Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-Ups [Closed]

Started by caclough , Dec 03 2023 02:55 PM

  • This topic is locked This topic is locked

#1
caclough
Posted 03 December 2023 - 02:55 PM

caclough

    Member

  • Member
  • PipPip
  • 13 posts

My son tried to use the computer for a streaming service for sports. Yay! 

We were getting pop-ups from "mcafee" about a trojan virus. I went into the settings and disabled the popups but I want to clean everything out. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by ChadClough (administrator) on SPF-SURFLAP-02 (Microsoft Corporation Surface Laptop) (03-12-2023 14:45:34)
Running from C:\Users\ChadClough\Downloads\FRST64.exe
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\Microsoft.SharePoint.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe [835680 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [Microsoft Edge Update] => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [MicrosoftEdgeAutoLaunch_F41116DA4D5A8E07261DEDFA84F00E92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22157D82-0232-49AC-A44D-12632831B39D} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] -> 
Task: {31D5F0DC-229F-4BAD-8E29-6C923F13F713} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {9DAF5495-01DD-47ED-A9FA-2B05FD5EBA25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {684DF2A7-3B26-4625-830C-BB6AF1F654EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {08DA88DF-745D-4163-8EC8-885A6741441B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {796F4F32-79D6-4064-8726-AA345C6B0D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68C166D9-3452-4A69-98BB-44577747D5BC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {93FD2A37-E792-4074-819A-80DAC8E5D1BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {94E82032-6BCC-4D44-9C4C-36A7B99DBAA9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {3F359453-7FD0-4773-A094-29C608E19C70} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DEDBB65B-56BF-40DA-9A14-74FA2386D95F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {F179CF83-817B-49B2-A351-D53C4767A169} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {90D7FFB9-3C91-4D1F-AAD8-64966471E06F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E5E67958-8947-40DC-B118-3490751D26D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1D3AA9F1-85A6-48D4-90B0-4CC311992B85} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {24BFF3C2-1A2E-4974-9789-8DEAF77EBC82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F360C233-8175-483A-B355-4C49A318AC7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70F7CD3A-659E-4E76-BDC9-FE15599C1980} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD7CD73E-3769-4F13-8BE0-C8CF19C85C7F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685Core{5641AC22-3E9E-482F-A78E-AC767BE88448} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {744A508A-0840-4EDF-B6C0-D471D0431BAC} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685UA{B9FD4C39-41C2-4FAB-A642-FEF8BAEFF810} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE6A481-7A98-4D13-A04D-18817F56F559} - System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{ad987e25-2c98-42dc-b13d-177e7d5cb4bf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bc739b88-c39c-46f8-9e2a-0aaa86f4f8a5}: [DhcpNameServer] 208.67.222.222 208.67.220.220
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-03]
Edge Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-26]
Edge Extension: (Edge relevant text changes) - C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default [2023-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-16]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-12-03]
CHR Notifications: Profile 1 -> hxxps://www.draftkings.com
CHR Extension: (DuckDuckGo) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2023-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10 [2023-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-05]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
CHR Extension: (GoGuardian) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2023-07-12] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (GoGuardian License) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\omhaleedeaclhfacmpbpmmlclpfcjnlk [2021-04-16] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-06-01]
CHR Notifications: Profile 3 -> hxxps://meet.google.com
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-10]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9 [2023-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18]
CHR Extension: (GoGuardian) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2023-10-02] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-24]
CHR Extension: (GoGuardian License) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\omhaleedeaclhfacmpbpmmlclpfcjnlk [2022-08-24] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-03]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SurfaceExperienceService-61.23090.124; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-10-02] (Microsoft Corporation -> Microsoft)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 Intersil290XXHID; C:\WINDOWS\System32\drivers\Intersil290XXHID.sys [57224 2017-06-16] (WDKTestCert satertza,131307991872382624 -> Intersil Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-03 14:45 - 2023-12-03 14:47 - 000021687 _____ C:\Users\ChadClough\Downloads\FRST.txt
2023-12-03 14:45 - 2023-12-03 14:45 - 000000000 ____D C:\Users\ChadClough\Downloads\FRST-OlderVersion
2023-12-03 14:44 - 2023-12-03 14:46 - 000000000 ____D C:\FRST
2023-12-03 14:43 - 2023-12-03 14:45 - 002384384 _____ (Farbar) C:\Users\ChadClough\Downloads\FRST64.exe
2023-12-03 14:24 - 2023-12-03 14:24 - 000000000 ___HD C:\$WinREAgent
2023-11-29 08:42 - 2023-11-29 08:42 - 000046685 _____ C:\Users\ChadClough\Downloads\LAA Basketball Rules (1).pdf
2023-11-12 11:43 - 2023-11-12 11:43 - 000626982 _____ C:\Users\ChadClough\Downloads\105546 (3).xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-03 14:44 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-03 14:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-03 14:36 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-03 14:23 - 2022-11-14 16:22 - 000000000 ___RD C:\Users\ChadClough\OneDrive - St. Paul's Lutheran
2023-12-03 14:23 - 2020-08-30 18:49 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-03 14:19 - 2021-12-19 02:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-03 14:19 - 2018-08-23 17:08 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-03 14:15 - 2020-08-30 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-03 14:15 - 2020-08-30 18:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-03 14:15 - 2019-12-07 03:03 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2023-12-03 14:15 - 2018-09-27 06:51 - 000041448 _____ C:\WINDOWS\system32\OV9734_FRONT.aiqd
2023-12-03 14:12 - 2020-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-01 16:26 - 2023-03-20 07:25 - 000003328 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-12-01 13:44 - 2018-08-23 17:08 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-30 18:09 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-30 12:00 - 2020-07-29 18:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-29 13:45 - 2020-08-30 18:52 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-29 13:45 - 2020-08-30 18:52 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-20 07:28 - 2021-12-13 07:21 - 000003608 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:41 - 000002416 _____ C:\Users\ChadClough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-12 12:00 - 2018-08-22 22:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-11-06 17:58 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by ChadClough (03-12-2023 14:49:17)
Running from C:\Users\ChadClough\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2020-08-31 00:52:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3251423693-4260676575-3805690949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3251423693-4260676575-3805690949-503 - Limited - Disabled)
Guest (S-1-5-21-3251423693-4260676575-3805690949-501 - Limited - Disabled)
stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau
WDAGUtilityAccount (S-1-5-21-3251423693-4260676575-3805690949-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
RingCentral Meetings (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Zoom (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)
 
