Computer Invaded By The Greeks

Microsoft Defender has reported that it has discovered a Trojan on my laptop PC. It says the threat level is severe.

I do not understand why this happened. At the time Defender announced its discovery I was not connected to the Internet. Well, maybe I was because the PC automatically connects via a Wi-Fi router and my router was switched on. However, I did not have my web browser open. I was typing a Word document.

I did not allow Defender to take any measures against the malware. I simply closed down the PC and have not switched it on since.

I would like you to advise what steps to take for us to discover whether some malware has infected the machine, the actual level of threat, if there is any, and what steps we take to deal with the malware if there really is some.

I am quite annoyed by this as it’s the laptop PC we cleaned up not so long ago and since that I’ve hardly used it.

 

Thank you for welcoming me back to the Malware Forum. Understandably, I'd rather not be back.

As per your request in the following four posts I have pasted (or, rather, will attempt, to do so) the following requested items in the order listed below:

• FRST.txt
• Addition.txt
• WDHistory.txt
• Fixlog.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2024 01
Ran by Mark (administrator) on LAPTOP-UB40L2H8 (Acer Aspire A315-21) (29-01-2024 15:43:06)
Running from C:\Users\markc\Desktop\FRST64.exe
Loaded Profiles: Mark
Platform: Microsoft Windows 10 Home Version 22H2 19045.3803 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2302.13003.0_x64__8wekyb3d8bbwe\MicrosoftSecurityApp\MicrosoftSecurityApp.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\Microsoft.SharePoint.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0334382.inf_amd64_385141a145af07f6\B333866\atiesrxx.exe
(services.exe ->) (Glarysoft Ltd -> Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2020-03-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [999568 2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
BootExecute: autocheck autochk *
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F481EF-53FD-42BE-AECC-5089FAAF9F3B} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2920240 2018-08-13] (Acer Incorporated -> )
Task: {ACFDBF5E-CEB6-4723-B939-ACCC0ED9C6AF} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41264 2018-08-13] (Acer Incorporated -> )
Task: {544A6679-5990-4569-B4B6-CF40D7D14CE9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4761392 2018-08-13] (Acer Incorporated -> )
Task: {984D08AB-828C-4776-BEA3-9ABB1336DD56} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {C2D558A6-7240-4DC3-8042-E42F38AA8987} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E1D25BE6-59F7-416E-BEDF-1AD37EB420BB} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "0afb1842-463a-44aa-a71f-e0d867b0628f" --version "6.19.10858" --silent
Task: {949EA3A1-7B5B-4F28-BB03-104E5B5D1563} - System32\Tasks\CCleanerSkipUAC - Mark => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {E01103B4-9A9E-4C14-A399-4A5D65EB2998} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5550856 2023-12-14] (Microsoft Windows -> Microsoft Corporation)
Task: {35B23C02-F4FF-4423-BB10-57E1A5252933} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {54B295B8-93A4-4404-A528-DEB6600F3B07} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {3647BA8E-DEED-437F-BBA9-65E98B5CBE5D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425808 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {50970A30-F4D3-4761-8B53-C76B345275D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425808 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2864BCE-F567-457E-9370-68DBAF306097} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305600 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F466D872-2F5D-492C-B822-0591731ADB50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305600 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {026A786B-3B21-4843-8702-E99E9270F435} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EB41653-A6B0-4CB5-9452-396AFAA8EA9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71D0F58A-CC7C-4F0A-8F39-17BF4CFC1BD7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0A055FC1-3EB8-4DB2-B5A7-5796C600EBFD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B15797B4-60D6-402A-B827-4C2D93532797} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3E7C447-D1C0-43DF-8771-00423CA07029} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [31648 2024-01-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {15EAB090-62E1-4222-AA56-945662718BC7} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
Task: {8A7BB4CF-E2B2-4A0B-A86D-B8F6A26FC83D} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {2BC3CCD4-FC84-40E2-93DA-D2A648FDBC6A} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {88083691-DBD9-4949-83C4-660E08B3C3A1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E73E04BE-6C75-48AD-BC82-B6C5293F606C} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2097827235-3593066060-2260584895-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {91F247FA-3E94-4B3B-8D90-57CD086D55B9} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2097827235-3593066060-2260584895-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {E89ADB02-4A31-482F-97AE-3907EBC3E66D} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {54F54641-7663-48C6-A096-B4AC4CBFA950} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {74747C9B-0EEC-4CB9-AC4E-AF7798FBB004} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {B638BC45-B114-48C5-A5E7-54E79842AE83} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F6A42D38-C0E2-4DC1-B88E-6CC475153967} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8348F77D-BB75-40D5-8D03-368D41242430} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2018-09-13] (Acer Incorporated -> Acer Incorporated)
Task: {A6DE4EAF-AB2E-4B09-94C7-BB4269A50878} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2018-09-13] (Acer Incorporated -> Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}: [DhcpNameServer] 79.79.79.77 79.79.79.78
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}: [DhcpDomain] domain.name
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\4505D2C496E6B6F563633483: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\C4B4A4847464: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\C4B4A4847464: [DhcpDomain] Belkin
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\D6164686F6573756027657563747: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{d943e5d6-17a4-42f6-98ca-95b427265353}\D6164686F6573756027657563747: [DhcpDomain] cable.virginm.net

