Need help creating fix file for farbar

tatt · Jun 15, 2023

Hi, i need help creating a fixlist.text for farbar please
FRST.txt
Addition.txt

nasdaq · Jun 16, 2023

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The file you attached needs to be opened win a Microsoft program.

Please attach the logs in a text format to your next reply. will veview them and advice.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

tatt · Jun 16, 2023

nasdaq said:
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The file you attached needs to be opened win a Microsoft program.

Please attach the logs in a text format to your next reply. will veview them and advice.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Let me know what problems persists.

Wait for further instructions

FRST.TEXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2023
Ran by tatta (administrator) on DESKTOP-0C55HJ2 (Microsoft Corporation Surface Pro 7) (15-06-2023 12:44:22)
Running from C:\Users\tatta\Downloads\FRST64 (1).exe
Loaded Profiles: tatta
Platform: Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\crash_handler.exe <5>
(C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\PlayerLocationIcon.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe <12>
(DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\76.0.3.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <47>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\76.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.242\GoogleCrashHandler64.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe
(services.exe ->) (GeoComply Solutions Inc. -> ) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23050.163.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23050.163.0_x64__8wekyb3d8bbwe\SurfaceAppDt\SurfaceAppDt.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\tatta\AppData\Local\Microsoft\OneDrive\23.107.0521.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.11600.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_f74568513a3bb299\RtkAudUService64.exe [835680 2021-10-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\76.0.3.0\GoogleDriveFS.exe [145176856 2023-06-12] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\76.0.3.0\GoogleDriveFS.exe [145176856 2023-06-12] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\76.0.3.0\GoogleDriveFS.exe [145176856 2023-06-12] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\Run: [GoogleChromeAutoLaunch_7EABAC6C2AFF5FB3B517EDE83382C8B1] => C:\Users\tatta\AppData\Local\OneLaunch\5.9.5\chromium\chromium.exe [2077912 2023-04-11] (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\Run: [MicrosoftEdgeAutoLaunch_1F7EF75DA41C731292BC1A821F7DCCF2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4113872 2023-06-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\76.0.3.0\GoogleDriveFS.exe [145176856 2023-06-12] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\HP CC11 Status Monitor: C:\WINDOWS\system32\hpinkstsCC11LM.dll [391992 2019-03-15] (HP Inc -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\114.0.5735.134\Installer\chrmstp.exe [2023-06-14] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\tatta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneLaunch.lnk [2023-05-04]
ShortcutTarget: OneLaunch.lnk -> C:\Users\tatta\AppData\Local\OneLaunch\5.9.5\onelaunch.exe (ONELAUNCH TECHNOLOGIES INC. -> OneLaunch)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04C2A35F-9B79-4A01-ADF1-89D09129A234} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170456 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {32319AB4-F2CD-45D1-B4CF-F032C91AFB7B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34CE9F0B-874C-4FC1-A5F4-B1F8C2C25D1B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {89E08458-7CEA-4F5F-87C6-A649C0D8590E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B1D94B4-C26A-423E-BCD4-3C1328DC7BFA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {9B3F4ED1-EB43-4666-AB04-8B818281B2DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A528DF46-ADA9-4126-8067-99C540D43814} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {AB160BA5-A861-4D17-AD00-ECB558C50CDC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC187521-8E43-4C2C-8AC9-8D485D3E0B30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-30] (Google LLC -> Google LLC)
Task: {AF7C489E-514C-4E66-8195-67027074510C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157544 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C21702D7-0497-4E63-9884-5F5CAAF031C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26557360 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5C14E71-F30C-4539-BBBF-A2C14246A2E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C64F3986-225D-4330-BC78-AC34EBD41ACF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {EA02D72C-F25D-497A-96BD-F04B02F7E722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-30] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0cb4caa5-c475-4159-b789-e0e8febfd80e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c9b21cc1-4984-4566-ba76-269e945ec17e}: [DhcpNameServer] 172.22.255.68 172.22.255.86 172.22.255.206 172.22.255.204