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-12] (HP Inc.)
LEGO Education SPIKE -> C:\Program Files\WindowsApps\LEGOEducation.SPIKELEGOEducation_2.0.10.0_x64__by3p0hsm2jzfy [2023-02-03] (LEGO Education)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-31] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-06-14] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-23] (Microsoft Studios) [MS Ad]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe [2023-10-03] (Microsoft Corporation)
Toshiba Print Experience -> C:\Program Files\WindowsApps\TOSHIBATEC.ToshibaPrintExperience_10.70.3989.68_x86__8ck45jgtf9y1t [2023-03-01] (Toshiba Tec Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{04271989-C4D2-0029-05B3-BC25C3BC39B8} -> [OneDrive - St. Paul's Lutheran] => C:\Users\ChadClough\OneDrive - St. Paul's Lutheran [2022-11-14 16:22]
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Chad (Mr. Clough) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Kayla - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Will (Will Cash Money) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\ChadClough\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c8ad4c51c070a52f\GoGuardian.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=haldlgldplgnggkjaafhelgiaglafanh
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 07:46 - 2017-09-29 07:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{F4AF4BF4-6404-4C7F-987A-A6971BDDFBA3}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{962F00B5-A61D-4026-BCAA-0C6716938EDA}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{84F7B634-44BB-4BCF-A30D-2BC2CA7F42AD}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{AC4E30B7-DACA-4BE4-8204-761A4F526CEF}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E93C769E-5097-4C06-BC80-F5D38379F0CC}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{2E1414C1-1CF0-475A-9D46-C6D2B8CD9523}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [TCP Query User{7DC159DE-5B6F-461C-82F3-DE5FF933D2E2}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{C7A76A08-DD9F-47CC-BCDA-D48950FDF7B3}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{38CCCB62-C0DB-4281-BDC6-32C5D4714569}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3B31C1DA-5717-4D29-B2EC-E20685E1075D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2D66E104-9BFA-466E-95EF-53BFC437E1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{26922A9C-4239-4038-861D-DF70239C09B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B60C575-4318-403F-8759-CC8C61BC6118}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1004200-093C-42DA-90EE-1AA24BC5A730}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1FBDCEC-816C-4EA6-8D0E-C8B54C86D3CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3DD36FCB-12DA-4FAD-BA0E-14E79293979E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDB5AFE4-09E0-4CD8-92D1-45C200C4010B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{766CC420-2C65-443E-B791-DCD0F8846EB8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:117.91 GB) (Free:59.09 GB) (50%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (11/27/2023 02:31:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2b48
 