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\markc\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ou0y3l42.default
FF ProfilePath: C:\Users\markc\AppData\Roaming\TomTom\HOME\Profiles\nbb18zhm.default [2021-04-21]
FF ProfilePath: C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default [2024-01-29]
FF user.js: detected! => C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\user.js [2022-12-11]
FF DownloadDir: C:\Users\markc\Desktop
FF Homepage: Mozilla\Firefox\Profiles\ou0y3l42.default -> hxxps://www.google.co.uk/?gws_rd=ssl
FF Extension: (Activist – Balanced) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-18]
FF Extension: (Language: English (US)) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2024-01-13]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-19]
FF Extension: (Allow Right-Click) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2022-09-05]
FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-04-04] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\markc\AppData\Roaming\Mozilla\Firefox\Profiles\ou0y3l42.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2024-01-26]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2097827235-3593066060-2260584895-1001: @Tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2023-11-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [177392 2023-09-13] (RealDefense, LLC -> SUPERAntiSpyware.com)
S3 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [301872 2018-08-13] (Acer Incorporated -> Acer Incorporated)
S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082784 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777592 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
S3 GUBootService; C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe [888216 2023-11-20] (Glarysoft Ltd -> Glarysoft Ltd)
R2 GUMemfilesService; C:\Program Files (x86)\Glary Utilities\x64\MemfilesService.exe [427928 2023-12-22] (Glarysoft Ltd -> Glarysoft Ltd)
S3 GUPMService; C:\Program Files (x86)\Glary Utilities\GUPMService.exe [76696 2023-12-22] (Glarysoft Ltd -> Glarysoft Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-07] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-16] (Microsoft Corporation -> Microsoft Corporation)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [97792 2019-04-17] (TomTom) [File not signed]
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2018-09-17] (Acer Incorporated -> Acer Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [23568 2023-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [18160 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [15600 2023-08-25] (RealDefense, LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-29 15:43 - 2024-01-29 15:47 - 000024133 _____ C:\Users\markc\Desktop\FRST.txt
2024-01-29 15:41 - 2024-01-29 15:45 - 000000000 ____D C:\FRST
2024-01-29 15:40 - 2024-01-29 15:40 - 002389504 _____ (Farbar) C:\Users\markc\Desktop\FRST64.exe
2024-01-24 22:22 - 2024-01-24 22:22 - 000000000 ___HD C:\$WinREAgent
2024-01-16 23:36 - 2024-01-22 09:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-01-16 23:36 - 2024-01-16 23:36 - 000203629 _____ C:\Users\markc\Desktop\bookmarks.html
2024-01-07 12:31 - 2024-01-07 12:31 - 000284097 ____R C:\Users\markc\Downloads\FrRobertEloff-Invitation-1.pdf
2024-01-07 12:31 - 2024-01-07 12:31 - 000284097 ____R C:\Users\markc\Downloads\FrRobertEloff-Invitation.pdf
2024-01-05 15:27 - 2024-01-05 15:27 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-04 15:44 - 2024-01-04 15:44 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-01-04 15:32 - 2024-01-29 15:34 - 104071168 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-01-04 15:32 - 2024-01-28 00:30 - 020447232 _____ C:\WINDOWS\system32\config\SYSTEM
2024-01-04 15:32 - 2024-01-28 00:30 - 001310720 _____ C:\WINDOWS\system32\config\DEFAULT
2024-01-04 15:32 - 2024-01-04 15:32 - 000114688 _____ C:\WINDOWS\system32\config\SAM.gu
2024-01-04 15:32 - 2024-01-04 15:32 - 000036864 _____ C:\WINDOWS\system32\config\SECURITY.gu
2024-01-04 15:30 - 2023-12-22 07:57 - 000043928 _____ (Glarysoft Ltd) C:\WINDOWS\system32\RegBootDefrag.exe
2024-01-04 14:59 - 2024-01-04 15:01 - 000000000 ____D C:\KPRM
2023-12-31 18:59 - 2023-12-31 18:59 - 000003856 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-12-31 18:59 - 2023-12-31 18:59 - 000003414 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-12-31 09:37 - 2024-01-13 20:28 - 000000000 ____D C:\Users\markc\AppData\Local\ESET

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-29 15:42 - 2022-02-09 11:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-29 15:35 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-29 15:34 - 2023-12-22 22:21 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-29 15:34 - 2021-03-16 22:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-28 00:30 - 2020-06-13 11:27 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-01-28 00:30 - 2019-12-07 09:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2024-01-28 00:28 - 2023-11-11 22:25 - 000000000 ____D C:\Program Files (x86)\Glary Utilities
2024-01-28 00:28 - 2022-09-08 10:21 - 000000000 ____D C:\Users\markc\Documents\Outlook Files
2024-01-28 00:28 - 2020-06-15 00:37 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Word
2024-01-27 23:54 - 2020-06-16 16:52 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Excel
2024-01-27 00:46 - 2020-06-13 14:44 - 000000000 ____D C:\Program Files\CCleaner
2024-01-26 20:37 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Local\D3DSCache
2024-01-22 09:51 - 2018-12-14 16:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-01-16 23:56 - 2023-05-10 17:44 - 000000000 ____D C:\Users\markc\AppData\Local\Malwarebytes
2024-01-16 23:48 - 2020-06-13 14:32 - 000000000 ____D C:\ProgramData\TEMP
2024-01-16 23:47 - 2020-06-13 14:32 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2024-01-16 23:37 - 2018-12-14 16:28 - 000001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-14 01:54 - 2020-09-07 08:33 - 000000000 ____D C:\Users\markc\Documents\Ecclesiastical
2024-01-13 20:34 - 2020-06-13 12:51 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-07 14:12 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-07 13:38 - 2022-05-24 09:36 - 000000000 ____D C:\Users\markc\Documents\Catholicism
2024-01-06 22:05 - 2021-03-16 21:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-05 15:28 - 2022-12-11 17:59 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-05 15:28 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-01-04 15:32 - 2023-12-11 21:32 - 104857600 _____ C:\WINDOWS\system32\config\SOFTWARE.gu.bak
2024-01-04 15:32 - 2023-12-11 21:32 - 020447232 _____ C:\WINDOWS\system32\config\SYSTEM.gu.bak
2024-01-04 15:32 - 2022-10-13 17:50 - 000000000 ____D C:\Users\Sophie
2024-01-04 15:32 - 2021-08-06 14:26 - 000000000 ____D C:\Users\Jessica
2024-01-04 15:32 - 2021-03-16 21:49 - 000000000 ____D C:\Users\markc
2024-01-04 15:31 - 2023-04-17 17:51 - 001310720 _____ C:\WINDOWS\system32\config\DEFAULT.gu.bak
2024-01-04 15:05 - 2022-07-16 17:31 - 000000000 ____D C:\Users\markc\Documents\Anglicanism
2024-01-04 15:04 - 2023-05-19 01:39 - 000000000 ____D C:\Users\markc\Documents\Science
2024-01-03 14:32 - 2021-03-16 21:49 - 000000000 ____D C:\Users\markc\AppData\Roaming\Microsoft\Windows
2024-01-03 14:32 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Local\Packages
2024-01-03 14:32 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-03 12:42 - 2021-03-16 22:03 - 002380604 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-03 12:42 - 2021-03-16 20:16 - 000775316 _____ C:\WINDOWS\system32\perfh019.dat
2024-01-03 12:42 - 2021-03-16 20:16 - 000155646 _____ C:\WINDOWS\system32\perfc019.dat
2024-01-03 12:42 - 2021-03-16 20:07 - 000557124 _____ C:\WINDOWS\system32\perfh008.dat
2024-01-03 12:42 - 2021-03-16 20:07 - 000092892 _____ C:\WINDOWS\system32\perfc008.dat
2024-01-03 12:42 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-03 04:34 - 2020-06-13 15:01 - 000000000 ____D C:\Users\markc\AppData\Roaming\GlarySoft
2024-01-03 04:01 - 2020-06-13 12:10 - 000000000 ____D C:\Users\markc\AppData\Roaming\WildTangent
2024-01-03 03:59 - 2018-12-14 16:28 - 000000000 ____D C:\ProgramData\WildTangent
2024-01-02 22:25 - 2023-11-11 22:25 - 000001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities.lnk

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

The file Addition.txt is too large for its contents to be pasted in a post; therefore, I attach the file.

