR Extension: (Adobe Acrobat) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-29]
CHR Extension: (Sheets) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-19]
CHR Extension: (Voot Lite) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbbefopkdpjpobcbfmbomcmmmmajdob [2020-09-02]
CHR Extension: (Better YouTube Watch History) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2019-03-31]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-24]
CHR Extension: (AVG Online Security) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmoafcmbajniiapeidgficgifbfmjfo [2021-02-12]
CHR Extension: (Video Speed Controller) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2020-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\katra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-04]
CHR Profile: C:\Users\katra\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-06-04]
CHR HKU\S-1-5-21-481405570-3132218789-2497384090-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-26] (Adobe Inc. -> Adobe Inc.)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437472 2020-08-20] (Express Vpn LLC -> ExpressVPN)
S2 PanelCalibration Service; C:\WINDOWS\wpcsc64Service.exe [94896 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-29] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
U2 WirelessPowerBackoffService; C:\WINDOWS\WirelessPowerBackoffService.exe [152240 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> )
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2020-08-20] (ExprsVPN LLC -> ExpressVPN)
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [33160 2018-10-07] (WDKTestCert TX7,131534493142891343 -> Surface)
R3 Surface1824DigitizerIntegration; C:\WINDOWS\System32\drivers\Surface1824DigitizerIntegration.sys [36312 2018-05-31] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemTelemetry; C:\WINDOWS\System32\drivers\SurfaceSystemTelemetryDriver.sys [159088 2019-12-17] (OEMTest OS Driver Leaf -> Microsoft Corporation)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2020-08-20] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-16 13:42 - 2021-06-16 13:42 - 000000000 ____D C:\FRST
2021-06-08 21:39 - 2021-06-08 21:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-08 21:39 - 2021-06-08 21:39 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-08 21:39 - 2021-06-08 21:39 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-08 21:39 - 2021-06-08 21:39 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-08 21:39 - 2021-06-08 21:39 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-08 21:39 - 2021-06-08 21:39 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-08 21:38 - 2021-06-08 21:38 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-08 21:38 - 2021-06-08 21:38 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-08 21:38 - 2021-06-08 21:38 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-08 21:38 - 2021-06-08 21:38 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-08 21:38 - 2021-06-08 21:38 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-08 21:38 - 2021-06-08 21:38 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-08 21:38 - 2021-06-08 21:38 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-08 21:38 - 2021-06-08 21:38 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-08 21:37 - 2021-06-08 21:37 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-04 21:26 - 2021-06-04 21:26 - 000001178 _____ C:\Users\Public\Desktop\Adda52Poker.lnk
2021-06-04 21:26 - 2021-06-04 21:26 - 000001178 _____ C:\ProgramData\Desktop\Adda52Poker.lnk
2021-06-04 21:26 - 2021-06-04 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adda52Poker
2021-06-04 21:26 - 2021-06-04 21:26 - 000000000 ____D C:\Program Files (x86)\Adda52Poker
2021-06-01 03:12 - 2021-06-01 12:34 - 000000000 ____D C:\Users\katra\AppData\Local\PokerClient
2021-06-01 02:18 - 2021-06-04 20:54 - 000000000 ____D C:\AmericasCardroom
2021-06-01 02:18 - 2021-06-01 04:00 - 000000000 ____D C:\Users\katra\AppData\Roaming\Loading
2021-05-19 13:55 - 2021-05-19 09:12 - 000676864 _____ C:\Users\katra\OneDrive\Documents\Yasnep.exe
2021-05-19 13:45 - 2021-05-19 13:45 - 000000000 ____H C:\Users\katra\OneDrive\Documents\Default.rdp
2021-05-18 07:35 - 2021-06-13 23:37 - 000000000 ____D C:\Users\katra\AppData\Roaming\GGPCOM
2021-05-18 07:35 - 2021-05-18 07:35 - 000000000 ____D C:\Users\katra\OneDrive\Documents\POKER-GGPCOM-LIVE
2021-05-18 07:35 - 2021-05-18 07:35 - 000000000 ____D C:\Users\katra\AppData\Roaming\Macromedia
2021-05-18 07:32 - 2021-06-13 23:37 - 000000000 ____D C:\Program Files (x86)\GGPoker
2021-05-18 07:32 - 2021-05-18 07:32 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000002501 _____ C:\Users\Public\Desktop\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000002501 _____ C:\ProgramData\Desktop\GGPoker.lnk
2021-05-18 07:32 - 2021-05-18 07:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GGPoker