Start Time: 01da02c872fbe1ab
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 8f77d9df-8e51-4fae-a764-5045a2e0ecc3
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (11/20/2023 07:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 23.221.1024.2, time stamp: 0x22e834bf
Faulting module name: ntdll.dll, version: 10.0.19041.3570, time stamp: 0x3be1c500
Exception code: 0xc0000409
Fault offset: 0x00000000000a2350
Faulting process id: 0x2578
Faulting application start time: 0x01da158fe509189b
Faulting application path: C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 46303b07-fd55-4b36-b3ec-53d598e59398
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/19/2023 07:54:09 AM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
 
System errors:
=============
Error: (12/03/2023 02:15:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (12/03/2023 02:14:42 PM) (Source: DCOM) (EventID: 10010) (User: AzureAD)
Description: The server {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} did not register with DCOM within the required timeout.
 
Error: (12/03/2023 02:12:32 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/02/2023 07:37:06 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/02/2023 12:26:18 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (12/01/2023 09:24:16 PM) (Source: SurfaceAcpiNotify) (EventID: 17408) (User: )
Description: RQST(1, 28, 0) error: 6
 
Error: (12/01/2023 09:24:16 PM) (Source: SurfaceSerialHubDriver) (EventID: 15) (User: )
Description: Surface Serial Hub Driver get response timeout, CanceledID = 40096, TargetCategory = SAM, CommandID = 28.
 
Error: (12/01/2023 09:24:12 PM) (Source: SurfaceSerialHubDriver) (EventID: 13) (User: )
Description: Surface Serial Hub Driver spurious Ack found, Sequence Number = 110.
 
 
Windows Defender:
================
Date: 2023-10-03 07:51:06
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:19:39
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2023-12-03 14:19:39
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out 
 
CodeIntegrity:
===============
Date: 2022-03-15 11:06:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Microsoft Corporation 138.3732.768 04.20.2021
Motherboard: Microsoft Corporation Surface Laptop
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 8109.11 MB
Available physical RAM: 3054.82 MB
Total Virtual: 9773.11 MB
Available Virtual: 4253.02 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:117.91 GB) (Free:59.08 GB) (Model: THNSN0128GTYA TOSHIBA) (Protected) NTFS
 
\\?\Volume{d610b4fa-0d6d-4c71-95b3-bafad241d102}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.31 GB) NTFS
\\?\Volume{2c73e5b8-ba32-4fc1-86c6-7298b8ffd405}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3360B8F4)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 04 December 2023 - 05:02 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Hello.

 

This is from your FRST log:

 

Running from C:\Users\ChadClough\Downloads\FRST64.exe
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
 
But in the Addition log we see:
 
Administrator (S-1-5-21-3251423693-4260676575-3805690949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3251423693-4260676575-3805690949-503 - Limited - Disabled)
Guest (S-1-5-21-3251423693-4260676575-3805690949-501 - Limited - Disabled)
stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau
WDAGUtilityAccount (S-1-5-21-3251423693-4260676575-3805690949-504 - Limited - Disabled)
 
 
Can you please sign out, restart and post logs once more? When you restart, sign in with stpau account. 
 
To sign out, select Start , then on the left side of the Start menu, choose the Accounts  icon (or picture), and then select Sign out. See here for more details.

  • 0

#3
caclough
Posted 04 December 2023 - 07:29 AM

caclough

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I'll see if I can get that login. If not, there's nothing that we can do? 