 

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 1
DetectionID : {348C373A-C9F1-4E51-AA3D-3A7F131FA275}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 28/01/2024 00:29:24
LastThreatStatusChangeTime : 28/01/2024 00:29:24
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime :
Resources : {file:_C:\Users\markc\AppData\Local\Mozilla\Firefox\Profiles\ou0y3l42.default\cache2\e
ntries\8C7299E7DC428E515FE18F7B53CA874CF36D4541}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 1
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 0
DetectionID : {01D3D02D-CF19-44E2-AD15-6E875F97F0B7}
DetectionSourceTypeID : 1
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 30/12/2023 00:59:55
LastThreatStatusChangeTime : 30/12/2023 00:59:55
ProcessName : Unknown
RemediationTime :
Resources : {containerfile:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to
other acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe->(nsis-6-?š€\OCSetupHlp.dll)}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 106
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 9
CurrentThreatExecutionStatusID : 1
DetectionID : {4C96AD0B-D72D-4233-B077-2F995DB67E5A}
DetectionSourceTypeID : 2
DomainUser : NT AUTHORITY\SYSTEM
InitialDetectionTime : 31/12/2023 09:22:33
LastThreatStatusChangeTime : 31/12/2023 12:56:39
ProcessName : C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
RemediationTime :
Resources : {containerfile:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to
other acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe,
file:_C:\Users\markc\Documents\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe->(nsis-6-?š€\OCSetupHlp.dll)}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 106
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {848665C3-79D5-4F96-B104-11D86446A6DB}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 17/10/2022 20:41:19
LastThreatStatusChangeTime : 18/10/2022 15:19:38
ProcessName : C:\Windows\explorer.exe
RemediationTime : 18/10/2022 15:19:38
Resources : {file:_D:\Everything_On_External_Hard_Drive\Send to other
acer\Old_Acer_Downloads\driverfusionsetup.exe}
ThreatID : 311936
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {E0DF3C00-5F4E-46A7-A823-EBA38D933160}
DetectionSourceTypeID : 3
DomainUser :
InitialDetectionTime : 28/01/2024 00:29:24
LastThreatStatusChangeTime : 29/01/2024 15:41:20
ProcessName : C:\Program Files (x86)\Glary Utilities\Integrator.exe
RemediationTime : 29/01/2024 15:41:20
Resources : {file:_C:\Users\markc\AppData\Local\Mozilla\Firefox\Profiles\ou0y3l42.default\cache2\e
ntries\8C7299E7DC428E515FE18F7B53CA874CF36D4541}
ThreatID : 2147888341
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :

ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23110.3
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {00E1339E-B587-4EE5-82FD-60B804EB8A3D}
DetectionSourceTypeID : 3
DomainUser : LAPTOP-UB40L2H8\Mark
InitialDetectionTime : 09/11/2021 11:16:53
LastThreatStatusChangeTime : 09/11/2021 11:19:02
ProcessName : C:\Windows\explorer.exe
RemediationTime : 09/11/2021 11:19:02
Resources : {file:_C:\Program Files (x86)\Glary Utilities 5\Integrator.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5\Glary
Utilities 5.lnk, file:_C:\WINDOWS\System32\Tasks\GU5SkipUAC->(UTF-16LE)...}
ThreatID : 240849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by Mark (29-01-2024 15:57:10) Run:1
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark & Jessica
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Powershell: Get-MpThreatDetection | Out-File "C:\Users\CurrentUserName\Desktop\WDHistory.txt"
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.

========= Get-MpThreatDetection | Out-File "C:\Users\markc\Desktop\WDHistory.txt" =========


========= End of Powershell: =========



The system needed a reboot.

==== End of Fixlog 15:59:01 ====

 

I’m not well today and have had to phone in work sick not making me Mr Popular. So I’ve had the time to carry out your second set of advice but have not done so because I don’t feel like doing it.

I would like, though, to ask if this laptop PC is showing signs of malware infection. I will have to go into work tomorrow, come what may, and I really could make use of this laptop PC tomorrow. Is it safe to use?

 

I, too, would prefer to complete the step you posted. I do not come on here, ask for advice and then reject it.

I was happy to be told that the PC is probably safe to use.

I want the PC safe and any issues resolved; therefore, I have completed the step you posted. In the next two posts I post, in the order listed below, the following:

• Fixlog.txt.
• Search.txt

Thank you for the continued sport.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by Mark (30-01-2024 21:43:53) Run:2
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark & Jessica
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Task: {35B23C02-F4FF-4423-BB10-57E1A5252933} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {54B295B8-93A4-4404-A528-DEB6600F3B07} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {35B23C02-F4FF-4423-BB10-57E1A5252933} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {54B295B8-93A4-4404-A528-DEB6600F3B07} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\markc\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
App Explorer (HKU\S-1-5-21-2097827235-3593066060-2260584895-1002\...\Host App Service) (Version: 0.273.4.565 - SweetLabs) <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]
C:\Users\markc\AppData\Local\Mozilla\Firefox\Profiles\ou0y3l42.default\cache2\entries\*.*
SearchScopes: HKU\S-1-5-21-2097827235-3593066060-2260584895-1001 -> DefaultScope {BC22F604-93EC-4764-A876-961E9A138133} URL =
SearchScopes: HKU\S-1-5-21-2097827235-3593066060-2260584895-1001 -> {BC22F604-93EC-4764-A876-961E9A138133} URL =
Powershell: Get-MpComputerStatus
Emptytemp:
End::
*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35B23C02-F4FF-4423-BB10-57E1A5252933}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35B23C02-F4FF-4423-BB10-57E1A5252933}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54B295B8-93A4-4404-A528-DEB6600F3B07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54B295B8-93A4-4404-A528-DEB6600F3B07}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35B23C02-F4FF-4423-BB10-57E1A5252933}" => not found
"C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54B295B8-93A4-4404-A528-DEB6600F3B07}" => not found
"C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\MRT => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
App Explorer (HKU\S-1-5-21-2097827235-3593066060-2260584895-1002\...\Host App Service) (Version: 0.273.4.565 - SweetLabs) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully

=========== "C:\Users\markc\AppData\Local\Mozilla\Firefox\Profiles\ou0y3l42.default\cache2\entries\*.*" ==========

not found

========= End -> "C:\Users\markc\AppData\Local\Mozilla\Firefox\Profiles\ou0y3l42.default\cache2\entries\*.*" ========

"HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2097827235-3593066060-2260584895-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC22F604-93EC-4764-A876-961E9A138133} => removed successfully

========= Get-MpComputerStatus =========



AMEngineVersion : 1.1.23110.2
AMProductVersion : 4.18.23110.3
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.23110.3
AntispywareEnabled : True
AntispywareSignatureAge : 14
AntispywareSignatureLastUpdated : 16/01/2024 16:10:34
AntispywareSignatureVersion : 1.403.2252.0
AntivirusEnabled : True
AntivirusSignatureAge : 14
AntivirusSignatureLastUpdated : 16/01/2024 16:10:33
AntivirusSignatureVersion : 1.403.2252.0
BehaviorMonitorEnabled : True
ComputerID : 49682C15-ED39-4040-9B62-F3DC66BE995B
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 26/03/2023 22:35:40
DeviceControlState : Disabled
FullScanAge : 32
FullScanEndTime : 30/12/2023 00:59:58
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion : 1.403.1331.0
FullScanStartTime : 29/12/2023 20:37:30
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 1
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.23110.2
NISSignatureAge : 14
NISSignatureLastUpdated : 16/01/2024 16:10:33
NISSignatureVersion : 1.403.2252.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 25
QuickScanEndTime : 05/01/2024 17:08:54
QuickScanOverdue : False
QuickScanSignatureVersion : 1.403.1643.0
QuickScanStartTime : 05/01/2024 17:05:13
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :




========= End of Powershell: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10545977 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 4308627 B
Edge => 0 B
Firefox => 35787407 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
markc => 11170928 B
Jessica => 11170928 B
Sophie => 11170928 B

RecycleBin => 27681064 B
EmptyTemp: => 106.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:46:18 ====

 

The Search.txt is too long to paste in a post. Therefore, I attach the Notepad file.

 

As far as I can tell the Search.txt file has not attached to post 13; however, I received no error message. Therefore, I am try to attach it to this post.

 

I am confused. It looks like Search.txt has been attached twice to post 14.

I hope you have the information that you require and can make sense of it.

Thank you!

 

Fixlog pasted in next post as requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by Mark (31-01-2024 11:47:06) Run:3
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
C:\Users\Sophie\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\SweetLabs_Pokki_4efc125e5bdfe64bf86cc73a85a9d56ebf10231c
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\SweetLabs_Pokki_4efc125e5bdfe64bf86cc73a85a9d56ebf10231c
End::
*****************

C:\Users\Sophie\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\SweetLabs_Pokki_4efc125e5bdfe64bf86cc73a85a9d56ebf10231c => moved successfully
C:\Users\Jessica\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\SweetLabs_Pokki_4efc125e5bdfe64bf86cc73a85a9d56ebf10231c => moved successfully

==== End of Fixlog 11:47:07 ====

 

Thank you for your help.

I do have one question: What was the problem with the computer that you've resolved for me?

 

Thank you, Oh My! Much appreciated.

I'd be happy for you to post some clean up instructions, etc. To save your time if they're the same as in previous help just tell me and I can do them. It'll save you having to provide them all again.

If they will be different, please provide them.

 

Thank you, I'll do that.

Thank you very much for your help.

 

I went to Microsoft Defender on the PC today so as to update virus and threat protection. I have to do it manually as it no longer does it automatically.

I noticed it still mentions the Trojan:HTML/Phish!pz and recommends dealing with it. Should I let Defender clean it as it wants to or just ignore it?

 

May I please clarify? Do I let Windows Defender clean it and then use the Farbar Service Scanner.

Alternatively, do I only use the Farbar Service Scanner and that will get Windows Defender to clean it?

Thanks!

 

I have carried out both steps. In my next post I will paste the contentx of the FSS.txt.

I ran Windows Defender first. Computers do nothing but continue to confuse me more and more. When I opened Defender the threat was there and I clicked on the options to fix it. A Quick Scan then began. It stopped at one point and listed the same threat. I clicked on the option to deal with it and the Quick Scan continued. At the end of the scan it reported there were no problems. This surprised me. As it had claimed the threat was 'Severe' I would have expected to be told that it had been quarantined rather than the scan found no issues.

I still have to manually update Windows Defender. I also have to manually update Windows. My desktop PC (my other computer) updates Windows Defender daily. However, this one we're working on hasn't automaticlly updated Windows Defender for a long time. Windows Updates shows me when there are updates available for Windows. However, they always fail. I then go the Microsoft Update Catalog, download the update based on the KB number of the update and then manually install it.

 

Farbar Service Scanner Version: 30-04-2023
Ran by Mark (administrator) on 01-02-2024 at 18:35:27
Running from "C:\Users\markc\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============


Firewall Disabled Policy:
==================


System Restore:
============


System Restore Policy:
========================


Windows Security:
============


Windows Update:
============


Windows Autoupdate Disabled Policy:
============================
ATTENTION!=====> policy restriction on WindowsUpdate: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate


Windows Defender:
==============


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Was the Farbar Service Scanner report OK, no problems?

Is there anything else I need to do?

Could my Windows Defender problem be the fact the computer in question is a Windows 10 PC? I believe Microsoft don't support that version so much now.

 

I have a problem.

I went to do the scan you request I do in the previous post.

I found I no longer have FRST64 on my PC. Therefore, I went to a previous post in this thread to click on the download link you posted for FRST64. It downloaded two files on to my desktop but not what seems to be FRST64. I also received a message on the download I have never previously encountered: This file is not commonly downloaded. I attach a screen print of that message for you to see.

I do not know why that happened. However, I went to Bleeping Computer's site, searched for Farbar Recovery Scan Tool in their search box. The same thing happened: the same two files downloaded and I got the same message as previously about this file not being commonly downloaded.

The files that did download are called:

• FRST64.exe
• FRST64.h31zlbx.exe.part

The icon for FRST64.exe does not look like the icon previously did when I've downloaded it previously.

EDIT: After posting the above, signing out of Majorgeeks and then closing my broswer the two files I listed above were no longer on my desktop. They'd gone to the Recycle Bin but I didn't send them there.

I think the Gremlins are back. This PC is behaving weirdly.

I'm completely confused.

 

I suspect the problem may not be mine but BleepingComputer.

I went to download FRST64 to my other PC, the newish desktop that's working fine. However, I had exactly the same issue in attempting to download FRST64.

 

Thank you for the ongoing support. I do appreciate it.

I've deleted partial files and have successfully downloaded FRST64 from BleepingComputer.

I ran the fix you requested and I have pasted the Fixlog in my following post.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.02.2024
Ran by Mark (09-02-2024 23:32:56) Run:1
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Powershell: Set-MpPreference -EnableControlledFolderAccess Disabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $true
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log
Unlock: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
Powershell: Set-MpPreference -EnableControlledFolderAccess Enabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false
End::
*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DeferUpgrade"="1"
"DeferUpgradePeriod"="1"
"DeferUpdatePeriod"="0"
"ExcludeWUDriversInQualityUpdate"="1"

=== End of ExportKey ===

========= Set-MpPreference -EnableControlledFolderAccess Disabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $true =========


========= End of Powershell: =========

Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" => Scheduled to move on reboot.
"C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log" => could not be unlocked
Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" => Scheduled to move on reboot.

