Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-12-2023 Ran by HeatherSchmidt (administrator) on SPF-SURFLAP-02 (Microsoft Corporation Surface Laptop) (19-12-2023 16:52:10) Running from C:\Users\HeatherSchmidt\Downloads\FRST64.exe Loaded Profiles: stpau Platform: Microsoft Windows 10 Pro Version 22H2 19045.3693 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5> (C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2> (cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <35> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10> (Microsoft Corporation -> Microsoft Corporation) C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.246.1127.0002\Microsoft.SharePoint.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\23.246.1127.0002\Microsoft.SharePoint.exe (services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe (services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe (services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe (services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe (services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHDCPSvc.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHeciSvc.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe (services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe <3> (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.17029.20068.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe [835680 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\Run: [MicrosoftEdgeAutoLaunch_0855A1A81046EA4266AD4A591E8E8A44] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3854376 2023-12-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [65858576 2023-12-19] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-12-19] () <==== ATTENTION [zero byte File/Folder] HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-12-19] () <==== ATTENTION [zero byte File/Folder] HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [Microsoft Edge Update] => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-30] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [MicrosoftEdgeAutoLaunch_F41116DA4D5A8E07261DEDFA84F00E92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2023-12-14] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [65858576 2023-12-15] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RunOnce: [Uninstall 23.226.1031.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.226.1031.0003" [0 2023-12-15] () <==== ATTENTION [zero byte File/Folder] HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\120.0.6099.110\Installer\chrmstp.exe [2023-12-19] (Google LLC -> Google LLC) ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {CEB215B1-5F23-4D2D-AD6A-B86B638CAC47} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] -> Task: {31D5F0DC-229F-4BAD-8E29-6C923F13F713} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml Task: {9DAF5495-01DD-47ED-A9FA-2B05FD5EBA25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.) Task: {684DF2A7-3B26-4625-830C-BB6AF1F654EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.) Task: {AD7CD73E-3769-4F13-8BE0-C8CF19C85C7F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685Core{5641AC22-3E9E-482F-A78E-AC767BE88448} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation) Task: {744A508A-0840-4EDF-B6C0-D471D0431BAC} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685UA{B9FD4C39-41C2-4FAB-A642-FEF8BAEFF810} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.123.1 Tcpip\..\Interfaces\{ad987e25-2c98-42dc-b13d-177e7d5cb4bf}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{bc739b88-c39c-46f8-9e2a-0aaa86f4f8a5}: [DhcpNameServer] 192.168.123.1 Edge: ======= Edge Profile: C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-19] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2023-12-19] Edge Extension: (Google Docs Offline) - C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04] Edge Extension: (Edge relevant text changes) - C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-04] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Chrome: ======= CHR Profile: C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default [2023-12-19] CHR Extension: (Google Docs Offline) - C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-12-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-04] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> ) R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> ) R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> ) R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2023-12-08] (Malwarebytes Inc. -> Malwarebytes) R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534584 2023-12-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SurfaceExperienceService-61.23100.116; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-10-02] (Microsoft Corporation -> Microsoft) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 Intersil290XXHID; C:\WINDOWS\System32\drivers\Intersil290XXHID.sys [57224 2017-06-16] (WDKTestCert satertza,131307991872382624 -> Intersil Corporation) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222784 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2023-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188008 2023-12-08] (Malwarebytes Inc. -> Malwarebytes) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-12-19 16:48 - 2023-12-19 16:55 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Malwarebytes 2023-12-15 13:08 - 2023-12-15 