  • 0

#4
caclough
Posted 04 December 2023 - 08:37 AM

caclough

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hopefully this works. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by HeatherSchmidt (administrator) on SPF-SURFLAP-02 (Microsoft Corporation Surface Laptop) (04-12-2023 08:29:12)
Running from C:\Users\HeatherSchmidt\Downloads\FRST64.exe
Loaded Profiles: stpau
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe <3>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(winlogon.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\Microsoft.SharePoint.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe [835680 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\Run: [MicrosoftEdgeAutoLaunch_0855A1A81046EA4266AD4A591E8E8A44] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [42164600 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [Microsoft Edge Update] => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [MicrosoftEdgeAutoLaunch_F41116DA4D5A8E07261DEDFA84F00E92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22157D82-0232-49AC-A44D-12632831B39D} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] -> 
Task: {31D5F0DC-229F-4BAD-8E29-6C923F13F713} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {9DAF5495-01DD-47ED-A9FA-2B05FD5EBA25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {684DF2A7-3B26-4625-830C-BB6AF1F654EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {08DA88DF-745D-4163-8EC8-885A6741441B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {796F4F32-79D6-4064-8726-AA345C6B0D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68C166D9-3452-4A69-98BB-44577747D5BC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {93FD2A37-E792-4074-819A-80DAC8E5D1BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {94E82032-6BCC-4D44-9C4C-36A7B99DBAA9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {3F359453-7FD0-4773-A094-29C608E19C70} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DEDBB65B-56BF-40DA-9A14-74FA2386D95F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {F179CF83-817B-49B2-A351-D53C4767A169} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {90D7FFB9-3C91-4D1F-AAD8-64966471E06F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E5E67958-8947-40DC-B118-3490751D26D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1D3AA9F1-85A6-48D4-90B0-4CC311992B85} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {24BFF3C2-1A2E-4974-9789-8DEAF77EBC82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F360C233-8175-483A-B355-4C49A318AC7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70F7CD3A-659E-4E76-BDC9-FE15599C1980} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD7CD73E-3769-4F13-8BE0-C8CF19C85C7F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685Core{5641AC22-3E9E-482F-A78E-AC767BE88448} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {744A508A-0840-4EDF-B6C0-D471D0431BAC} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685UA{B9FD4C39-41C2-4FAB-A642-FEF8BAEFF810} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE6A481-7A98-4D13-A04D-18817F56F559} - System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.123.1
Tcpip\..\Interfaces\{ad987e25-2c98-42dc-b13d-177e7d5cb4bf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bc739b88-c39c-46f8-9e2a-0aaa86f4f8a5}: [DhcpNameServer] 192.168.123.1
 
Edge: 
=======
Edge Profile: C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-04]
Edge Extension: (Google Docs Offline) - C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04]
Edge Extension: (Edge relevant text changes) - C:\Users\HeatherSchmidt\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-04]
 