========= Set-MpPreference -EnableControlledFolderAccess Enabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $false =========


========= End of Powershell: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 09-02-2024 23:37:15)

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log => Could not move
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log => Could not move
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log => Could not move
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db => Could not move

==== End of Fixlog 23:37:16 ====

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.02.2024
Ran by Mark (10-02-2024 23:45:02) Run:2
Running from C:\Users\markc\Desktop
Loaded Profiles: Mark
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
Folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
End::
*****************


========================= Folder: C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service ========================

2021-11-09 11:16 - 2024-02-10 23:37 - 000000002 ____A [F3B25701FE362EC84616A93A45CE9998] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log
2020-07-06 14:26 - 2024-02-10 18:37 - 000000230 ____A [5BE62ACDC2ED614182BC2DC313C20C69] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
2021-03-17 07:50 - 2024-02-09 23:34 - 000006222 ____A [AE23C6529D456B0BC105BCA672F40287] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
2021-11-09 11:16 - 2024-02-10 12:29 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory
2024-02-03 21:41 - 2024-02-09 13:23 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00
2024-02-03 21:41 - 2024-02-03 21:41 - 000002504 ____A [6B7A2D1CF237947D413F1BE64F8B2022] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\73A54A2E-6529-46DB-A6A8-8BCFBF91DB3B
2024-02-09 13:23 - 2024-02-10 13:27 - 000002544 ____A [EE415D55A53A87AB17BACEE0A04E3B6C] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\A0662D4D-7AEE-4A7E-AE16-1E71CE5F8756
2024-02-09 23:18 - 2024-02-10 23:37 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01
2024-02-09 23:18 - 2024-02-09 23:18 - 000002504 ____A [379E0C6E9ACA6A3B88A4AB02C6F4E380] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B374333D-3E50-44F1-8709-7CFC1C9398B4
2024-02-10 23:37 - 2024-02-10 23:37 - 000002544 ____A [F7F20D45145C37E752379557E078ADB6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B5DCD6DA-FF4C-462C-83F9-D7E1E3350293
2023-12-27 04:24 - 2024-02-09 13:41 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02
2024-02-09 13:41 - 2024-02-10 13:44 - 000002544 ____A [DCED61A351D1E9F5900A6AE756B1D7A6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\B2E476CC-9C50-428F-B5E6-61171C12D00C
2024-02-09 12:04 - 2024-02-10 12:29 - 000002544 ____A [F05068727B0C5752AE4EA6888A9DA978] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\C381513C-A0E3-45C2-AF02-27FD89F86C0A
2024-02-10 12:29 - 2024-02-10 12:29 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03
2024-02-10 12:29 - 2024-02-10 12:29 - 000002504 ____A [7AC126FDAB07A31F37FB43BB1BB4FC06] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\CE442367-AE10-401C-B212-0D88B39AF456
2021-11-09 11:16 - 2024-02-09 23:18 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04
2021-11-09 11:16 - 2021-11-10 18:11 - 000018120 ____A [D8C79E363B0D18E681F862955CD4CBA7] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\00E1339E-B587-4EE5-82FD-60B804EB8A3D
2024-02-09 23:18 - 2024-02-10 23:37 - 000002544 ____A [F58ABAE99BD39DBC1065FD0AC041342B] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\8BC2B5C1-3E7D-4FEA-BD43-9BC4550A5989
2024-01-29 16:02 - 2024-02-10 23:37 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05
2024-01-30 21:49 - 2024-02-01 12:39 - 000002544 ____A [00B1F6FFD41077ED2D70728147B07871] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\B77DBC21-9159-4656-AD1D-467673AE18FF
2024-02-10 23:37 - 2024-02-10 23:37 - 000002544 ____A [01407BD47815DA1378EF188C8BF2DBCC] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\C2B62483-4CA3-4725-9ACF-C490C747DA1B
2024-01-29 16:02 - 2024-01-30 21:36 - 000002544 ____A [65DF031BF99E49C9C96CAB7680917890] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\F0A1C5DB-F89A-44D2-962F-60FD26B0EEC2
2024-02-01 17:27 - 2024-02-09 23:36 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06
2024-02-09 13:23 - 2024-02-10 13:27 - 000002544 ____A [64DB8ACAD5E052A68A8756B6568CD195] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\03D5F560-186D-4B95-9C73-03320F83DCA5
2024-02-09 13:07 - 2024-02-10 13:27 - 000002544 ____A [A685EB5BDD6176BA4590807B4FB2C3AE] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\7DBD36C2-C7ED-4052-B0B5-65E696632B0B
2024-02-09 23:36 - 2024-02-09 23:36 - 000002504 ____A [231887DA81B48CA5A47A362511221FE3] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\9E7981C7-5D4C-49DE-9BE1-21FC54D7BB80
2024-02-01 17:27 - 2024-02-03 21:41 - 000002544 ____A [A74FB0C2709C84519A9FA4CA7B10E1B8] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\DF18A31D-3E4F-49E5-AC58-65D89C8215AF
2024-02-09 13:23 - 2024-02-10 13:27 - 000002544 ____A [02B9D5B177FE04C836A9C3547AC46BED] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\F07477DF-5057-478C-910C-5BFE90DFADF0
2024-02-09 13:29 - 2024-02-10 12:29 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07
2024-02-09 13:40 - 2024-02-10 13:44 - 000002544 ____A [569AA9BF37A9829D685B4C47D52E8169] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\1EA8F808-5F13-4A07-B145-C5D9A816A2F4
2024-02-10 12:29 - 2024-02-10 12:29 - 000002544 ____A [B6BD01D333D96A3A0EBF4958022E9E4E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\6C1CE43E-1E7E-4F63-A61E-4D8BDDCD78B1
2024-02-09 13:29 - 2024-02-09 13:29 - 000002504 ____A [8EAAFDD834DA8F1F65F0CE97377F0278] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\8D2DD760-D659-455B-B14D-FC4291A2E901
2024-02-09 13:40 - 2024-02-09 13:40 - 000002504 ____A [55C1AB852D0269B076DE8E35D58AF5F2] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\9B332A2D-4B89-4C20-9C99-BD15E778A78F
2024-02-07 20:27 - 2024-02-09 23:36 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08
2024-02-07 20:27 - 2024-02-07 20:27 - 000002504 ____A [3AE41C58B267AE0B871D5BF3E26CE371] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\1D589B55-1A55-4B3D-B933-D8EFA7D30358
2024-02-09 23:36 - 2024-02-10 23:37 - 000002544 ____A [F2A378497CD83E0FBDB649FB5F002542] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\59BFE47C-D44B-4012-927E-B7E75EE432DF
2024-02-09 12:04 - 2024-02-09 12:04 - 000002504 ____A [D372AA69AF459A6393B6C66ED5D5F114] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\BFF8C2F1-E8BE-4B1E-ACEE-025826C7FE44
2024-01-29 15:35 - 2024-02-02 00:02 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09
2024-02-02 00:02 - 2024-02-03 21:41 - 000002544 ____A [21B1B09011F66E521D8F5C6A3F3E5AB1] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\28D55507-B868-473B-B4A3-6FDB40C2C520
2024-01-29 15:35 - 2024-01-30 21:36 - 000002544 ____A [F4C1777E7570D3DDD3B7A51953627B97] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\E0DF3C00-5F4E-46A7-A823-EBA38D933160
2024-01-31 11:41 - 2024-02-09 13:07 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10
2024-02-09 13:07 - 2024-02-09 13:07 - 000002504 ____A [5151568D4DA641B0B09BE3BE72FF0DD2] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\7FA91E11-B574-4340-90F7-C4C94EF5CDC3
2024-01-31 11:41 - 2024-02-01 12:39 - 000002544 ____A [12EF42F6F5090AB09F8DC7A44A5CC13E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\DDD0A4C1-256C-4532-9571-3444324D861A
2022-10-17 19:41 - 2024-02-09 13:23 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11
2024-02-07 20:27 - 2024-02-08 20:35 - 000002544 ____A [379E1FE11E3E6D8A93804B94FD5A5BE6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\264C0D89-65EC-40E2-AD86-48CB34915DE8
2024-01-30 21:36 - 2024-02-01 12:39 - 000002544 ____A [4FB74337A02D97F7DF28DD0A9CE8F74E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\2E34C2A4-48B8-48C8-BA37-A0FF545D8697
2022-10-17 19:41 - 2022-10-19 14:32 - 000002488 ____A [489993F3078B6472200FE79B05328FE6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\848665C3-79D5-4F96-B104-11D86446A6DB
2024-02-09 13:23 - 2024-02-10 13:27 - 000002544 ____A [1FCC9E8BE2CA5B9029A5C9B5D0E8AB26] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\BD09ACCF-1E1F-4201-AEB8-4179C4261D2A
2024-02-09 14:16 - 2024-02-09 23:36 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12
2024-02-09 23:36 - 2024-02-10 23:37 - 000002544 ____A [886C8C80A166D9C2B0E4F28A0E51D904] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\91182EEC-5502-4291-A851-F2ED38A4E549
2024-02-09 14:16 - 2024-02-10 14:29 - 000002544 ____A [CF807046480C9EEF643A17B748A1DE60] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\94EA6B36-8893-423B-A447-642ABF3A7584
2024-02-09 23:36 - 2024-02-10 23:37 - 000002544 ____A [7FA26F3471C69DF62850305661042BEF] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\B6E10C0E-3B65-41B8-A163-D5040754ACDA
2023-12-31 09:23 - 2024-02-08 19:15 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13
2023-12-31 09:23 - 2024-01-01 20:48 - 000004704 ____A [CEC5D9A1CBC477784D73B1F2489C220E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\4C96AD0B-D72D-4233-B077-2F995DB67E5A
2024-02-01 12:39 - 2024-02-03 21:41 - 000002544 ____A [248F2457602AF4AF9AF4694BD4DBA2D8] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\8F439864-2DC6-4809-90E6-BB6535E068D8
2024-02-08 19:15 - 2024-02-09 23:18 - 000002544 ____A [FBF6AEF160F3A1DB225013D0B44FAC14] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\E2B4AEEF-29A8-4977-982F-17362A468E22
2024-02-03 21:41 - 2024-02-05 12:54 - 000002544 ____A [053763E92CD0032C4E8E9BEAA58A0690] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\FA39507A-68FD-4C7D-9DE9-50E09ADFEF00
2023-12-27 04:24 - 2024-02-09 14:16 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14
2023-12-30 00:59 - 2023-12-31 09:19 - 000002920 ____A [306C4F6D97EF4A1859DA7C34CF6383CD] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\01D3D02D-CF19-44E2-AD15-6E875F97F0B7
2024-02-09 14:16 - 2024-02-10 14:29 - 000002544 ____A [4AD10A7D41148C828C61940F71922770] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\25398CA1-34C1-401B-B4C3-AB789F6B5916
2024-02-01 18:03 - 2024-02-03 21:41 - 000002544 ____A [2C40B687FDFB558C1070EBD80A1B3E47] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\533905A9-2BC4-48E6-9760-3486547AE65B
2024-02-09 14:16 - 2024-02-10 14:29 - 000002544 ____A [ED5B5E421CA64847B240AA9FD1C9D86E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\AEF8C8D3-8654-4588-9B0A-2E9CAB904443
2024-02-09 13:41 - 2024-02-10 13:44 - 000002544 ____A [EF55FC2166D47D87033CD4DAAAD96CD2] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\EF5E872E-F39F-469B-B561-C99F61455695
2024-02-09 14:16 - 2024-02-10 14:29 - 000002544 ____A [367A8FE98BACEBF0BF8B2E336C908BE0] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\F188051B-9142-49A3-BC72-1B8919A8C605
2024-02-08 13:33 - 2024-02-10 23:37 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15
2024-02-08 13:33 - 2024-02-09 13:40 - 000002544 ____A [0046C7E2CD14CEAE803DAB8DB7CC8FC6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\3B85421D-6702-4487-8F82-12A792BB5747
2024-02-10 23:37 - 2024-02-10 23:37 - 000002544 ____A [3E714BF8E7BE62A3770AD1B01766800C] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\C5B5B271-E979-4122-8D20-407808A492DB
2024-01-31 20:29 - 2024-01-31 20:29 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16
2024-01-31 20:29 - 2024-02-01 21:38 - 000002544 ____A [486014C3AC0DB2776E98B61BB00B68AC] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\9A01766C-D7C6-4B19-BD03-87D0252A0FAA
2024-02-01 21:38 - 2024-02-10 23:37 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17
2024-02-09 13:40 - 2024-02-10 13:44 - 000002544 ____A [117450ACCF74C51EBFBBF793972AD7F1] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\613B6242-7518-4F9C-A325-F4C97B7EB3B2
2024-02-05 12:54 - 2024-02-07 20:27 - 000002544 ____A [245CCE95F0BBE47AAC4895D4F86E9032] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\9D6013F6-FE84-405F-B780-F37B840DE4D2
2024-02-01 21:38 - 2024-02-03 21:41 - 000002544 ____A [34CD8F14F7133F794FEF570F3952712A] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\B937FABC-E60D-4F8A-B198-1B05BC3C3471
2024-02-10 23:37 - 2024-02-10 23:37 - 000002504 ____A [465BFB4B063DA6A6F06C6F211AACBCA5] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\EB88BB4F-9B17-47E5-94AF-C13823FDC230
2024-02-01 18:27 - 2024-02-10 23:37 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18
2024-02-09 14:16 - 2024-02-10 14:29 - 000002544 ____A [AD9C9D7112FBE0EB01278AFA3EF7FB3A] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\035A507D-75CB-4C4E-8BDA-10474D0E19EA
2024-02-01 18:27 - 2024-02-03 21:41 - 000002544 ____A [D7639EA662A4951B09AA35BD3C46A2D6] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\182DEB37-8DA8-42F9-BDDE-E650C38D5ECC
2024-02-10 23:37 - 2024-02-10 23:37 - 000002504 ____A [0C1121FC86F1BA7DF96EA1876E7FDA82] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\D01E96A4-0999-4204-8B04-D002040CF27F
2024-01-28 00:29 - 2024-02-01 17:08 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19
2024-01-28 00:29 - 2024-01-28 00:29 - 000002544 ____A [41B3C3FD0E1686CEBC9EC59A4F4E5F29] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\348C373A-C9F1-4E51-AA3D-3A7F131FA275
2024-02-01 17:08 - 2024-02-03 21:41 - 000002544 ____A [023DDDD1E9979E6EB2672A60073FE479] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\97709F3E-A742-44BF-B091-525432C63E36
2024-02-08 19:15 - 2024-02-09 23:36 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21
2024-02-09 23:36 - 2024-02-09 23:36 - 000002504 ____A [CCB2D050ADEE67343D532692BFA0FF1E] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\2F0291C1-AB62-4F36-B714-BE5753D63D1B
2024-02-08 19:15 - 2024-02-09 23:18 - 000002544 ____A [84DC6AB6B61867A3DD10A8271EDD179D] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\731CD388-5D93-402F-9A04-1567721F69C0
2024-02-08 19:15 - 2024-02-09 23:18 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22
2024-02-08 19:15 - 2024-02-08 19:15 - 000002504 ____A [60968D4579F2F3D7FCA6C8AB8A51167C] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\66CA2A83-BDC9-4547-ABF2-F77A15F78B63
2024-02-09 23:18 - 2024-02-10 23:37 - 000002544 ____A [171762108FF4F28FDF0FE12D30A96731] () C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\C716D03A-952E-44AE-AE3B-531BC1D024B8

====== End of Folder: ======


==== End of Fixlog 23:45:05 ====

 

The latest log is too large to paste; therefore, I attach it as a .txt file.

 

I did the first three bullet points as requested.

As for the final one I could not find Detection History; however, I did find Protection History. It says, "Threat found - action needed. It dates and times it as 28/01/2024 00:29". The threat is classified as 'Severe'. Indeed, it is listed twenty times. Then listed 23 times is, "Threat blocked 28/01/2024 00:29". Then next in the list is, "Remediation incomplete 28/01/2024 00:29". This occurs once then. Then, "Threat blocked 28/01/2024 00:29" is listed six times. Next, once only, is listed, "Threat quarantined 28/01/2024 00:29". Then other 16 times is again, "Threat blocked 28/01/2024 00:29".Then one listeing again of, "Remediation incomplete 28/01/2024 00:29". Then finally, "Threat blocked 28/01/2024 00:29" is listed ten more times.

I don't know if this is the right information. I apologise if it is not.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11.02.2024
Ran by Mark (12-02-2024 15:23:28) Run:4
Running from D:\
Loaded Profiles: Mark
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CloseProcesses:
Powershell: Set-MpPreference -EnableControlledFolderAccess Disabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $true
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\73A54A2E-6529-46DB-A6A8-8BCFBF91DB3B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\A0662D4D-7AEE-4A7E-AE16-1E71CE5F8756
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B374333D-3E50-44F1-8709-7CFC1C9398B4
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B5DCD6DA-FF4C-462C-83F9-D7E1E3350293
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\B2E476CC-9C50-428F-B5E6-61171C12D00C
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\C381513C-A0E3-45C2-AF02-27FD89F86C0A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\CE442367-AE10-401C-B212-0D88B39AF456
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\00E1339E-B587-4EE5-82FD-60B804EB8A3D
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\8BC2B5C1-3E7D-4FEA-BD43-9BC4550A5989
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\B77DBC21-9159-4656-AD1D-467673AE18FF
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\C2B62483-4CA3-4725-9ACF-C490C747DA1B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\F0A1C5DB-F89A-44D2-962F-60FD26B0EEC2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\03D5F560-186D-4B95-9C73-03320F83DCA5
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\7DBD36C2-C7ED-4052-B0B5-65E696632B0B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\9E7981C7-5D4C-49DE-9BE1-21FC54D7BB80
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\DF18A31D-3E4F-49E5-AC58-65D89C8215AF
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\F07477DF-5057-478C-910C-5BFE90DFADF0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\1EA8F808-5F13-4A07-B145-C5D9A816A2F4
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\6C1CE43E-1E7E-4F63-A61E-4D8BDDCD78B1
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\8D2DD760-D659-455B-B14D-FC4291A2E901
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\9B332A2D-4B89-4C20-9C99-BD15E778A78F
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\1D589B55-1A55-4B3D-B933-D8EFA7D30358
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\59BFE47C-D44B-4012-927E-B7E75EE432DF
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\BFF8C2F1-E8BE-4B1E-ACEE-025826C7FE44
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\28D55507-B868-473B-B4A3-6FDB40C2C520
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\E0DF3C00-5F4E-46A7-A823-EBA38D933160
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\7FA91E11-B574-4340-90F7-C4C94EF5CDC3
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\DDD0A4C1-256C-4532-9571-3444324D861A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\264C0D89-65EC-40E2-AD86-48CB34915DE8
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\2E34C2A4-48B8-48C8-BA37-A0FF545D8697
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\848665C3-79D5-4F96-B104-11D86446A6DB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\BD09ACCF-1E1F-4201-AEB8-4179C4261D2A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\91182EEC-5502-4291-A851-F2ED38A4E549
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\94EA6B36-8893-423B-A447-642ABF3A7584
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\B6E10C0E-3B65-41B8-A163-D5040754ACDA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\4C96AD0B-D72D-4233-B077-2F995DB67E5A
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\8F439864-2DC6-4809-90E6-BB6535E068D8
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\E2B4AEEF-29A8-4977-982F-17362A468E22
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\FA39507A-68FD-4C7D-9DE9-50E09ADFEF00
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\01D3D02D-CF19-44E2-AD15-6E875F97F0B7
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\25398CA1-34C1-401B-B4C3-AB789F6B5916
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\533905A9-2BC4-48E6-9760-3486547AE65B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\AEF8C8D3-8654-4588-9B0A-2E9CAB904443
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\EF5E872E-F39F-469B-B561-C99F61455695
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\F188051B-9142-49A3-BC72-1B8919A8C605
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\3B85421D-6702-4487-8F82-12A792BB5747
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\C5B5B271-E979-4122-8D20-407808A492DB
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\9A01766C-D7C6-4B19-BD03-87D0252A0FAA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\613B6242-7518-4F9C-A325-F4C97B7EB3B2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\9D6013F6-FE84-405F-B780-F37B840DE4D2
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\B937FABC-E60D-4F8A-B198-1B05BC3C3471
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\EB88BB4F-9B17-47E5-94AF-C13823FDC230
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\035A507D-75CB-4C4E-8BDA-10474D0E19EA
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\182DEB37-8DA8-42F9-BDDE-E650C38D5ECC
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\D01E96A4-0999-4204-8B04-D002040CF27F
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\348C373A-C9F1-4E51-AA3D-3A7F131FA275
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\97709F3E-A742-44BF-B091-525432C63E36
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\2F0291C1-AB62-4F36-B714-BE5753D63D1B
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\731CD388-5D93-402F-9A04-1567721F69C0
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\66CA2A83-BDC9-4547-ABF2-F77A15F78B63
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\C716D03A-952E-44AE-AE3B-531BC1D024B8
Powershell: Set-MpPreference -EnableControlledFolderAccess Enabled
Powershell: Set-MpPreference -DisableRealtimeMonitoring $false


*****************

Processes closed successfully.

========= Set-MpPreference -EnableControlledFolderAccess Disabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $true =========


========= End of Powershell: =========

Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\73A54A2E-6529-46DB-A6A8-8BCFBF91DB3B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\00\A0662D4D-7AEE-4A7E-AE16-1E71CE5F8756 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B374333D-3E50-44F1-8709-7CFC1C9398B4 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\01\B5DCD6DA-FF4C-462C-83F9-D7E1E3350293 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\B2E476CC-9C50-428F-B5E6-61171C12D00C => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\02\C381513C-A0E3-45C2-AF02-27FD89F86C0A => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\03\CE442367-AE10-401C-B212-0D88B39AF456 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\00E1339E-B587-4EE5-82FD-60B804EB8A3D => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\04\8BC2B5C1-3E7D-4FEA-BD43-9BC4550A5989 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\B77DBC21-9159-4656-AD1D-467673AE18FF => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\C2B62483-4CA3-4725-9ACF-C490C747DA1B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\05\F0A1C5DB-F89A-44D2-962F-60FD26B0EEC2 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\03D5F560-186D-4B95-9C73-03320F83DCA5 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\7DBD36C2-C7ED-4052-B0B5-65E696632B0B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\9E7981C7-5D4C-49DE-9BE1-21FC54D7BB80 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\DF18A31D-3E4F-49E5-AC58-65D89C8215AF => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\06\F07477DF-5057-478C-910C-5BFE90DFADF0 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\1EA8F808-5F13-4A07-B145-C5D9A816A2F4 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\6C1CE43E-1E7E-4F63-A61E-4D8BDDCD78B1 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\8D2DD760-D659-455B-B14D-FC4291A2E901 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\9B332A2D-4B89-4C20-9C99-BD15E778A78F => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\1D589B55-1A55-4B3D-B933-D8EFA7D30358 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\59BFE47C-D44B-4012-927E-B7E75EE432DF => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\08\BFF8C2F1-E8BE-4B1E-ACEE-025826C7FE44 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\28D55507-B868-473B-B4A3-6FDB40C2C520 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\09\E0DF3C00-5F4E-46A7-A823-EBA38D933160 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\7FA91E11-B574-4340-90F7-C4C94EF5CDC3 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\10\DDD0A4C1-256C-4532-9571-3444324D861A => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\264C0D89-65EC-40E2-AD86-48CB34915DE8 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\2E34C2A4-48B8-48C8-BA37-A0FF545D8697 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\848665C3-79D5-4F96-B104-11D86446A6DB => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\11\BD09ACCF-1E1F-4201-AEB8-4179C4261D2A => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\91182EEC-5502-4291-A851-F2ED38A4E549 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\94EA6B36-8893-423B-A447-642ABF3A7584 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\12\B6E10C0E-3B65-41B8-A163-D5040754ACDA => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\4C96AD0B-D72D-4233-B077-2F995DB67E5A => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\8F439864-2DC6-4809-90E6-BB6535E068D8 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\E2B4AEEF-29A8-4977-982F-17362A468E22 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\13\FA39507A-68FD-4C7D-9DE9-50E09ADFEF00 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\01D3D02D-CF19-44E2-AD15-6E875F97F0B7 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\25398CA1-34C1-401B-B4C3-AB789F6B5916 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\533905A9-2BC4-48E6-9760-3486547AE65B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\AEF8C8D3-8654-4588-9B0A-2E9CAB904443 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\EF5E872E-F39F-469B-B561-C99F61455695 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\14\F188051B-9142-49A3-BC72-1B8919A8C605 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\3B85421D-6702-4487-8F82-12A792BB5747 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\C5B5B271-E979-4122-8D20-407808A492DB => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\16\9A01766C-D7C6-4B19-BD03-87D0252A0FAA => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\613B6242-7518-4F9C-A325-F4C97B7EB3B2 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\9D6013F6-FE84-405F-B780-F37B840DE4D2 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\B937FABC-E60D-4F8A-B198-1B05BC3C3471 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\17\EB88BB4F-9B17-47E5-94AF-C13823FDC230 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\035A507D-75CB-4C4E-8BDA-10474D0E19EA => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\182DEB37-8DA8-42F9-BDDE-E650C38D5ECC => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\18\D01E96A4-0999-4204-8B04-D002040CF27F => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\348C373A-C9F1-4E51-AA3D-3A7F131FA275 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\19\97709F3E-A742-44BF-B091-525432C63E36 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\2F0291C1-AB62-4F36-B714-BE5753D63D1B => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\21\731CD388-5D93-402F-9A04-1567721F69C0 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\66CA2A83-BDC9-4547-ABF2-F77A15F78B63 => moved successfully
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\22\C716D03A-952E-44AE-AE3B-531BC1D024B8 => moved successfully

========= Set-MpPreference -EnableControlledFolderAccess Enabled =========


========= End of Powershell: =========


========= Set-MpPreference -DisableRealtimeMonitoring $false =========


========= End of Powershell: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-02-2024 15:26:56)

C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db => Could not move
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Detections.log => Could not move

==== End of Fixlog 15:26:56 ====

 

Yes, the same one listed twelve times.

I feel so stupid telling you the following. I've just been clicking on 'Start Actions' at the bottom of the screen. I didn't realise I had to click the down arrow next to each listed threat and choose the action. Obviously, I'm now going to do that and see if Defender rids me of the problem.

One more stupud question to ask. For the action should I choose Remove or Quarantine?

Sorry you have to put up with such stupidity!