URGENT House burned. friend clean PC and installed (ram+drive) Now blue screen often on start up and can log safe mode

You will need to post the logs following the instructions from the [Prework] Please Read Before Posting link provided below.

Read Before Following Prework Instructions
[Prework] Please Read Before Posting
Security Forum Guidelines

ok I cant copy paste but here is the attach files

I tried twice t odo aswMBR but while it runs my computer stops. I get a blue screen of death with this code Driver IRQL not less or equal

[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2020
Ran by npbab (15-11-2020 09:41:14)
Running from C:\Users\npbab\Desktop\Downloads
Windows 10 Home Version 1909 18363.1198 (X64) (2020-07-11 20:03:40)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-1005068262-1852000357-4134907836-500 - Administrator - Disabled)
Ben (S-1-5-21-1005068262-1852000357-4134907836-1003 - Limited - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-1005068262-1852000357-4134907836-503 - Limited - Disabled)
Guest (S-1-5-21-1005068262-1852000357-4134907836-501 - Limited - Disabled)
LIZ (S-1-5-21-1005068262-1852000357-4134907836-1004 - Limited - Enabled) => C:\Users\LIZ
napa (S-1-5-21-1005068262-1852000357-4134907836-1038 - Administrator - Enabled) => C:\Users\napa
npbab (S-1-5-21-1005068262-1852000357-4134907836-1001 - Administrator - Enabled) => C:\Users\npbab
WDAGUtilityAccount (S-1-5-21-1005068262-1852000357-4134907836-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32...{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe CSI CS4 x64 (HKLM...{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (HKLM-x32...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32...\AnyDVD) (Version: 8.1.0.0 - RedFox)
Avast Secure Browser (HKLM-x32...\Avast Secure Browser) (Version: 85.0.5814.102 - AVAST Software)
Avast Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
AVIcodec (remove only) (HKLM-x32...\AVIcodec) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM-x32...\CameraWindowDC) (Version: 8.10.4.24 - Canon Inc.)
CCleaner (HKLM...\CCleaner) (Version: 5.57 - Piriform)
Connect (HKLM-x32...{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Criminal Investigation Agents Petrodollars (HKLM-x32...\Criminal Investigation Agents Petrodollars_is1) (Version: 1.0 - GameTop Pte. Ltd.)
CryptoSignalPro 2.0 (HKLM-x32...\CryptoSignalPro 2.0) (Version: 2.0 - CryptoSignalPro)
Defraggler (HKLM...\Defraggler) (Version: 2.21 - Piriform)
Dell AIO Printer A920 (HKLM...\Dell AIO Printer A920) (Version: - Dell, Inc.)
DVD Shrink 3.2 (HKLM-x32...\DVD Shrink_is1) (Version: - DVD Shrink)
FBReader for Windows (HKLM-x32...\FBReader for Windows) (Version: - )
Free YouTube Downloader 4.2.795 (HKLM-x32...{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GES version 11.87 (HKLM-x32...{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 11.87 - Gess)
Google Chrome (HKLM-x32...{E5AA4F97-E635-3AD9-8C2E-F12F27647F0D}) (Version: 86.0.4240.198 - Google, Inc.)
Google Earth (HKLM-x32...{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Hidden Object Crosswords 2 (HKLM-x32...\Hidden Object Crosswords 21.1) (Version: 1.1 - Foxy Games)
IGT Slots Cleopatra II (HKLM-x32...\IGT Slots Cleopatra II1.1) (Version: 1.1 - Foxy Games)
ImgBurn (HKLM-x32...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 181 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
K-Lite Codec Pack 12.8.5 Full (HKLM-x32...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP)
kuler (HKLM-x32...{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LG Mobile Driver (HKLM-x32...{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
MacX HD Video Converter Pro For Windows 5.9.4 (HKLM-x32...\MacX HD Video Converter Pro For Windows_is1) (Version: - Digiarty Software, Inc.)
Malwarebytes version 4.2.3.96 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 86.0.622.69 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32...\Microsoft Edge Update) (Version: 1.3.137.99 - )
Microsoft Office Professional Plus 2013 (HKLM...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1003...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1004...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1038...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32...{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM...{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3068.929 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM-x32...\Nero - Burning Rom!UninstallKey) (Version: - )
Notebook Software (HKLM-x32...{F581DF68-CAE9-4064-A6CD-705D95D1C756}) (Version: 10.0.187.1 - SMART Technologies)
Opera Stable 46.0.2597.46 (HKLM-x32...\Opera 46.0.2597.46) (Version: 46.0.2597.46 - Opera Software)
Opera Stable 72.0.3815.186 (HKLM-x32...\Opera 72.0.3815.186) (Version: 72.0.3815.186 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM...{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (HKLM-x32...{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM-x32...{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM...{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
SMART Board Drivers (HKLM-x32...{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}) (Version: 10.0.165.1 - SMART Technologies)
Suite Shared Configuration CS4 (HKLM-x32...{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
SumatraPDF (HKLM-x32...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
TunnelBear (HKLM-x32...{1FD610E3-CE7E-4E4B-9978-E3E569D66E19}) (Version: 3.0.34.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32...{434c0622-6083-418a-85f1-122060c7fe55}) (Version: 3.0.34.0 - TunnelBear)
Unchecky v1.2 (HKLM-x32...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM...{90150000-0011-0000-1000-0000000FF1CE}Office15.PROPLUS{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM...{90150000-00C1-0000-1000-0000000FF1CE}Office15.PROPLUS{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM...{90150000-012B-0409-1000-0000000FF1CE}Office15.PROPLUS{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
UpdateAssistant (HKLM...{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
VIP Video Converter (HKLM-x32...\VIP Video Converter_is1) (Version: - )
WhatsApp (HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32...{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Mobile Device Center (HKLM...{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM...{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.70 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
[HEADING=1]Packages:[/HEADING]
Composant additionnel Photos Media Engine → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_ 1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
extension Photos → C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Mai n_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.18 11.1.0_x86__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireColl ection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Studios) [MS Ad]
MSN Sports → C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714. 0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Twitter → C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neut ral__wgeqdkkx372wm [2020-11-07] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => → No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] → {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated → Adobe Systems Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] → {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL → No File
ContextMenuHandlers1: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-08] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers5: [ACE] → {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. → Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] → {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated → Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-08] (Malwarebytes Corporation → Malwarebytes)
ContextMenuHandlers6: [WinRAR] → {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] → {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH → Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [110592 2003-02-14] (TechSmith Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\IGT Slots Cleopatra II\IGT Slots Cleopatra II.lnk → C:\Program Files (x86)\Games\IGT Slots Cleopatra II\Start_Game.bat ()
Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Hidden Object Crosswords 2\Hidden Object Crosswords 2.lnk → C:\Program Files (x86)\Games\Hidden Object Crosswords 2\Start_Game.bat ()
Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\AVIcodec\Website.lnk → hxxp://avicodec.duby.info

==================== Loaded Modules (Whitelisted) =============

2017-05-26 16:54 - 2006-10-06 06:27 - 000045056 _____ () [File not signed] C:\WINDOWS\System32\DLPRMON.DLL
2010-10-25 14:13 - 2010-10-25 14:13 - 011438691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\AcroForm.api
2010-10-25 14:13 - 2010-10-25 14:13 - 006143587 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Annots.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001433187 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\DigSig.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001751139 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\EScript.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000099427 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\IA32.api
2010-10-25 14:13 - 2010-10-25 14:13 - 002312803 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\MakeAccessible.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000430691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\PDDom.api
2010-10-25 14:13 - 2010-10-25 14:13 - 007598691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\PPKLite.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000347747 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\reflow.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000277091 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Spelling.api
2010-10-25 14:13 - 2010-10-25 14:13 - 003879523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\TouchUp.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000169059 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Updater.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001396224 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\SPPlugins\ADMPlugin.apl

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mbamchameleon => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mbamchameleon => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.ca/
BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation → Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper → {18DF081C-E8AD-4283-A596-FA578C2EBDC3} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: CIEDownload Object → {67BCF957-85FC-4036-8DC4-D4D80E00A77B} → C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll [2008-07-31] (SMART Technologies ULC → SMART Technologies ULC.)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-27] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper → {AE7CD045-E861-484f-8273-0445EE161910} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-27] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: SmartSelect Class → {F4971EE7-DAA0-4053-9964-665D8EE6A077} → C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated → Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1005068262-1852000357-4134907836-1001 → No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\smartsource.ca → hxxps://www.smartsource.ca

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2020-11-01 17:21 - 000013138 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 127 more lines.

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\J ava\javapath;%SystemRoot%\system32;%SystemRoot%;%S ystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\Win dowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Control Panel\Desktop\Wallpaper → C:\Users\npbab\AppData\Local\Microsoft\Windows\The mes\RoamedThemeFiles\DesktopBackground\img2.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1003\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1004\Control Panel\Desktop\Wallpaper → C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1038\Control Panel\Desktop\Wallpaper → C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 24.200.241.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\StartupFolder: => “SMART Board Tools.lnk”
HKLM...\StartupApproved\Run: => “RTHDVCPL”
HKLM...\StartupApproved\Run: => “RtHDVBg”
HKLM...\StartupApproved\Run: => “Windows Mobile Device Center”
HKLM...\StartupApproved\Run: => “dlbkbmgr.exe”
HKLM...\StartupApproved\Run: => “Restoro”
HKLM...\StartupApproved\Run32: => “StartCCC”
HKLM...\StartupApproved\Run32: => “AdobeCS4ServiceManager”
HKLM...\StartupApproved\Run32: => “NBAgent”
HKLM...\StartupApproved\Run32: => “SMART Board Service”
HKLM...\StartupApproved\Run32: => “SMART SNMP Agent”
HKLM...\StartupApproved\Run32: => “FaxCenterServer”
HKLM...\StartupApproved\Run32: => “Opera Browser Assistant”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “CCleaner Monitoring”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “AnyDVD”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “Registry Cleaner Pro”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “AvastBrowserAutoLaunch_99B5831BA4B3CC8F28E11B9518 466F0F”
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001...\StartupApproved\Run: => “CCleaner Smart Cleaning”

@Malnutrition jmarket

This is the second part(it wont let me paste in 1 shot)