Chrome: 
=======
CHR Profile: C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default [2023-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HeatherSchmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-12-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SurfaceExperienceService-61.23090.124; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-10-02] (Microsoft Corporation -> Microsoft)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 Intersil290XXHID; C:\WINDOWS\System32\drivers\Intersil290XXHID.sys [57224 2017-06-16] (WDKTestCert satertza,131307991872382624 -> Intersil Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-04 08:29 - 2023-12-04 08:30 - 000018276 _____ C:\Users\HeatherSchmidt\Downloads\FRST.txt
2023-12-04 08:26 - 2023-12-04 08:26 - 002384384 _____ (Farbar) C:\Users\HeatherSchmidt\Downloads\FRST64.exe
2023-12-04 08:26 - 2023-12-04 08:26 - 000000000 ____D C:\Users\HeatherSchmidt\Downloads\FRST-OlderVersion
2023-12-04 08:24 - 2023-12-04 08:25 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\D3DSCache
2023-12-04 08:24 - 2023-12-04 08:24 - 000003616 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-1721880173-1220933218-3369430184-3542225890
2023-12-04 08:23 - 2023-12-04 08:24 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-1721880173-1220933218-3369430184-3542225890
2023-12-04 08:23 - 2023-12-04 08:23 - 000000000 ___RD C:\Users\HeatherSchmidt\OneDrive
2023-12-04 08:23 - 2023-12-04 08:23 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\PlaceholderTileLogoFolder
2023-12-04 08:22 - 2023-12-04 08:24 - 000002416 _____ C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-04 08:22 - 2023-12-04 08:24 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Packages
2023-12-04 08:22 - 2023-12-04 08:23 - 000002358 _____ C:\Users\HeatherSchmidt\Desktop\Google Chrome.lnk
2023-12-04 08:22 - 2023-12-04 08:23 - 000000000 ____D C:\Users\HeatherSchmidt
2023-12-04 08:22 - 2023-12-04 08:22 - 000002458 _____ C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-04 08:22 - 2023-12-04 08:22 - 000000020 ___SH C:\Users\HeatherSchmidt\ntuser.ini
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\SystemCertificates
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Protect
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Crypto
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___SD C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Credentials
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ___RD C:\Users\HeatherSchmidt\3D Objects
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Windows
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Vault
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Adobe
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\LocalLow\Intel
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\VirtualStore
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Publishers
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\Google
2023-12-04 08:22 - 2023-12-04 08:22 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Local\ConnectedDevicesPlatform
2023-12-04 08:22 - 2020-08-30 18:46 - 000000000 ____D C:\Users\HeatherSchmidt\AppData\Roaming\Microsoft\Network
2023-12-03 14:49 - 2023-12-03 14:51 - 000024071 _____ C:\Users\ChadClough\Downloads\Addition.txt
2023-12-03 14:45 - 2023-12-03 14:51 - 000025296 _____ C:\Users\ChadClough\Downloads\FRST.txt
2023-12-03 14:45 - 2023-12-03 14:45 - 000000000 ____D C:\Users\ChadClough\Downloads\FRST-OlderVersion
2023-12-03 14:44 - 2023-12-04 08:29 - 000000000 ____D C:\FRST
2023-12-03 14:43 - 2023-12-03 14:45 - 002384384 _____ (Farbar) C:\Users\ChadClough\Downloads\FRST64.exe
2023-12-03 14:24 - 2023-12-03 14:24 - 000000000 ___HD C:\$WinREAgent
2023-11-29 08:42 - 2023-11-29 08:42 - 000046685 _____ C:\Users\ChadClough\Downloads\LAA Basketball Rules (1).pdf
2023-11-12 11:43 - 2023-11-12 11:43 - 000626982 _____ C:\Users\ChadClough\Downloads\105546 (3).xlsx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-12-04 08:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-04 08:23 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-04 08:23 - 2017-12-01 02:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-12-04 08:22 - 2021-12-19 02:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-04 08:22 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-04 08:22 - 2018-08-23 17:08 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-04 07:59 - 2020-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-04 07:22 - 2020-08-30 18:49 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-04 07:22 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-03 14:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-03 14:23 - 2022-11-14 16:22 - 000000000 ___RD C:\Users\ChadClough\OneDrive - St. Paul's Lutheran
2023-12-03 14:15 - 2020-08-30 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-03 14:15 - 2020-08-30 18:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-03 14:15 - 2019-12-07 03:03 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2023-12-03 14:15 - 2018-09-27 06:51 - 000041448 _____ C:\WINDOWS\system32\OV9734_FRONT.aiqd
2023-12-01 16:26 - 2023-03-20 07:25 - 000003328 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-12-01 13:44 - 2018-08-23 17:08 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-30 12:00 - 2020-07-29 18:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-29 13:45 - 2020-08-30 18:52 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-29 13:45 - 2020-08-30 18:52 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-20 07:28 - 2021-12-13 07:21 - 000003608 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:41 - 000002416 _____ C:\Users\ChadClough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-12 12:00 - 2018-08-22 22:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-11-06 17:58 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by HeatherSchmidt (04-12-2023 08:33:01)
Running from C:\Users\HeatherSchmidt\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2020-08-31 00:52:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3251423693-4260676575-3805690949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3251423693-4260676575-3805690949-503 - Limited - Disabled)
Guest (S-1-5-21-3251423693-4260676575-3805690949-501 - Limited - Disabled)
stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau
WDAGUtilityAccount (S-1-5-21-3251423693-4260676575-3805690949-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
RingCentral Meetings (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Zoom (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)
 