13:08 - 000000000 ___HD C:\$WinREAgent 2023-12-08 12:08 - 2023-12-08 12:08 - 000112889 _____ C:\Users\ChadClough\Downloads\WLS Basketball Rules (2023).pdf 2023-12-08 10:02 - 2023-12-08 10:02 - 000001427 _____ C:\Users\ChadClough\Desktop\malwarebytes.txt 2023-12-08 09:51 - 2023-12-08 09:51 - 000188008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2023-12-08 09:51 - 2023-12-08 09:51 - 000000000 ____D C:\Users\ChadClough\AppData\Local\mbam 2023-12-08 09:50 - 2023-12-19 16:55 - 000000000 ____D C:\Users\ChadClough\AppData\Local\Malwarebytes 2023-12-08 09:50 - 2023-12-08 09:50 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-12-08 09:50 - 2023-12-08 09:50 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-12-08 09:49 - 2023-12-08 09:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-12-08 09:49 - 2023-12-08 09:49 - 000000000 ____D C:\Program Files\Malwarebytes 2023-12-08 09:48 - 2023-12-08 09:48 - 002606880 _____ (Malwarebytes) C:\Users\ChadClough\Downloads\MBSetup.exe 2023-12-08 09:46 - 2023-12-08 09:47 - 000000000 ____D C:\AdwCleaner 2023-12-08 09:46 - 2023-12-08 09:46 - 008791352 _____ (Malwarebytes) C:\Users\ChadClough\Downloads\AdwCleaner.exe 2023-12-08 08:45 - 2023-12-08 08:45 - 000000008 _____ C:\ProgramData\ntuser.pol 2023-12-08 08:28 - 2023-12-08 08:36 - 000021006 _____ C:\Users\ChadClough\Downloads\Fixlog.txt 2023-12-08 08:26 - 2023-12-08 10:17 - 000001545 _____ C:\Users\ChadClough\Desktop\FRST64.exe - Shortcut.lnk 2023-12-04 08:41 - 2023-12-04 08:41 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Comms 2023-12-04 08:41 - 2023-12-04 08:41 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\__SHARED 2023-12-04 08:36 - 2023-12-04 08:36 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Spelling 2023-12-04 08:33 - 2023-12-04 08:35 - 000021351 _____ C:\Users\HeatherSchmidt\Downloads\Addition.txt 2023-12-04 08:29 - 2023-12-19 16:53 - 000016718 _____ C:\Users\HeatherSchmidt\Downloads\FRST.txt 2023-12-04 08:26 - 2023-12-19 16:52 - 002387456 _____ (Farbar) C:\Users\HeatherSchmidt\Downloads\FRST64.exe 2023-12-04 08:26 - 2023-12-19 16:52 - 000000000 ____D C:\Users\HeatherSchmidt\Downloads\FRST-OlderVersion 2023-12-04 08:24 - 2023-12-19 16:50 - 000003616 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-1721880173-1220933218-3369430184-3542225890 2023-12-04 08:24 - 2023-12-04 08:25 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\D3DSCache 2023-12-04 08:23 - 2023-12-19 16:50 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-1721880173-1220933218-3369430184-3542225890 2023-12-04 08:23 - 2023-12-04 08:23 - 000000000 ___RD C:\Users\HeatherSchmidt\OneDrive 2023-12-04 08:23 - 2023-12-04 08:23 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\PlaceholderTileLogoFolder 2023-12-04 08:22 - 2023-12-19 16:52 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Packages 2023-12-04 08:22 - 2023-12-19 16:50 - 000002432 _____ C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-12-04 08:22 - 2023-12-19 16:48 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\ConnectedDevicesPlatform 2023-12-04 08:22 - 2023-12-04 08:23 - 000002358 _____ C:\Users\HeatherSchmidt\Desktop\Google Chrome.lnk 2023-12-04 08:22 - 2023-12-04 08:23 - 000000000 ____D C:\Users\HeatherSchmidt 2023-12-04 08:22 - 2023-12-04 08:22 - 000000020 ___SH C:\Users\HeatherSchmidt\ntuser.ini 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\SystemCertificates 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Protect 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Crypto 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Credentials 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___RD C:\Users\HeatherSchmidt\3D Objects 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Windows 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Vault 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Adobe 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\LocalLow\Intel 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\VirtualStore 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Publishers 2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Google 2023-12-04 08:22 - 2020-08-30 18:46 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Network 2023-12-03 14:49 - 2023-12-11 08:34 - 000021172 _____ C:\Users\ChadClough\Downloads\Addition.txt 2023-12-03 14:45 - 2023-12-11 08:34 - 000033077 _____ C:\Users\ChadClough\Downloads\FRST.txt 2023-12-03 14:45 - 2023-12-11 08:28 - 000000000 ____D C:\Users\ChadClough\Downloads\FRST-OlderVersion 2023-12-03 14:44 - 2023-12-19 16:52 - 000000000 ____D C:\FRST 2023-12-03 14:43 - 2023-12-11 08:28 - 002385408 _____ (Farbar) C:\Users\ChadClough\Downloads\FRST64.exe 2023-11-29 08:42 - 2023-11-29 08:42 - 000046685 _____ C:\Users\ChadClough\Downloads\LAA Basketball Rules (1).pdf ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-12-19 16:53 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState 2023-12-19 16:53 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-12-19 16:53 - 2017-12-01 02:58 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-12-19 16:52 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-12-19 16:50 - 2021-12-19 02:01 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-12-19 16:50 - 2018-08-23 17:08 - 000000000 ____D C:\Program Files (x86)\Google 2023-12-19 16:49 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-12-19 16:48 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-12-19 