2021-05-18 01:05 - 2021-06-12 20:13 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-06-12 20:13 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-06-12 20:13 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-18 01:05 - 2021-05-18 01:06 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-18 01:05 - 2021-05-18 01:06 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-17 09:37 - 2021-05-17 09:37 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-17 09:37 - 2021-05-17 09:37 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-17 09:37 - 2021-05-17 09:37 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-17 09:36 - 2021-05-17 09:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-17 09:36 - 2021-05-17 09:36 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-17 09:36 - 2021-05-17 09:36 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-16 13:42 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-16 13:40 - 2021-04-29 12:31 - 000004166 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8BA96C7B-6AC0-4E38-9408-9CEE7F3EFBD7}
2021-06-16 13:40 - 2020-12-02 17:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-16 13:40 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-06-16 13:40 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-16 13:40 - 2019-03-31 16:14 - 000000000 ____D C:\Program Files\CCleaner
2021-06-15 13:36 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-15 13:36 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-14 23:39 - 2019-07-30 17:22 - 000000000 ____D C:\Users\katra\OneDrive\Documents\ShareX
2021-06-13 21:47 - 2020-12-02 17:14 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-13 21:39 - 2020-12-16 23:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-13 21:39 - 2020-12-02 17:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-13 21:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-13 21:39 - 2019-06-26 20:11 - 000000000 ____D C:\Intel
2021-06-13 21:38 - 2020-12-02 17:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-13 21:38 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-13 21:38 - 2019-06-22 16:59 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2021-06-13 21:38 - 2019-03-31 15:55 - 000041448 _____ C:\WINDOWS\system32\OV7251_FRONT.aiqd
2021-06-13 21:38 - 2019-03-31 15:55 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2021-06-12 12:29 - 2020-12-02 17:16 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-12 11:59 - 2018-06-22 18:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-11 21:53 - 2020-10-01 03:41 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-10 18:44 - 2019-03-31 16:04 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-10 16:53 - 2021-04-25 11:55 - 000000000 ____D C:\Program Files (x86)\TheSpartanPoker.com
2021-06-10 16:06 - 2019-07-30 17:29 - 000000000 ____D C:\Users\katra\AppData\Roaming\vlc
2021-06-09 16:40 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-09 16:36 - 2020-12-02 17:05 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 16:35 - 2020-12-03 06:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-06-09 16:35 - 2020-12-03 06:06 - 000000000 ____D C:\WINDOWS\en-GB
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 16:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 04:03 - 2021-04-29 12:58 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-08 21:44 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-08 21:23 - 2019-03-31 18:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-08 21:19 - 2019-03-31 18:06 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-04 20:57 - 2021-04-29 13:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-04 20:55 - 2019-03-31 19:16 - 000000000 ____D C:\Program Files (x86)\PokerStars.IN
2021-06-04 20:54 - 2019-03-31 19:16 - 000000000 ____D C:\Users\katra\AppData\Local\PokerStars.IN
2021-06-01 00:27 - 2020-12-02 17:08 - 000000000 ____D C:\Users\katra
2021-05-31 21:48 - 2019-04-01 17:57 - 000000000 ____D C:\Users\katra\AppData\Local\D3DSCache
2021-05-26 14:50 - 2019-07-30 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2021-05-26 14:50 - 2019-07-30 17:22 - 000000000 ____D C:\Program Files\ShareX
2021-05-25 07:48 - 2020-10-01 03:41 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-25 07:48 - 2020-02-19 15:59 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-21 14:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-20 08:59 - 2021-05-16 05:32 - 000000000 ____D C:\Users\katra\AppData\Local\PokerStars
2021-05-19 13:53 - 2020-12-16 23:04 - 000000000 ____D C:\Users\katra\AppData\Local\TeamViewer
2021-05-18 01:08 - 2019-03-31 15:47 - 000000000 ____D C:\Users\katra\AppData\Local\Packages
2021-05-18 01:01 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-18 01:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-17 09:42 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt =======================