Packages:
=========
Toshiba Print Experience -> C:\Program Files\WindowsApps\TOSHIBATEC.ToshibaPrintExperience_10.70.3989.68_x86__8ck45jgtf9y1t [2023-12-04] (Toshiba Tec Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{04271989-C4D2-0029-05B3-BC25C3BC39B8} -> [OneDrive - St. Paul's Lutheran] => C:\Users\ChadClough\OneDrive - St. Paul's Lutheran [2022-11-14 16:22]
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 07:46 - 2017-09-29 07:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.123.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{F4AF4BF4-6404-4C7F-987A-A6971BDDFBA3}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{962F00B5-A61D-4026-BCAA-0C6716938EDA}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{84F7B634-44BB-4BCF-A30D-2BC2CA7F42AD}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{AC4E30B7-DACA-4BE4-8204-761A4F526CEF}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E93C769E-5097-4C06-BC80-F5D38379F0CC}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{2E1414C1-1CF0-475A-9D46-C6D2B8CD9523}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [TCP Query User{7DC159DE-5B6F-461C-82F3-DE5FF933D2E2}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{C7A76A08-DD9F-47CC-BCDA-D48950FDF7B3}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{38CCCB62-C0DB-4281-BDC6-32C5D4714569}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3B31C1DA-5717-4D29-B2EC-E20685E1075D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2D66E104-9BFA-466E-95EF-53BFC437E1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{26922A9C-4239-4038-861D-DF70239C09B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B60C575-4318-403F-8759-CC8C61BC6118}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1004200-093C-42DA-90EE-1AA24BC5A730}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1FBDCEC-816C-4EA6-8D0E-C8B54C86D3CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3DD36FCB-12DA-4FAD-BA0E-14E79293979E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDB5AFE4-09E0-4CD8-92D1-45C200C4010B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{766CC420-2C65-443E-B791-DCD0F8846EB8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:117.91 GB) (Free:57.56 GB) (49%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/04/2023 08:22:48 AM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (14368,P,98) TILEREPOSITORYS-1-12-1-1721880173-1220933218-3369430184-3542225890: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (11/27/2023 02:31:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2b48
 
Start Time: 01da02c872fbe1ab
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 8f77d9df-8e51-4fae-a764-5045a2e0ecc3
 
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
Error: (11/20/2023 07:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 23.221.1024.2, time stamp: 0x22e834bf
Faulting module name: ntdll.dll, version: 10.0.19041.3570, time stamp: 0x3be1c500
Exception code: 0xc0000409
Fault offset: 0x00000000000a2350
Faulting process id: 0x2578
Faulting application start time: 0x01da158fe509189b
Faulting application path: C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 46303b07-fd55-4b36-b3ec-53d598e59398
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 13) (User: )
Description: Surface Serial Hub Driver spurious Ack found, Sequence Number = 238.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 13) (User: )
Description: Surface Serial Hub Driver spurious Ack found, Sequence Number = 238.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 769, TargetCategory = SAM, CommandID = 11.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 769, TargetCategory = SAM, CommandID = 11.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 769, TargetCategory = SAM, CommandID = 11.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 769, TargetCategory = SAM, CommandID = 11.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 769, TargetCategory = SAM, CommandID = 11.
 
Error: (12/04/2023 07:21:12 AM) (Source: SurfaceSerialHubDriver) (EventID: 14) (User: )
Description: Surface Serial Hub Driver spurious packet found, RequestID = 768, TargetCategory = SAM, CommandID = 11.
 
 
Windows Defender:
================
Date: 2023-10-03 07:51:06
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:20:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2023-12-03 14:19:39
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2023-12-03 14:19:39
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out 
 
CodeIntegrity:
===============
Date: 2022-03-15 11:06:07
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: Microsoft Corporation 138.3732.768 04.20.2021
Motherboard: Microsoft Corporation Surface Laptop
Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 8109.11 MB
Available physical RAM: 3063.09 MB
Total Virtual: 9773.11 MB
Available Virtual: 4111.58 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:117.91 GB) (Free:57.56 GB) (Model: THNSN0128GTYA TOSHIBA) (Protected) NTFS
 
\\?\Volume{d610b4fa-0d6d-4c71-95b3-bafad241d102}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.31 GB) NTFS
\\?\Volume{2c73e5b8-ba32-4fc1-86c6-7298b8ffd405}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3360B8F4)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#5
DR M
Posted 05 December 2023 - 05:13 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Hi.
 
Now we will start the cleaning procedure.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#6
DR M
Posted 05 December 2023 - 05:17 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Moving on.

First, make sure that you moved the FRST tool from your Downloads folder on to your Desktop.

 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {08DA88DF-745D-4163-8EC8-885A6741441B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {796F4F32-79D6-4064-8726-AA345C6B0D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68C166D9-3452-4A69-98BB-44577747D5BC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {93FD2A37-E792-4074-819A-80DAC8E5D1BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {94E82032-6BCC-4D44-9C4C-36A7B99DBAA9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {3F359453-7FD0-4773-A094-29C608E19C70} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DEDBB65B-56BF-40DA-9A14-74FA2386D95F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {F179CF83-817B-49B2-A351-D53C4767A169} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {90D7FFB9-3C91-4D1F-AAD8-64966471E06F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E5E67958-8947-40DC-B118-3490751D26D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1D3AA9F1-85A6-48D4-90B0-4CC311992B85} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5EE6A481-7A98-4D13-A04D-18817F56F559} - System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
FirewallRules: [{38CCCB62-C0DB-4281-BDC6-32C5D4714569}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3B31C1DA-5717-4D29-B2EC-E20685E1075D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2D66E104-9BFA-466E-95EF-53BFC437E1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

3. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
caclough
Posted 05 December 2023 - 12:33 PM

caclough

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Good morning,

 

Should I run the above procedures under the first account that I was logged in and posted or the second account posted? 


  • 0

#8
DR M
Posted 06 December 2023 - 04:48 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

For some reason that account appeared as a Temporary profile account. Plus, in your accounts in the logs only the following account appears to be enabled:

 
stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau
 
So, please use that account for now. 

  • 0

#9
DR M
Posted 07 December 2023 - 03:41 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Do you need any help to deal with my instructions? 


  • 0

#10
caclough
Posted 08 December 2023 - 10:22 AM

caclough

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

1. Fix result of Farbar Recovery Scan Tool (x64) Version: 08-12-2023

Ran by ChadClough (08-12-2023 08:28:36) Run:1
Running from C:\Users\ChadClough\Downloads
Loaded Profiles: stpau
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\HeatherSchmidt\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {08DA88DF-745D-4163-8EC8-885A6741441B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {796F4F32-79D6-4064-8726-AA345C6B0D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68C166D9-3452-4A69-98BB-44577747D5BC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {93FD2A37-E792-4074-819A-80DAC8E5D1BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {94E82032-6BCC-4D44-9C4C-36A7B99DBAA9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {3F359453-7FD0-4773-A094-29C608E19C70} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DEDBB65B-56BF-40DA-9A14-74FA2386D95F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {F179CF83-817B-49B2-A351-D53C4767A169} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {90D7FFB9-3C91-4D1F-AAD8-64966471E06F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E5E67958-8947-40DC-B118-3490751D26D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1D3AA9F1-85A6-48D4-90B0-4CC311992B85} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {5EE6A481-7A98-4D13-A04D-18817F56F559} - System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
FirewallRules: [{38CCCB62-C0DB-4281-BDC6-32C5D4714569}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3B31C1DA-5717-4D29-B2EC-E20685E1075D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2D66E104-9BFA-466E-95EF-53BFC437E1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
EmptyTemp:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\Software\Microsoft\Windows\CurrentVersion\RunOnce" => not found
 
"C:\WINDOWS\system32\GroupPolicy\Machine" folder move:
 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08DA88DF-745D-4163-8EC8-885A6741441B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08DA88DF-745D-4163-8EC8-885A6741441B}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{796F4F32-79D6-4064-8726-AA345C6B0D30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{796F4F32-79D6-4064-8726-AA345C6B0D30}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68C166D9-3452-4A69-98BB-44577747D5BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68C166D9-3452-4A69-98BB-44577747D5BC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93FD2A37-E792-4074-819A-80DAC8E5D1BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93FD2A37-E792-4074-819A-80DAC8E5D1BE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94E82032-6BCC-4D44-9C4C-36A7B99DBAA9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E82032-6BCC-4D44-9C4C-36A7B99DBAA9}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F359453-7FD0-4773-A094-29C608E19C70}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F359453-7FD0-4773-A094-29C608E19C70}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEDBB65B-56BF-40DA-9A14-74FA2386D95F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEDBB65B-56BF-40DA-9A14-74FA2386D95F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F179CF83-817B-49B2-A351-D53C4767A169}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F179CF83-817B-49B2-A351-D53C4767A169}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90D7FFB9-3C91-4D1F-AAD8-64966471E06F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90D7FFB9-3C91-4D1F-AAD8-64966471E06F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5E67958-8947-40DC-B118-3490751D26D8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5E67958-8947-40DC-B118-3490751D26D8}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D3AA9F1-85A6-48D4-90B0-4CC311992B85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D3AA9F1-85A6-48D4-90B0-4CC311992B85}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EE6A481-7A98-4D13-A04D-18817F56F559}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE6A481-7A98-4D13-A04D-18817F56F559}" => removed successfully
C:\WINDOWS\System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client" => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2} => removed successfully
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38CCCB62-C0DB-4281-BDC6-32C5D4714569}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B31C1DA-5717-4D29-B2EC-E20685E1075D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D66E104-9BFA-466E-95EF-53BFC437E1E4}" => removed successfully
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31646101 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 58579175 B
Edge => 319109 B
Chrome => 3746679969 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
HeatherSchmidt => 46551740 B
JohnMilazzo => 46579114 B
CollinMayer => 47178780 B
LyleTimm => 47289685 B
ChadClough => 6334063571 B
MiriamSchaewe => 6334287701 B
systemprofile => 6334287701 B
systemprofile32 => 6334287701 B
LocalService => 6334287701 B
NetworkService => 6345180587 B
stpau => 6345197215 B
 