16:32 - 2020-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-12-19 14:26 - 2023-03-20 07:25 - 000003328 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check 2023-12-19 07:51 - 2018-08-23 17:08 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-12-19 07:48 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2023-12-15 13:10 - 2020-07-29 18:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-12-15 13:09 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-12-15 13:08 - 2022-11-14 16:22 - 000000000 ___RD C:\Users\ChadClough\OneDrive - St. Paul's Lutheran 2023-12-15 13:08 - 2021-12-13 07:21 - 000003608 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-379402305-1282805949-553899156-2530637685 2023-12-15 13:08 - 2020-08-30 18:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-379402305-1282805949-553899156-2530637685 2023-12-15 13:08 - 2020-08-30 18:41 - 000002416 _____ C:\Users\ChadClough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-12-11 08:33 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF 2023-12-11 08:25 - 2020-08-30 18:49 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-12-08 09:50 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2023-12-08 08:45 - 2020-08-30 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-12-08 08:45 - 2020-08-30 18:40 - 000008192 ___SH C:\DumpStack.log.tmp 2023-12-08 08:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2023-12-08 08:45 - 2019-12-07 03:03 - 002621440 _____ C:\WINDOWS\system32\config\BBI 2023-12-08 08:45 - 2018-09-27 06:51 - 000041448 _____ C:\WINDOWS\system32\OV9734_FRONT.aiqd 2023-12-08 08:29 - 2017-09-29 07:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2023-12-06 12:53 - 2018-08-22 22:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-12-05 18:47 - 2020-08-30 18:52 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-12-05 18:47 - 2020-08-30 18:52 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2023-12-05 08:15 - 2020-08-30 18:40 - 000259496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-12-05 06:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2023-12-05 06:39 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2023-12-05 06:35 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2023-12-05 06:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-12-05 06:06 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-12-05 06:01 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2023-12-05 06:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2023-12-05 06:01 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2023-12-05 05:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences 2023-12-05 05:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-12-05 05:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2023-12-05 05:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-12-05 05:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-12-05 05:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2023-12-05 05:51 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2023-12-05 05:41 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2023-12-05 05:41 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2023-12-05 05:41 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2023-12-05 05:40 - 2019-12-07 03:54 - 000000000 ___SD C:\WINDOWS\system32\AppV 2023-12-05 05:40 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2023-12-05 05:40 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2023-12-05 05:40 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Com 2023-12-05 05:40 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\appraiser 2023-12-05 05:40 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2023-12-05 03:58 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2023-12-05 03:58 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2023-12-05 03:57 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2023-12-05 03:57 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning 2023-12-05 03:57 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\IME 2023-12-05 03:57 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing 2023-12-05 03:56 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-12-05 03:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-12-05 03:56 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2023-12-05 03:55 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-12-05 03:55 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-12-05 03:55 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-12-05 03:55 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-12-05 02:24 - 2021-04-27 01:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-12-05 02:23 - 2019-12-07 03:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2023-12-05 02:23 - 2019-12-07 03:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2023-12-05 02:23 - 2019-12-07 03:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2023-12-05 02:13 - 2020-08-30 18:43 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-12-05 01:56 - 2018-08-22 22:25 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-12-05 01:53 - 2018-08-22 22:25 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-12-04 22:02 - 2020-07-29 18:11 - 000000000 ____D C:\Users\ChadClough\AppData\Local\Packages 2023-12-04 21:59 - 2020-07-29 18:11 - 000000000 ____D C:\Users\ChadClough\AppData\Local\Publishers ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================