  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.

 

You pasted FRST.txt twice and left behind Addition.txt. Please paste that as well so I can review both the logs. :)


  • 0

#5
geekyandhow

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Oh sorry:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021
Ran by katra (16-06-2021 13:45:42)
Running from C:\Users\katra\OneDrive\Desktop
Windows 10 Home Version 20H2 19042.1052 (X64) (2020-12-02 21:16:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-481405570-3132218789-2497384090-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-481405570-3132218789-2497384090-503 - Limited - Disabled)
Guest (S-1-5-21-481405570-3132218789-2497384090-501 - Limited - Disabled)
katra (S-1-5-21-481405570-3132218789-2497384090-1001 - Administrator - Enabled) => C:\Users\katra
WDAGUtilityAccount (S-1-5-21-481405570-3132218789-2497384090-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adda52Poker version 90.0.0 (HKLM-x32\...\{82F792B3-0133-4D9C-B4CC-3E53CDBC342B}_is1) (Version: 90.0.0 - Gaussian Networks Pvt. Ltd.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.79 - Piriform)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8468D8835}) (Version: 7.12.1.4 - ExpressVPN) Hidden
ExpressVPN (HKLM-x32\...\{ebd248cd-b3ef-4e14-b91a-d626fa5c392a}) (Version: 7.12.1.4 - ExpressVPN)
GGPoker (HKLM-x32\...\{1837D2B1-98BF-4972-A463-6A0F66D34931}) (Version: 1.0.0.120 - NSUS Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.101 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PPPOKER (HKLM-x32\...\{0FBFB6B6-C6F7-4CE6-928F-70793983B5F3}) (Version: 38.0 - LeinTech)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.5.0 - ShareX Team)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.17.7 - TeamViewer)
Telegram Desktop version 2.7.4 (HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC)
TheSpartanPoker.com (HKLM-x32\...\TheSpartanPoker.com 0) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Zoom (HKU\S-1-5-21-481405570-3132218789-2497384090-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)
 
