Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2023 Ran by HeatherSchmidt (19-12-2023 16:56:41) Running from C:\Users\HeatherSchmidt\Downloads Microsoft Windows 10 Pro Version 22H2 19045.3693 (X64) (2020-08-31 00:52:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-3251423693-4260676575-3805690949-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3251423693-4260676575-3805690949-503 - Limited - Disabled) Guest (S-1-5-21-3251423693-4260676575-3805690949-501 - Limited - Disabled) stpau (S-1-5-21-3251423693-4260676575-3805690949-1001 - Administrator - Enabled) => C:\Users\stpau WDAGUtilityAccount (S-1-5-21-3251423693-4260676575-3805690949-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.110 - Google LLC) Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.77 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.77 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\Microsoft EdgeWebView) (Version: 120.0.2210.77 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation) Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply) RingCentral Meetings (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation) Zoom (HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.) Packages: ========= Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.17029.20068.0_x86__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-12-04] (Microsoft Corporation) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-12-04] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-19] (Microsoft Studios) [MS Ad] Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23100.116.0_x64__8wekyb3d8bbwe [2023-12-19] (Microsoft Corporation) Toshiba Print Experience -> C:\Program Files\WindowsApps\TOSHIBATEC.ToshibaPrintExperience_10.70.3989.68_x86__8ck45jgtf9y1t [2023-12-04] (Toshiba Tec Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{04271989-C4D2-0029-05B3-BC25C3BC39B8} -> [OneDrive - St. Paul's Lutheran] => C:\Users\ChadClough\OneDrive - St. Paul's Lutheran [2022-11-14 16:22] CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-12-1-379402305-1282805949-553899156-2530637685_Classes\CLSID\{E3D57E77-FE71-4D06-BD34-D48820074909}\InprocServer32 -> C:\Users\ChadClough\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-09-29 07:46 - 2017-09-29 07:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-12-1-1721880173-1220933218-3369430184-3542225890\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-12-1-379402305-1282805949-553899156-2530637685\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-3251423693-4260676575-3805690949-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.123.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{F4AF4BF4-6404-4C7F-987A-A6971BDDFBA3}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{962F00B5-A61D-4026-BCAA-0C6716938EDA}C:\users\collinmayer\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\collinmayer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{84F7B634-44BB-4BCF-A30D-2BC2CA7F42AD}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [UDP Query User{AC4E30B7-DACA-4BE4-8204-761A4F526CEF}C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe] => (Block) C:\users\chadclough\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [TCP Query User{E93C769E-5097-4C06-BC80-F5D38379F0CC}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.) FirewallRules: [UDP Query User{2E1414C1-1CF0-475A-9D46-C6D2B8CD9523}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.) FirewallRules: [TCP Query User{7DC159DE-5B6F-461C-82F3-DE5FF933D2E2}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.) FirewallRules: [UDP Query User{C7A76A08-DD9F-47CC-BCDA-D48950FDF7B3}C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe] => (Allow) C:\users\chadclough\appdata\roaming\ringcentralmeetings\bin\ringcentralmeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.) FirewallRules: [{665B7001-6F62-4205-8DCC-802615ECBE5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D6388529-A7D8-4F36-A4EC-D513F435D86C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{03EFA556-0E09-4AAD-9FD6-FE9B0E323F2E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7F25E0D3-0E00-446A-8C14-24D1B9E350AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1B2D8442-842A-4E97-A466-05671497D6B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.17029.20068.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9AF4627D-7079-4444-AC09-5AB2502F09AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A9F105CF-E8AC-4F0C-8998-87E680D2B083}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{616658F4-1D6E-466E-B7D1-2D2846E6BFF1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{77C90DBD-6607-4013-9F39-B695F278695C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C3ACBB94-2B00-4A40-B6A9-28E15C25AD40}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C0E4628E-50DB-41C8-8028-422F9221F670}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 15-12-2023 13:59:08 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/11/2023 01:17:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchApp.exe version 10.0.19041.3636 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2310 Start Time: 01da2a57dcccb1db Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: 6c082c41-28d0-4f3c-a601-ff41852f5d18 Faulting package full name: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: ShellFeedsUI Hang type: Quiesce Error: (12/08/2023 09:33:25 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: AzureAD) Description: Microsoft.SurfaceHub_8wekyb3d8bbwe-2147023878 Error: (12/08/2023 08:45:33 AM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: ) Description: Event-ID 1 Error: (12/08/2023 08:45:32 AM) (Source: PlayerLocationCheck) (EventID: 1) (User: ) Description: Event-ID 1 Error: (12/08/2023 08:45:32 AM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: ) Description: Event-ID 1 Error: (12/08/2023 08:45:32 AM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: ) Description: Event-ID 1 Error: (12/08/2023 08:45:32 AM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: ) Description: Event-ID 1 Error: (12/08/2023 08:44:59 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] System errors: ============= Error: (12/19/2023 02:49:57 PM) (Source: SurfaceSerialHubDriver) (EventID: 10) (User: ) Description: Surface Serial Hub Driver invalid signature received. Error: (12/19/2023 02:49:57 PM) (Source: SurfaceSerialHubDriver) (EventID: 11) (User: ) Description: Surface Serial Hub Driver invalid checksum received. Error: (12/19/2023 02:49:56 PM) (Source: SurfaceSerialHubDriver) (EventID: 15) (User: ) Description: Surface Serial Hub Driver get response timeout, CanceledID = 18176, TargetCategory = TCL, CommandID = 12. Error: (12/19/2023 02:49:53 PM) (Source: SurfaceSerialHubDriver) (EventID: 10) (User: ) Description: Surface Serial Hub Driver invalid signature received. Error: (12/19/2023 02:49:53 PM) (Source: SurfaceSerialHubDriver) (EventID: 11) (User: ) Description: Surface Serial Hub Driver invalid checksum received. Error: (12/19/2023 02:49:53 PM) (Source: SurfaceSerialHubDriver) (EventID: 10) (User: ) Description: Surface Serial Hub Driver invalid signature received. Error: (12/19/2023 02:49:53 PM) (Source: SurfaceSerialHubDriver) (EventID: 11) (User: ) Description: Surface Serial Hub Driver invalid checksum received. Error: (12/19/2023 02:49:53 PM) (Source: SurfaceSerialHubDriver) (EventID: 10) (User: ) Description: Surface Serial Hub Driver invalid signature received. Windows Defender: ================ Date: 2023-12-08 08:29:07 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-12-05 08:15:01 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2023-10-03 07:51:06 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Event[0]: Date: 2023-12-08 08:29:07 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.403.111.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23110.2 Error code: 0x800706be Error description: The remote procedure call failed. Date: 2023-12-04 13:57:17 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.401.1656.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23100.2009 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2023-12-03 14:20:00 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.401.1232.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23100.2009 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2023-12-03 14:20:00 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.401.1232.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23100.2009 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2023-12-03 14:20:00 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.401.1232.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.23100.2009 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =============== Date: 2023-12-19 16:51:52 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Microsoft Corporation 138.3732.768 04.20.2021 Motherboard: Microsoft Corporation Surface Laptop Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentage of memory in use: 73% Total physical RAM: 8109.11 MB Available physical RAM: 2165.33 MB Total Virtual: 11985.05 MB Available Virtual: 2096.45 MB ==================== Drives ================================ Drive c: (Local Disk) (Fixed) (Total:117.91 GB) (Free:57.21 GB) (Model: THNSN0128GTYA TOSHIBA) (Protected) NTFS \\?\Volume{d610b4fa-0d6d-4c71-95b3-bafad241d102}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.31 GB) NTFS \\?\Volume{2c73e5b8-ba32-4fc1-86c6-7298b8ffd405}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 3360B8F4) Partition: GPT. ==================== End of Addition.txt =======================