RecycleBin => 99235015 B
EmptyTemp: => 45.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:36:46 ====
 
2. # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-08-2023
# Duration: 00:00:24
# OS:       Windows 10 (Build 19045.3693)
# Scanned:  32105
# Detected: 0
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
 
 
3. Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/8/23
Scan Time: 9:54 AM
Log File: 1589d8c0-95e2-11ee-a35f-f06e0bb81b43.json
 
-Software Information-
Version: 4.6.7.301
Components Version: 1.0.2222
Update Package Version: 1.0.78140
License: Trial
 
-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: spf-surflap-02\ChadClough
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318819
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 5 min, 37 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Wave, C:\USERS\CHADCLOUGH\DOWNLOADS\WAVE BROWSER.EXE, No Action By User, 10188, 1065894, 1.0.78140, , ame, , D26AD6D225E376CB20B961E88F06CF5B, 9AAC6E2F21D7F81DDACD20EC2A6F08AA6691328296D7E9946047F57A33CE8E1E
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements

#11
DR M
Posted 08 December 2023 - 11:03 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

OK, you can now go on and quarantine the file detected by Malwarebytes:
 
1. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is unchecked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

2. Fresh FRST logs

 

Run FRST tool once more, and post fresh logs for me to check, Addition and FRST. I would prefer you to attach them instead of copy/paste them in your reply. 

 

 

In your next reply, please post:

  • The Malwarebytes report
  • Fresh FRST logs, Addition and FRST
  • How is the computer running? Any remaining issue/question/concern? 

  • 0

#12
DR M
Posted 11 December 2023 - 06:55 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0

#13
DR M
Posted 11 December 2023 - 08:46 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Topic opened after caclough's request.

 

Caclough,

 

Have in mind that when we are trying to fix a system, it is beneficial the responses to be as quick as possible. Day by day, while we are using a computer, things change and makes things more complicated. So, I would appreciate if you dedicate a few time every day, so we can effectively solve your computer's issues, without asking for new logs every time.

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#14
caclough
Posted 11 December 2023 - 09:48 AM

caclough

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/11/23
Scan Time: 8:22 AM
Log File: a981cd80-9830-11ee-9828-f06e0bb81b43.json
 
-Software Information-
Version: 4.6.7.301
Components Version: 1.0.2222
Update Package Version: 1.0.78262
License: Trial
 
-System Information-
OS: Windows 10 (Build 19045.3693)
CPU: x64
File System: NTFS
User: spf-surflap-02\ChadClough
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 318826
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 5 min, 19 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Wave, C:\USERS\CHADCLOUGH\DOWNLOADS\WAVE BROWSER.EXE, Quarantined, 10180, 1065894, 1.0.78262, , ame, , D26AD6D225E376CB20B961E88F06CF5B, 9AAC6E2F21D7F81DDACD20EC2A6F08AA6691328296D7E9946047F57A33CE8E1E
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

Attached Files


  • 0

#15
DR M
Posted 11 December 2023 - 10:14 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,126 posts

Again, the log indicates:

 

Running from C:\Users\ChadClough\Downloads\FRST64.exe
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
 
Can you please sign in with your other account and attach new logs? After that, we will check your profile issue. 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP