My son tried to use the computer for a streaming service for sports. Yay!
We were getting pop-ups from "mcafee" about a trojan virus. I went into the settings and disabled the popups but I want to clean everything out.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-12-2023
Ran by ChadClough (administrator) on SPF-SURFLAP-02 (Microsoft Corporation Surface Laptop) (03-12-2023 14:45:34)
Running from C:\Users\ChadClough\Downloads\FRST64.exe
Loaded Profiles: False <==== ATTENTION (Temporary Profile?)
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\23.226.1031.0003\Microsoft.SharePoint.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe [835680 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [Microsoft Edge Update] => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-10-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Run: [MicrosoftEdgeAutoLaunch_F41116DA4D5A8E07261DEDFA84F00E92] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {22157D82-0232-49AC-A44D-12632831B39D} - System32\Tasks\GeoComply Service Check => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\PlayerLocationCheckTask.cmd [1642 2023-05-04] () [File not signed] ->
Task: {31D5F0DC-229F-4BAD-8E29-6C923F13F713} - System32\Tasks\GeoComply Update Task => C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Update\GeoComplyUpdate.exe [4780704 2023-05-04] (GeoComply Solutions Inc. -> GeoComply) -> /config=C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Update\GeoComplyUpdate.xml
Task: {9DAF5495-01DD-47ED-A9FA-2B05FD5EBA25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {684DF2A7-3B26-4625-830C-BB6AF1F654EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-23] (Google Inc -> Google Inc.)
Task: {08DA88DF-745D-4163-8EC8-885A6741441B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {796F4F32-79D6-4064-8726-AA345C6B0D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {68C166D9-3452-4A69-98BB-44577747D5BC} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {93FD2A37-E792-4074-819A-80DAC8E5D1BE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {94E82032-6BCC-4D44-9C4C-36A7B99DBAA9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {3F359453-7FD0-4773-A094-29C608E19C70} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DEDBB65B-56BF-40DA-9A14-74FA2386D95F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {F179CF83-817B-49B2-A351-D53C4767A169} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E7FD6170-FBAC-4B74-9BAE-55D3AD79BB19} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {90D7FFB9-3C91-4D1F-AAD8-64966471E06F} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {E5E67958-8947-40DC-B118-3490751D26D8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {1D3AA9F1-85A6-48D4-90B0-4CC311992B85} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {88F87BA4-19A7-4C4D-A11D-D9E8D1935DCE} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [468992 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {DFA11800-DBFF-4F92-A1F5-0FEBFF6FF8D4} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
Task: {24BFF3C2-1A2E-4974-9789-8DEAF77EBC82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F360C233-8175-483A-B355-4C49A318AC7E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {70F7CD3A-659E-4E76-BDC9-FE15599C1980} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD7CD73E-3769-4F13-8BE0-C8CF19C85C7F} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685Core{5641AC22-3E9E-482F-A78E-AC767BE88448} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {744A508A-0840-4EDF-B6C0-D471D0431BAC} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-12-1-379402305-1282805949-553899156-2530637685UA{B9FD4C39-41C2-4FAB-A642-FEF8BAEFF810} => C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE6A481-7A98-4D13-A04D-18817F56F559} - System32\Tasks\S-1-5-21-3251423693-4260676575-3805690949-1001\EnterpriseMgmt\5DAF47F7-B4B9-407C-9E92-2086FA5A68C0\Login Schedule created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [472576 2023-10-19] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{ad987e25-2c98-42dc-b13d-177e7d5cb4bf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bc739b88-c39c-46f8-9e2a-0aaa86f4f8a5}: [DhcpNameServer] 208.67.222.222 208.67.220.220
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-03]
Edge Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-26]
Edge Extension: (Edge relevant text changes) - C:\Users\ChadClough\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-14]
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default [2023-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-06]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-04-16]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-12-03]
CHR Notifications: Profile 1 -> hxxps://www.draftkings.com
CHR Extension: (DuckDuckGo) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2023-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2023-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10 [2023-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-05]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
CHR Extension: (GoGuardian) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2023-07-12] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (GoGuardian License) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\omhaleedeaclhfacmpbpmmlclpfcjnlk [2021-04-16] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-06-01]
CHR Notifications: Profile 3 -> hxxps://meet.google.com
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-10]
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9 [2023-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-18]
CHR Extension: (GoGuardian) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\haldlgldplgnggkjaafhelgiaglafanh [2023-10-02] [UpdateUrl:hxxps://ext.goguardian.com/stable.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-08-24]
CHR Extension: (GoGuardian License) - C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\omhaleedeaclhfacmpbpmmlclpfcjnlk [2022-08-24] [UpdateUrl:hxxp://goguardian.com/licenses/update.php] <==== ATTENTION
CHR Profile: C:\Users\ChadClough\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SurfaceExperienceService-61.23090.124; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-10-02] (Microsoft Corporation -> Microsoft)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 Intersil290XXHID; C:\WINDOWS\System32\drivers\Intersil290XXHID.sys [57224 2017-06-16] (WDKTestCert satertza,131307991872382624 -> Intersil Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-12] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-03 14:45 - 2023-12-03 14:47 - 000021687 _____ C:\Users\ChadClough\Downloads\FRST.txt
2023-12-03 14:45 - 2023-12-03 14:45 - 000000000 ____D C:\Users\ChadClough\Downloads\FRST-OlderVersion
2023-12-03 14:44 - 2023-12-03 14:46 - 000000000 ____D C:\FRST
2023-12-03 14:43 - 2023-12-03 14:45 - 002384384 _____ (Farbar) C:\Users\ChadClough\Downloads\FRST64.exe
2023-12-03 14:24 - 2023-12-03 14:24 - 000000000 ___HD C:\$WinREAgent
2023-11-29 08:42 - 2023-11-29 08:42 - 000046685 _____ C:\Users\ChadClough\Downloads\LAA Basketball Rules (1).pdf
2023-11-12 11:43 - 2023-11-12 11:43 - 000626982 _____ C:\Users\ChadClough\Downloads\105546 (3).xlsx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-03 14:44 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-03 14:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-03 14:36 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-03 14:23 - 2022-11-14 16:22 - 000000000 ___RD C:\Users\ChadClough\OneDrive - St. Paul's Lutheran
2023-12-03 14:23 - 2020-08-30 18:49 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-03 14:19 - 2021-12-19 02:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-03 14:19 - 2018-08-23 17:08 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-03 14:15 - 2020-08-30 18:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-03 14:15 - 2020-08-30 18:40 - 000008192 ___SH C:\DumpStack.log.tmp
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-03 14:15 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-03 14:15 - 2019-12-07 03:03 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2023-12-03 14:15 - 2018-09-27 06:51 - 000041448 _____ C:\WINDOWS\system32\OV9734_FRONT.aiqd
2023-12-03 14:12 - 2020-08-30 18:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-01 16:26 - 2023-03-20 07:25 - 000003328 _____ C:\WINDOWS\system32\Tasks\GeoComply Service Check
2023-12-01 13:44 - 2018-08-23 17:08 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-30 18:09 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-11-30 12:00 - 2020-07-29 18:13 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-11-29 13:45 - 2020-08-30 18:52 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-11-29 13:45 - 2020-08-30 18:52 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-11-20 07:28 - 2021-12-13 07:21 - 000003608 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:52 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-12-1-379402305-1282805949-553899156-2530637685
2023-11-20 07:28 - 2020-08-30 18:41 - 000002416 _____ C:\Users\ChadClough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-12 12:00 - 2018-08-22 22:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-11-06 17:58 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2023
Ran by ChadClough (03-12-2023 14:49:17)
Running from C:\Users\ChadClough\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3570 (X64) (2020-08-31 00:52:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3251423693-4260676575-3805690949-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3251423693-4260676575-3805690949-503 - Limited - Disabled)
Guest (S-1-5-21-3251423693-4260676575-3805690949-501 - Limited - Disabled)
stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau
WDAGUtilityAccount (S-1-5-21-3251423693-4260676575-3805690949-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 119.0.6045.200 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\OneDriveSetup.exe) (Version: 23.226.1031.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{2953E19B-9F91-4A49-A23B-7E25970A1951}) (Version: 3.73.0.0 - Microsoft Corporation)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
RingCentral Meetings (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
Zoom (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_149.1.1056.0_x64__v10z8vjag6ke6 [2023-09-12] (HP Inc.)
LEGO Education SPIKE -> C:\Program Files\WindowsApps\LEGOEducation.SPIKELEGOEducation_2.0.10.0_x64__by3p0hsm2jzfy [2023-02-03] (LEGO Education)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.16827.20166.0_x86__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-31] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-06-14] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.10160.0_x64__8wekyb3d8bbwe [2023-10-23] (Microsoft Studios) [MS Ad]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe [2023-10-03] (Microsoft Corporation)
Toshiba Print Experience -> C:\Program Files\WindowsApps\TOSHIBATEC.ToshibaPrintExperience_10.70.3989.68_x86__8ck45jgtf9y1t [2023-03-01] (Toshiba Tec Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{04271989-C4D2-0029-05B3-BC25C3BC39B8} -> [OneDrive - St. Paul's Lutheran] => C:\Users\ChadClough\OneDrive - St. Paul's Lutheran [2022-11-14 16:22]
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{2EF7E390-2F7C-4F9A-9B7D-4A87B56B711D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.51\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{38971E90-14FD-44F6-AA45-1447B653F873}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.45\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{608D599A-DCA6-4A7C-BED7-AFCD8465345A}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{64C6EFB9-8F79-4106-B975-067448DC768F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.177.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{7C9A348D-C321-47AC-904F-150312A5430F}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.175.27\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{B29F5F83-90DF-479A-BDE7-8A9F4412E394}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E8791438-3525-48BF-A600-C577AD1674C2}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.49\psuser_64.dll => No File
CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{F1CBF5EB-347F-4E4C-90AC-E43339FC34EC}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.173.55\psuser_64.dll => No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Chad (Mr. Clough) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Kayla - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\ChadClough\Desktop\Will (Will Cash Money) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\ChadClough\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c8ad4c51c070a52f\GoGuardian.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=haldlgldplgnggkjaafhelgiaglafanh
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 07:46 - 2017-09-29 07:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{F4AF4BF4-6404-4C7F-987A-A6971BDDFBA3}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{962F00B5-A61D-4026-BCAA-0C6716938EDA}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{84F7B634-44BB-4BCF-A30D-2BC2CA7F42AD}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{AC4E30B7-DACA-4BE4-8204-761A4F526CEF}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E93C769E-5097-4C06-BC80-F5D38379F0CC}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{2E1414C1-1CF0-475A-9D46-C6D2B8CD9523}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [TCP Query User{7DC159DE-5B6F-461C-82F3-DE5FF933D2E2}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [UDP Query User{C7A76A08-DD9F-47CC-BCDA-D48950FDF7B3}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{38CCCB62-C0DB-4281-BDC6-32C5D4714569}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{3B31C1DA-5717-4D29-B2EC-E20685E1075D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{24B4E4F2-1C61-469A-B4BB-2D0660B3225A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2D66E104-9BFA-466E-95EF-53BFC437E1E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.101.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{26922A9C-4239-4038-861D-DF70239C09B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16827.20166.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0B60C575-4318-403F-8759-CC8C61BC6118}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1004200-093C-42DA-90EE-1AA24BC5A730}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1FBDCEC-816C-4EA6-8D0E-C8B54C86D3CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3DD36FCB-12DA-4FAD-BA0E-14E79293979E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDB5AFE4-09E0-4CD8-92D1-45C200C4010B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{766CC420-2C65-443E-B791-DCD0F8846EB8}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.91 GB) (Free:59.09 GB) (50%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 02:15:42 PM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (12/03/2023 02:15:42 PM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1
Error: (11/27/2023 02:31:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.3570 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b48
Start Time: 01da02c872fbe1ab
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 8f77d9df-8e51-4fae-a764-5045a2e0ecc3
Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
Error: (11/20/2023 07:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OneDrive.exe, version: 23.221.1024.2, time stamp: 0x22e834bf
Faulting module name: ntdll.dll, version: 10.0.19041.3570, time stamp: 0x3be1c500
Exception code: 0xc0000409
Fault offset: 0x00000000000a2350
Faulting process id: 0x2578
Faulting application start time: 0x01da158fe509189b
Faulting application path: C:\Users\ChadClough\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 46303b07-fd55-4b36-b3ec-53d598e59398
Faulting package full name:
Faulting package-relative application ID:
Error: (10/19/2023 07:54:09 AM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1
System errors:
=============
Error: (12/03/2023 02:15:05 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (12/03/2023 02:14:42 PM) (Source: DCOM) (EventID: 10010) (User: AzureAD)
Description: The server {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} did not register with DCOM within the required timeout.
Error: (12/03/2023 02:12:32 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (12/02/2023 07:37:06 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (12/02/2023 12:26:18 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
Error: (12/01/2023 09:24:16 PM) (Source: SurfaceAcpiNotify) (EventID: 17408) (User: )
Description: RQST(1, 28, 0) error: 6
Error: (12/01/2023 09:24:16 PM) (Source: SurfaceSerialHubDriver) (EventID: 15) (User: )
Description: Surface Serial Hub Driver get response timeout, CanceledID = 40096, TargetCategory = SAM, CommandID = 28.
Error: (12/01/2023 09:24:12 PM) (Source: SurfaceSerialHubDriver) (EventID: 13) (User: )
Description: Surface Serial Hub Driver spurious Ack found, Sequence Number = 110.
Windows Defender:
================
Date: 2023-10-03 07:51:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2023-12-03 14:20:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-03 14:20:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-03 14:20:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2023-12-03 14:19:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out
Date: 2023-12-03 14:19:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.1232.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80072ee2
Error description: The operation timed out
CodeIntegrity:
===============
Date: 2022-03-15 11:06:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\64ih8682.inf_amd64_9e8d740de7ce5aee\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Microsoft Corporation 138.3732.768 04.20.2021
Motherboard: Microsoft Corporation Surface Laptop
Processor: Intel® Core i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 8109.11 MB
Available physical RAM: 3054.82 MB
Total Virtual: 9773.11 MB
Available Virtual: 4253.02 MB
==================== Drives ================================
Drive c: (Local Disk) (Fixed) (Total:117.91 GB) (Free:59.08 GB) (Model: THNSN0128GTYA TOSHIBA) (Protected) NTFS
\\?\Volume{d610b4fa-0d6d-4c71-95b3-bafad241d102}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.31 GB) NTFS
\\?\Volume{2c73e5b8-ba32-4fc1-86c6-7298b8ffd405}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 3360B8F4)
Partition: GPT.
==================== End of Addition.txt =======================