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tatta\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-15]
Edge Extension: (Edge relevant text changes) - C:\Users\tatta\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
Edge Extension: (Google Hangouts) - C:\Users\tatta\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-05-05]
Edge Extension: (Apps) - C:\Users\tatta\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj [2023-05-25] [UpdateUrl:hxxps://extupdaterequest.com/crx/updates.xml] <==== ATTENTION
Edge Extension: (Apps Helper) - C:\apps-helper [2023-05-02]
Edge HKLM\...\Edge\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2023-05-02]
Edge HKLM-x32\...\Edge\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2023-05-02]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Default [2023-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-15]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-15]
CHR Extension: (Apps Helper) - C:\apps-helper [2023-05-02]
CHR Profile: C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-12-06]
CHR Profile: C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-06-14]
CHR Extension: (Google Docs Offline) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-06-14]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-11-09]
CHR Profile: C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-13]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tatta\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-13]
CHR Profile: C:\Users\tatta\AppData\Local\Google\Chrome\User Data\System Profile [2022-12-06]
CHR HKLM\...\Chrome\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2023-05-02]
CHR HKU\S-1-5-21-1511494398-146166149-3161046390-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [pejhfhcoekcajgokallhmklcjkkeemgj] - C:\\apps.crx [2023-05-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11774392 2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
R2 com.geocomply.internal-updater-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.internal-updater-microservice.exe [11580080 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.process-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.process-scanner-microservice.exe [11621552 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.vm-detector-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.vm-detector-microservice.exe [11441328 ] (GeoComply Solutions Inc. -> )
R2 com.geocomply.wifi-scanner-microservice; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/com.geocomply.wifi-scanner-microservice.exe [11443888 ] (GeoComply Solutions Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-14] (Malwarebytes Inc. -> Malwarebytes)
R2 Player Location Check; C:\Program Files (x86)\GeoComply\//PlayerLocationCheck///Application/service.exe [11535536 ] (GeoComply Solutions Inc. -> )
R2 SurfaceExperienceService-61.23050.163; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23050.163.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8741256 2023-04-17] (Microsoft Corporation -> Microsoft)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-06-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-06-15] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-06-15] (Malwarebytes Inc. -> Malwarebytes)
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_f531483c52451822\SurfaceSerialHubDriver.sys [366056 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2023-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-06-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99568 2023-06-15] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-15 12:44 - 2023-06-15 12:45 - 000021241 _____ C:\Users\tatta\Downloads\FRST.txt
2023-06-15 12:42 - 2023-06-15 12:43 - 002383360 _____ (Farbar) C:\Users\tatta\Downloads\FRST64 (1).exe