Packages:
=========
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.1.0_x86__ffd303wmbhcjt [2021-05-08] (BreeZip) [MS Ad]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2021-04-29] (LinkedIn)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-29] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-05] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.45.41474.0_x64__8wekyb3d8bbwe [2021-06-04] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10503.5664.0_x64__8wekyb3d8bbwe [2021-06-11] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14026.20270.0_x86__8wekyb3d8bbwe [2021-06-13] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-04-29] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-07] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-04-29] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2021-04-29] (Realtek Semiconductor Corp)
Sketchable -> C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_5.0.34.0_x64__r2kxzpx527qgj [2021-06-11] (Silicon Benders LLC)
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_49.620.139.0_x64__8wekyb3d8bbwe [2021-04-29] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\katra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 19:38 - 2018-04-11 19:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-481405570-3132218789-2497384090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\katra\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1 - 207.164.234.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2F54A529-B65D-458F-8942-9801180315FC}] => (Allow) C:\Users\katra\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{6C6BD9EF-032B-4195-A480-D1FB8D618C7F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{23A95CAF-7482-431D-803D-A245A7CA85E4}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{06C7110B-8EA0-466A-B4DD-BDC17E5C160F}C:\program files (x86)\pppoker\database\pppoker.exe] => (Allow) C:\program files (x86)\pppoker\database\pppoker.exe () [File not signed]
FirewallRules: [UDP Query User{4167AF0A-968A-4E62-916F-793EFDA4EBC3}C:\program files (x86)\pppoker\database\pppoker.exe] => (Allow) C:\program files (x86)\pppoker\database\pppoker.exe () [File not signed]
FirewallRules: [TCP Query User{3DA1D97E-69AB-45BF-965C-0B56EA5A1E02}C:\users\katra\appdata\roaming\ggpcom\meta-inf\air\extensions\com.nsuslab.lockneane\meta-inf\ane\windows-x86\ggnet.exe] => (Allow) C:\users\katra\appdata\roaming\ggpcom\meta-inf\air\extensions\com.nsuslab.lockneane\meta-inf\ane\windows-x86\ggnet.exe (NSUS Ltd. -> )
FirewallRules: [UDP Query User{5556E891-ED94-40AA-BADB-BC966722659D}C:\users\katra\appdata\roaming\ggpcom\meta-inf\air\extensions\com.nsuslab.lockneane\meta-inf\ane\windows-x86\ggnet.exe] => (Allow) C:\users\katra\appdata\roaming\ggpcom\meta-inf\air\extensions\com.nsuslab.lockneane\meta-inf\ane\windows-x86\ggnet.exe (NSUS Ltd. -> )
FirewallRules: [{D3973D7B-79D7-43A7-A540-6271178CED46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2C256310-2BAC-4296-B3E6-7C3541D617CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C42E9F3E-EB2E-4731-BA53-C576BC268C0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D23A81C8-0836-4A61-ABA5-6DA26869111E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{EF4B848B-6F1E-4F05-A82E-6E62E09878F7}C:\users\katra\onedrive\documents\yasnep.exe] => (Allow) C:\users\katra\onedrive\documents\yasnep.exe () [File not signed]
FirewallRules: [UDP Query User{6F2B364A-621E-4165-992D-DA229170881B}C:\users\katra\onedrive\documents\yasnep.exe] => (Allow) C:\users\katra\onedrive\documents\yasnep.exe () [File not signed]
FirewallRules: [{695B8AA5-772B-4CA0-B591-B8B9B678CAF9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B92718B5-805F-4E03-9F4C-0638BD905B59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5993B760-5945-4073-8AA6-2174E06A6BA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DA8BE5B5-E042-4D7A-8A92-DFC898EE5083}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D705246-C7EC-4B96-AE80-480D7FF99823}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{737CD5F3-B370-4FE4-B1C6-E9EB6F7BF0E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.14026.20270.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:56.86 GB) (Free:22.95 GB) (40%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/16/2021 12:27:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TextInputHost.exe version 2001.22012.0.2020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1fb4
 
Start Time: 01d7620c7fced685
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
 
Report Id: d1ead664-e960-4def-8150-7a1586d99178
 
Faulting package full name: MicrosoftWindows.Client.CBS_120.2212.2020.0_x64__cw5n1h2txyewy
 
Faulting package-relative application ID: InputApp
 
Hang type: Quiesce
 
Error: (06/13/2021 09:39:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelAudioService.exe, version: 1.0.120.0, time stamp: 0x5addd40b
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1023, time stamp: 0x924f9cdb
Exception code: 0xe0434352
Fault offset: 0x0000000000034b89
Faulting process ID: 0x1428
Faulting application start time: 0x01d760be142c97bc
Faulting application path: C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: c4abb888-0069-403d-9141-c4dbe653dd27
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/13/2021 09:39:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IntelAudioService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
   at System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean ByRef)
   at System.StubHelpers.StubHelpers.SafeHandleAddRef(System.Runtime.InteropServices.SafeHandle, Boolean ByRef)
   at Microsoft.Win32.Win32Native.SetEvent(Microsoft.Win32.SafeHandles.SafeWaitHandle)
   at System.Threading.EventWaitHandle.Set()
   at IntelAudioService.Controllers.StreamAndNotificationReader.ThreadLogErrorAndDie(System.String)
   at IntelAudioService.Controllers.StreamAndNotificationReader.ThreadRun()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (06/13/2021 12:20:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TextInputHost.exe version 2001.22012.0.2020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2f94
 
Start Time: 01d75f8e2987b244
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
 
Report Id: d3d2a706-f677-4404-9a71-9b623c1c42c7
 
Faulting package full name: MicrosoftWindows.Client.CBS_120.2212.2020.0_x64__cw5n1h2txyewy
 
Faulting package-relative application ID: InputApp
 
Hang type: Quiesce
 
Error: (06/12/2021 04:17:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TextInputHost.exe version 2001.22012.0.2020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: de4
 
Start Time: 01d75f4c75d5c412
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
 
Report Id: 0334b144-ce05-41c9-b97f-c5d88f09f130
 
Faulting package full name: MicrosoftWindows.Client.CBS_120.2212.2020.0_x64__cw5n1h2txyewy
 
Faulting package-relative application ID: InputApp
 
Hang type: Quiesce
 
Error: (06/12/2021 01:31:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1023, time stamp: 0x924f9cdb
Exception code: 0xc00001ad
Fault offset: 0x000000000010b39c
Faulting process ID: 0x49c
Faulting application start time: 0x01d75d6f15bde802
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: db544b1a-4cb3-4670-b19a-057bfb1295e3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/12/2021 01:31:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: poker.exe, version: 0.53.0.0, time stamp: 0x5f7956d0
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1023, time stamp: 0x924f9cdb
Exception code: 0xe0000008
Fault offset: 0x0000000000034b89
Faulting process ID: 0x2960
Faulting application start time: 0x01d75f4b88809076
Faulting application path: C:\Program Files (x86)\Adda52Poker\poker.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 0f0385a6-936a-4f55-aa52-ecac288814f6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/12/2021 01:26:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: poker.exe, version: 0.53.0.0, time stamp: 0x5f7956d0
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1023, time stamp: 0x924f9cdb
Exception code: 0xe0000008
Fault offset: 0x0000000000034b89
Faulting process ID: 0x2e30
Faulting application start time: 0x01d75f4b5200b27a
Faulting application path: C:\Program Files (x86)\Adda52Poker\poker.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: 6824472e-8a31-471f-99e4-555a6d42fc30
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/15/2021 01:32:43 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {0f1ba590-7440-40c2-9374-af1514bfaf61}, had event 74
 
Error: (06/14/2021 11:39:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AKN8A88)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (06/14/2021 12:48:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PanelCalibration Service service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/13/2021 09:39:06 PM) (Source: MTConfig) (EventID: 1) (User: )
Description: An attempt to configure the input mode of a multitouch device failed.
 
Error: (06/13/2021 09:38:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AKN8A88)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
 
Error: (06/13/2021 09:38:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AKN8A88)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
 
Error: (06/13/2021 02:43:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AKN8A88)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
Error: (06/13/2021 09:30:28 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-06-15 16:12:36
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-14 17:23:29
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-13 12:38:04
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-11 22:14:00
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-11 15:35:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-06-04 20:21:48
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.82.0
Previous security intelligence Version: 1.339.1972.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 20:21:48
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.341.82.0
Previous security intelligence Version: 1.339.1972.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-06-04 20:21:48
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18200.4
Previous Engine Version: 1.1.18100.6
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Microsoft Corporation 1.0.30 12/22/2020
Motherboard: Microsoft Corporation Surface Go
Processor: Intel® Pentium® CPU 4415Y @ 1.60GHz
Percentage of memory in use: 83%
Total physical RAM: 3980.47 MB
Available physical RAM: 652.93 MB
Total Virtual: 9868.47 MB
Available Virtual: 3249.6 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:56.86 GB) (Free:22.95 GB) (Protected) NTFS
 
\\?\Volume{395c6a01-1196-478b-931a-a05795ff3953}\ () (Fixed) (Total:1 GB) (Free:0.5 GB) NTFS
\\?\Volume{347a6a5b-667c-4646-87e3-c7f86db3aefd}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 57E36BE4)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

The logs are clean from malware. 
 
Some tidiness only and a question:
 
1. Question
 
Are you using a proxy? I can see this in the log:
 
ProxyServer: [S-1-5-21-481405570-3132218789-2497384090-1001] => 36.90.181.93:8080
 
 
2. Uninstall an extension

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find AVG Online Security, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

3. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
EmptyTemp:
End::
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
    • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt on your Desktop.
    • Please post the log in your next reply.

 

In your next reply please post:

  • Your reply about the proxy
  • The fixlog.txt

  • 0

#7
geekyandhow

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Not using a proxy. What program is doing that?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-06-2021
Ran by katra (16-06-2021 15:39:32) Run:1
Running from C:\Users\katra\OneDrive\Desktop
Loaded Profiles: katra
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
EmptyTemp:
 
*****************
 
Processes closed successfully.
SystemRestore: On => completed
Restore point was successfully created.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14772263 B
Java, Flash, Steam htmlcache => 397 B
Windows/system/drivers => 3683862 B
Edge => 103382 B
Chrome => 597641140 B
Firefox => 11965493 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 37314 B
katra => 61727409 B
 
RecycleBin => 72961345 B
EmptyTemp: => 737.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:41:01 ====

  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello.
 
The proxy server has to do with the ExpressVPN you have installed.
 
The computer is clean from malware.
 
Just to ensure this, you can run an online scan with Eset.

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

=============================

 

Take in consideration:

 

After we finish the cleaning procedure, I recommend you to open a new thread at the Networking Forum, describing your problem regarding the wi-fi issues of this specific computer. In your description provide a link to this thread, saying that the computer is clean from malware. Also mention that the following error appeared in the logs:

 

Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {0f1ba590-7440-40c2-9374-af1514bfaf61}, had event 74
 
There are several things in the web about it, but I think that in the Networking Forum you will get a better assistance on the specific issue.
 
 
In your next reply:
 
Post the Eset result, and let me know about your next steps.

  • 0

#9
geekyandhow

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thanks the scan was clear ill proceed to networking forum now 


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

I just saw your thread in the Networking Forum. Hopefully someone will provide assistance soon.

 

To finish what we start here...

Download KpRm by kernel-panik and save it to your desktop. It will remove the tools we used as well as reset system restore points.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#11
geekyandhow

geekyandhow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Thanks here you go:

 

# Run at 2021-06-18 9:39:49 PM
# KpRm (Kernel-panik) version 2.9
# Run by katra from C:\Users\katra\OneDrive\Desktop
# Computer Name: DESKTOP-AKN8A88
# OS: Windows 10 X64 (19042) 
# Number of passes: 1
 
- Checked options -
 
    ~ Delete Tools
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Delete Tools -
 
 
  ## ESET Online Scanner
     [OK] C:\Users\katra\OneDrive\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\katra\OneDrive\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\katra\AppData\Local\ESET\ESETOnlineScanner deleted
 
  ## FRST
     [OK] C:\Users\katra\OneDrive\Desktop\Addition.txt deleted
     [OK] C:\Users\katra\OneDrive\Desktop\Fixlog.txt deleted
     [OK] C:\Users\katra\OneDrive\Desktop\FRST.txt deleted
     [OK] C:\Users\katra\OneDrive\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Clear Restore Points -
 
   ~ [OK] RP named ExpressVPN created at 06/17/2021 18:41:11 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 06/19/2021 01:40:00
 
-- KPRM finished in 37.98s --

  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Thanks. We are finished here.

 

As I see, you are in very good hands.  :thumbsup:


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP