CampaignManager running at shutdown and preventing normal shutdown.

Hi Mike,

UNP (Universal Notification Platform) is a component of the Windows Update Service, I believe it was first introduced in version 1703, if memory serves me correctly.

UNP/CampaignManager.exe can also be present if a home/Wi-Fi network is or has ever been used or setup on the PC.

On my Win 10 Pro version 1903 build 18362.418 Workstation that has never been joined to any network in anyway, home, Wi-Fi, work or otherwise, the UNP/CampaignManager.exe file does not exist. (File Explorer snapshots below):

The System32 UNP folder:

The Program Files UNP folder contains Log files only:

These are .etl (Windows Performance Analyzer) log files.

Now, being that all of the updates related to versions 1703 thru 1903 have installed successfully on this device (and no network has ever been setup), these log files are empty.

Now, that being said, the CampaignManager.exe file name has been known to be used by some malicious  (spyware, adware, trackers etc.) software to disguise themselves as a legit Windows OS entity. In such a case as being possible I would recommend running a MBAM Free scan as it specifically targets the above and PUP's as well, (note that any Potentially Unwanted Program results that are flagged may be something that you may want to keep, in such a case check the scan log for the file locations to research). 

Hope this can help and Good Luck!

-Richard

Standard Disclaimer: Any non-Microsoft websites provided here appear to be providing accurate, safe information. Watch out for any ads on these sites that may advertise products frequently classified as PUP's (Potentially Unwanted Programs). Thoroughly research any product/program advertised on any site before you decide to download and install it.

Ok,

Perform a "Restart" instead of (or before) a shutdown and startup as they are two different (slightly but importantly) things.

(Even if Fast Start is disabled I would still recommend the same).

I'm going offline now, will be back in at some point in the morrow.

-Richard

MalwareBytes didn't like some 'search' values for Chrome and Yahoo.

It noticed three files connected to my CCTV equipment; Been there for years. I need them to access the CCTV server with Internet Explorer (until I junk the CCTV box for a newer one). I can't access the CCTV server with anything else. The three always scan as if there are bad.

Other than that, it found nothing. 

I did quarantine all but those three files and now the tab bar in Chrome is funky, but I won't know much more until I try to shut down later.

Hi Mike,

Yes I did mistype, thanks for pointing that out.

To be sure I ran/reran a C: drive search for "CampaignManager" on the workstation and the result was:

Your thread.

Let us know how the MBAM scan goes and Good Luck!

-Richard

Hi Richard,

The PC in question does not have WiFi.

A scan for CampainManager.exe produced nothing.

In case you mis-typed  I ran a scan for CampaignManager.exe and found nothing

I ran the following:

SFC /SCANNOW

DISM /Online /Cleanup-Image /AnalyzeComponentStore

DISM /Online /Cleanup-Image /StartComponentCleanup

DISM /Online /Cleanup-Image /CheckHealth

DISM /Online /Cleanup-Image /ScanHealth

DISM /Online /Cleanup-Image /RestoreHealth 

And  since there were problems with some corrupted files I ran these again.

SFC /SCANNOW

DISM /Online /Cleanup-Image /AnalyzeComponentStore

-- and got: Component Store Cleanup Recommended : No

followed by:

PS C:\WINDOWS\system32> DISM /Online /Cleanup-Image /CheckHealth                                                        

Deployment Image Servicing and Management tool

Version: 10.0.18362.1

Image Version: 10.0.18362.418

No component store corruption detected.

The operation completed successfully.

I will download the Malwarebytes and see what it finds. 

Thanks.