2023-06-15 12:25 - 2023-06-15 12:44 - 000000000 ____D C:\FRST
2023-06-15 12:23 - 2023-06-15 12:25 - 002383360 _____ (Farbar) C:\Users\tatta\Downloads\FRST64.exe
2023-06-15 11:39 - 2023-06-15 11:39 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-06-15 11:39 - 2023-06-15 11:39 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-06-15 11:39 - 2023-06-15 11:39 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-06-15 10:57 - 2023-06-15 10:58 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\tatta\Downloads\iExplore (1).exe
2023-06-15 10:09 - 2023-06-15 10:09 - 000000000 ____D C:\Users\tatta\AppData\Roaming\Microsoft\MMC
2023-06-15 09:52 - 2023-06-15 09:53 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\tatta\Downloads\iExplore.exe
2023-06-14 21:50 - 2023-06-14 21:50 - 000002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-14 21:50 - 2023-06-14 21:50 - 000002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-06-14 21:49 - 2023-06-14 21:49 - 001369128 _____ (Google LLC) C:\Users\tatta\Downloads\ChromeSetup (3).exe
2023-06-14 21:49 - 2023-06-14 21:49 - 001369128 _____ (Google LLC) C:\Users\tatta\Downloads\ChromeSetup (2).exe
2023-06-14 21:32 - 2023-06-14 21:32 - 000000000 ____D C:\Users\tatta\AppData\Local\CrashDumps
2023-06-14 21:14 - 2023-06-14 21:14 - 000002050 _____ C:\Users\tatta\Desktop\scan 6-14-23.txt
2023-06-14 21:08 - 2023-06-15 11:40 - 000000000 ____D C:\Users\tatta\AppData\Local\Malwarebytes
2023-06-14 21:08 - 2023-06-14 21:08 - 000000000 ____D C:\Users\tatta\AppData\Local\mbam
2023-06-14 21:07 - 2023-06-14 21:07 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-14 21:07 - 2023-06-14 21:07 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-14 21:07 - 2023-06-14 21:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-14 21:06 - 2023-06-14 21:07 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-14 21:06 - 2023-06-14 21:06 - 002645944 _____ (Malwarebytes) C:\Users\tatta\Downloads\MBSetup-5.5.exe
2023-06-14 16:07 - 2023-06-14 16:07 - 000000000 ___HD C:\$WinREAgent
2023-06-14 11:52 - 2023-06-14 11:52 - 000000000 ____D C:\Users\tatta\Desktop\summer activities
2023-06-14 11:49 - 2023-06-14 11:50 - 000000000 ____D C:\Users\tatta\Desktop\misc
2023-06-12 10:11 - 2023-06-12 10:11 - 000000000 ____D C:\Users\tatta\AppData\Local\ElevatedDiagnostics
2023-06-08 08:33 - 2023-06-08 08:33 - 016737113 _____ C:\Users\tatta\Desktop\General_Guidelines (1).pdf
2023-05-25 09:21 - 2023-05-25 13:45 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore
2023-05-24 20:26 - 2023-05-24 20:26 - 000071452 _____ C:\Users\tatta\Downloads\MVD Payment Receipt 33048000.pdf
2023-05-19 10:25 - 2023-05-19 10:25 - 000786371 _____ C:\Users\tatta\Downloads\PSFix_20230517_204210.jpeg
2023-05-19 10:25 - 2023-05-19 10:25 - 000703624 _____ C:\Users\tatta\Downloads\PSFix_20230517_204141.jpeg
2023-05-19 10:24 - 2023-05-19 10:24 - 001119158 _____ C:\Users\tatta\Downloads\PSFix_20230517_204059.jpeg
2023-05-19 10:24 - 2023-05-19 10:24 - 000707500 _____ C:\Users\tatta\Downloads\PSFix_20230517_204327.jpeg
2023-05-18 08:59 - 2023-05-18 08:59 - 016737113 _____ C:\Users\tatta\Desktop\General_Guidelines.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-06-15 12:39 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-06-15 12:37 - 2021-12-25 20:16 - 000000000 ___RD C:\Users\tatta\OneDrive
2023-06-15 12:18 - 2021-12-30 10:24 - 000000000 ____D C:\Program Files (x86)\Google
2023-06-15 12:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-06-15 12:04 - 2020-03-20 18:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-06-15 11:56 - 2021-12-25 20:10 - 000000000 ___SD C:\Users\tatta\AppData\Roaming\Microsoft\Credentials
2023-06-15 11:54 - 2022-05-06 22:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-06-15 11:50 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-06-15 11:46 - 2023-01-10 16:15 - 000804932 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-06-15 11:46 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2023-06-15 11:39 - 2023-01-10 16:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-06-15 11:39 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-06-15 11:39 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-06-15 11:39 - 2022-05-06 22:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2023-06-15 11:39 - 2022-01-03 21:00 - 000012288 ___SH C:\DumpStack.log.tmp
2023-06-15 11:39 - 2021-12-25 20:15 - 000000000 __SHD C:\Users\tatta\IntelGraphicsProfiles
2023-06-15 11:39 - 2020-10-15 11:06 - 000000000 ____D C:\Intel
2023-06-15 10:38 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-06-15 08:56 - 2022-07-29 12:46 - 000000000 ____D C:\Users\tatta\AppData\Local\OneLaunch
2023-06-15 08:41 - 2023-01-10 16:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-06-14 21:16 - 2023-01-10 16:13 - 000471216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-06-14 21:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-14 21:15 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-14 21:07 - 2022-05-06 22:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-06-14 16:13 - 2022-01-03 20:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-14 16:11 - 2022-01-03 20:00 - 170078616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-14 16:10 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-06-14 16:10 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-06-14 16:09 - 2023-01-10 16:13 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-14 12:21 - 2021-12-30 12:01 - 000000000 ____D C:\Users\tatta\AppData\Roaming\Microsoft\Word
2023-06-14 11:51 - 2022-12-14 12:15 - 000000000 ____D C:\Users\tatta\Desktop\2022 book
2023-06-13 08:41 - 2021-12-27 15:07 - 000000000 ____D C:\Users\tatta\AppData\Local\D3DSCache
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-06-12 23:21 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-06-12 23:21 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2023-06-12 08:19 - 2022-08-30 19:22 - 000002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-06-12 08:19 - 2022-08-30 19:22 - 000001909 _____ C:\Users\tatta\Desktop\Google Slides.lnk
2023-06-12 08:19 - 2022-08-30 19:22 - 000001909 _____ C:\Users\tatta\Desktop\Google Sheets.lnk
2023-06-12 08:19 - 2022-08-30 19:22 - 000001897 _____ C:\Users\tatta\Desktop\Google Docs.lnk
2023-06-12 08:19 - 2022-08-30 19:22 - 000001873 _____ C:\Users\tatta\Desktop\Google Drive.lnk
2023-06-11 09:37 - 2021-12-25 20:09 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-11 09:33 - 2021-12-25 20:15 - 000000000 ____D C:\Users\tatta\AppData\Local\Packages
2023-06-11 09:32 - 2020-03-20 19:07 - 000000000 ____D C:\Program Files\Microsoft Office
2023-06-11 09:31 - 2023-01-10 16:19 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-06-11 09:31 - 2023-01-10 16:19 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-06-08 16:26 - 2023-01-10 16:19 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1511494398-146166149-3161046390-1001
2023-06-08 16:26 - 2023-01-10 16:19 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1511494398-146166149-3161046390-1001
2023-06-08 16:26 - 2022-01-03 21:01 - 000002389 _____ C:\Users\tatta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-05-19 08:13 - 2023-01-10 16:19 - 000003714 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-19 08:13 - 2023-01-10 16:19 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-16 01:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-05-16 01:19 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

ADDITION.TEXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2023
Ran by tatta (15-06-2023 12:45:36)
Running from C:\Users\tatta\Downloads
Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) (2023-01-10 23:19:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1511494398-146166149-3161046390-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1511494398-146166149-3161046390-503 - Limited - Disabled)
Guest (S-1-5-21-1511494398-146166149-3161046390-501 - Limited - Disabled)
tatta (S-1-5-21-1511494398-146166149-3161046390-1001 - Administrator - Enabled) => C:\Users\tatta
WDAGUtilityAccount (S-1-5-21-1511494398-146166149-3161046390-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.134 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 76.0.3.0 - Google LLC)
Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.16501.20196 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16501.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11929.20394 - Microsoft Corporation) Hidden
OneLaunch 5.9.5 (HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\{4947c51a-26a9-4ed0-9a7b-c21e5ae0e71a}_is1) (Version: 5.9.5 - OneLaunch)
Player Location Check (HKLM-x32\...\{F0753064-8D66-41A7-9F23-7691290387BF}) (Version: 4.0.0.4 - GeoComply)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1511494398-146166149-3161046390-1001\...\ZoomUMX) (Version: 5.10.1 (4420) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Lightroom -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobeLightroom_6.4.29944.0_x64__ynb6jyjzte8ga [2023-06-14] (Adobe Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.54.2.0_x64__6rarf9sa4v8jt [2023-06-11] (Disney)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-25] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14003.0_x64__8wekyb3d8bbwe [2023-05-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-10] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe [2023-06-11] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-10-20] (Microsoft Corporation)
ms-resource:/CommonClassLibrary/resources/AppOriginalName -> C:\Program Files\WindowsApps\AdobeSystemsIncorporated.AdobePhotoshopExpress_3.11.425.0_x64__ynb6jyjzte8ga [2023-04-25] (Adobe Inc.)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-06-01] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-14] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-02-13] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-18] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0 [2023-06-11] (Spotify AB) [Startup Task]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23050.163.0_x64__8wekyb3d8bbwe [2023-05-28] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-11] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-14] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\76.0.3.0\drivefsext.dll [2023-06-12] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-14] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tatta\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tatta\Downloads\ChromeSetup (2).exe:MBAM.Zone.Identifier [391]
AlternateDataStreams: C:\Users\tatta\Downloads\FRST64 (1).exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\tatta\Downloads\FRST64.exe:MBAM.Zone.Identifier [240]
AlternateDataStreams: C:\Users\tatta\Downloads\iExplore (1).exe:MBAM.Zone.Identifier [222]
AlternateDataStreams: C:\Users\tatta\Downloads\iExplore.exe:MBAM.Zone.Identifier [222]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-06-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 21:49 - 2019-03-18 21:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1511494398-146166149-3161046390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tatta\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\AttawayFamily2022(28).JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{59F81338-200D-483A-8283-1B3D021C3D12}] => (Allow) C:\Users\tatta\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{A37BE7E0-E313-4125-89C0-C4F2E86241C9}] => (Allow) C:\Users\tatta\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{40AFFB45-7FF0-4BB5-9159-E2CE948C95A5}] => (Allow) C:\Users\tatta\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38D374BE-2B61-47D6-8195-C4427F553F79}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22006.600.1133.7409_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{19D57FBA-8E27-44BE-B318-E17C2692B7CE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22006.600.1133.7409_x64__8wekyb3d8bbwe\msteams.exe => No File
FirewallRules: [{1EE926C9-EB40-4933-B649-D2F388F43038}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{2548F60D-E14D-41FC-B10B-955375EA4C3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{5AC6B414-C2AB-4747-93F4-E3A38179B563}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{FB0DF3BC-2EB3-4018-A048-D5CF62BA6A16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{968C625E-B778-4201-85CE-349E93D6EA13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{088D0F07-B821-47E2-AFC7-385C12AFEC77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D619AE81-2FA8-40BD-BCDF-B0B5C5B1C043}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{39F246D2-D0C3-45EE-A5D5-F6553826A6C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{22DCDC97-B419-4B05-9B21-879897367114}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3CC08AD8-C564-4FBE-BBAA-437454D44F30}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{19EE8752-A38C-458D-9E33-2E865744D6FF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AE378EA-ECEA-464A-B52F-61FE49750990}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5CBAEDD4-17AC-4099-AFA7-9C9FB0407C24}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{61174521-4772-40DF-A9F5-DD2CC71C0572}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9657770-944B-4844-94EB-85C203FA6708}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C26D3F40-8EB6-47A5-B169-631DC0D6BA36}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{753273D3-DDD1-4891-8E09-4BD8D71B2925}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FB8C0167-F06B-489A-81FA-D485926FB392}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D3A1EC05-5FEE-4F4C-960F-FDE63CC3B235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4E927091-72C0-42B4-BDEC-BC598B6F0BA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3F44B8AC-AA11-4CD9-BB03-689E9CFE5B26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{46F92D6B-8718-4D4A-AA18-E171DB9A5173}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{57DBFFCC-577F-48A9-B511-E1DAD64A7808}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DD86E6BF-1B89-4F4E-ADF8-5C68D18FA215}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D4CFA45F-1AA0-4750-BFCD-D5D7C88FCCAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.213.661.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3BAB1DE7-0703-414E-94BC-4FB1B4B23280}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD987977-4611-4629-9809-AE35748AC740}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

14-06-2023 16:06:06 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Intel(R) Smart Sound Technology (Intel(R) SST) OED
Description: Intel(R) Smart Sound Technology (Intel(R) SST) OED
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcOED
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/15/2023 11:46:09 AM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: SecurityHealthService.exe, version: 10.0.22621.1635, time stamp: 0xc9cb2878
Faulting module name: ntdll.dll, version: 10.0.22621.1848, time stamp: 0x48d14984
Exception code: 0xc0000374
Fault offset: 0x000000000010be19
Faulting process id: 0x0x3de0
Faulting application start time: 0x0x1d99fb8d13e71fa
Faulting application path: C:\WINDOWS\system32\SecurityHealthService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f1a1e9d9-a4cb-496e-8390-985af31e97af
Faulting package full name:
Faulting package-relative application ID:

Error: (06/15/2023 11:39:46 AM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 11:39:42 AM) (Source: com.geocomply.internal-updater-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 11:39:41 AM) (Source: PlayerLocationCheck) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 11:39:41 AM) (Source: com.geocomply.process-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 11:39:40 AM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 10:40:44 AM) (Source: com.geocomply.vm-detector-microservice) (EventID: 1) (User: )
Description: Event-ID 1

Error: (06/15/2023 10:40:40 AM) (Source: com.geocomply.wifi-scanner-microservice) (EventID: 1) (User: )
Description: Event-ID 1

System errors:
=============
Error: (06/15/2023 11:46:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/15/2023 11:41:42 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0C55HJ2)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/15/2023 11:39:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
The system cannot find the file specified.

Error: (06/15/2023 11:30:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (06/15/2023 11:28:27 AM) (Source: SurfaceTconDriver) (EventID: 13) (User: )
Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186

Error: (06/15/2023 11:28:27 AM) (Source: SurfaceTconDriver) (EventID: 12) (User: )
Description: Surface Tcon Driver TP Write fails, Status = 0xc000000e

Error: (06/15/2023 10:42:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0C55HJ2)
Description: The server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} did not register with DCOM within the required timeout.

Error: (06/15/2023 10:39:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0C55HJ2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Windows Defender:
================
Date: 2023-06-12 09:54:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-06-11 10:30:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-28 17:46:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-28 08:45:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2023-05-24 09:54:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2023-06-14 21:16:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.391.1470.0;1.391.1470.0
Engine Version: 1.1.23050.3

CodeIntegrity:
===============
Date: 2023-06-15 11:46:17
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.

Date: 2023-06-15 10:27:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Microsoft Corporation 15.11.140 07/08/2022
Motherboard: Microsoft Corporation Surface Pro 7
Processor: Intel(R) Core(TM) i5-1035G4 CPU @ 1.10GHz
Percentage of memory in use: 86%
Total physical RAM: 7778.18 MB
Available physical RAM: 1043.27 MB
Total Virtual: 11490.18 MB
Available Virtual: 1750.2 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:237.18 GB) (Free:175.91 GB) (Model: HFB1M8MO331C0MR) (Protected) NTFS
Drive g: (Google Drive) (Fixed) (Total:237.18 GB) (Free:167.12 GB) (Model: HFB1M8MO331C0MR) FAT32

\\?\Volume{e93dd62b-9a63-4f0b-81bf-da4a0f635714}\ () (Fixed) (Total:0.91 GB) (Free:0.08 GB) NTFS
\\?\Volume{844447fe-a4b0-4897-b1d5-10b697ec080f}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A90E6067)

Partition: GPT.

==================== End of Addition.txt =======================

nasdaq · Jun 17, 2023

Hi,

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

nasdaq · Jun 25, 2023

Are you still with me?

Search

Need help creating fix file for farbar

tatt

New Member

nasdaq

Moderator

tatt

New Member

nasdaq

Moderator

Attachments

nasdaq

Moderator

Similar threads