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2FDEA45-B53E-4F0D-BC26-0B27AE717812}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{7F12B456-C461-4ECE-ACAD-AEA9D4092ABA}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{A2BA4949-E523-41CF-BC22-3B880AABC142}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{64A37DFC-1DD1-4651-BAB0-CC1DEE93AC0B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{E71FFA7A-A9EC-42A2-BB2B-2C41D539D8EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2F1F9904-F63E-4664-96E9-870141576817}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{A3189AD9-F510-4FF9-A030-C69F39BD639B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{0EF615DA-F84C-44D2-A534-239C81761F44}] => (Allow) C:\Windows\SysWOW64\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [{DE60F75C-155B-4E96-9DF0-7D1659A35757}] => (Allow) C:\Windows\SysWOW64\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [TCP Query User{C68AAE35-1B57-4F99-8D99-309B8FE969BF}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc → BitTorrent, Inc.)
FirewallRules: [UDP Query User{7E66099D-0CF6-44D1-A008-80C9F4DD5056}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc → BitTorrent, Inc.)
FirewallRules: [TCP Query User{389B4A39-7361-4767-833A-C1517D2BC952}C:\windows\syswow64\dlbkcoms.exe] => (Allow) C:\windows\syswow64\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [UDP Query User{B83F7307-BC61-406C-B5F6-96CE7A6FC0B4}C:\windows\syswow64\dlbkcoms.exe] => (Allow) C:\windows\syswow64\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [{FC5F8C16-5FE9-48FA-ABC6-DD84DAB4A565}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [{BE7DF116-6016-4871-A471-7F3CCF9BF38D}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [TCP Query User{9BAFA7EF-7AE6-436C-9F5D-429F5EF108BC}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc → BitTorrent, Inc.)
FirewallRules: [UDP Query User{7E4876E0-5BA5-4E5D-8226-B0E45B6F2E10}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc → BitTorrent, Inc.)
FirewallRules: [{283B466E-FA4C-497D-A966-E9C41F67A528}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2CD4E1B1-4F1A-4693-8A29-0737D8B68D71}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{62596534-20E5-4952-B084-742693B6BF09}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{8D20A0BB-9DA2-42C3-9F08-F95B9D2B51CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{1458E254-7367-42FB-914B-ABC6187A1009}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe => No File
FirewallRules: [{1386FED6-97E1-4370-A793-568AD08A6A5F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe => No File
FirewallRules: [{8220C0A2-3046-49A3-905E-4E9FD20E5B89}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [{B3B94113-0EBA-4707-A594-685D10A6A4F8}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [{E3FF9F69-4DAB-4774-AE56-5B2C613F24F3}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. → )
FirewallRules: [{0D0E62E4-19F7-4F1E-91D2-46DD502943EB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.e xe (Dell Inc. → )
FirewallRules: [{F2EC980B-BE6A-489C-8C48-18D370E63865}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.e xe (Dell Inc. → )
FirewallRules: [{AE52C4E8-813B-46A7-94C7-EC74D9A81FB1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.e xe (Dell Inc. → )
FirewallRules: [{7DB7525A-9C6B-4851-B2F3-9C00FB09072F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.e xe (Dell Inc. → )
FirewallRules: [{94104DDB-3547-4634-9C28-5C32D14A3F38}] => (Allow) c:\program files (x86)\opera\71.0.3770.228\opera.exe (Opera Software AS → Opera Software)
FirewallRules: [{FC53EBC7-DD0F-4283-9F37-FD837CADC202}] => (Allow) c:\program files (x86)\opera\72.0.3815.186\opera.exe (Opera Software AS → Opera Software)
FirewallRules: [{115247EB-0F18-4AB9-B96C-0FEAFC134963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{F31BC39E-2951-43A9-B5A2-E26F6105AF4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{1E13F7C5-174D-4955-9CFE-B70D43767F42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{42561271-8364-4700-880A-168A31B6023F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{D151831D-1283-4387-862F-C40D3EC40EE0}] => (Allow) C:\Users\napa\AppData\Local\Temp\download\MiniThun derPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. → 深圳市迅雷网络技术有限公司)
FirewallRules: [{3DE6C647-CEDF-4E8A-96B6-69FF9A4BB7DF}] => (Allow) C:\Users\napa\AppData\Local\Temp\download\MiniThun derPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. → 深圳市迅雷网络技术有限公司)
FirewallRules: [{4E3BD606-2EA1-4245-A5D3-18D96E126227}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{E0862A03-6994-49C5-AC8C-EFD1F062C106}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{B10F42FD-3677-44E2-8C5C-9DEF1628B435}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{CDF99818-BDEF-4D3A-AE41-22E88F620E10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{EDA67334-3B57-4DB5-9829-F3F87745DE16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x8 6__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)

==================== Restore Points =========================

13-11-2020 21:38:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: SMART Technologies ULC
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click “Update Driver” to update the drivers for this device.
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (11/15/2020 09:35:24 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11476,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 09:43:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3688,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 09:20:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2268,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 06:04:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3900,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3324,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:17:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2436,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:10:26 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\L ocal\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:01:19 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1204, ProfSvc PID: 1068.
[HEADING=1]System errors:[/HEADING]
Error: (11/14/2020 01:15:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/14/2020 01:08:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T7VTSHL)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/14/2020 01:08:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T7VTSHL)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/14/2020 01:08:06 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (11/13/2020 06:13:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (11/13/2020 06:11:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2020-10 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4577671).

Error: (11/13/2020 06:11:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2020-10 Security Update for Adobe Flash Player for Windows 10 Version 1909 for x64-based Systems (KB4580325).

Error: (11/13/2020 06:10:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.
[HEADING=1]Windows Defender:[/HEADING]
Date: 2020-11-13 21:18:01.335
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {22C5D024-ECEF-471D-8576-30B0CCDF3441}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-08 08:53:36.868
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:Win32/CryptInject!ml
ID: 2147760506
Severity: Severe
Category: Trojan
Path: file:_C:\Users\napa\AppData\Local\Temp\kissq.exe; process:_pid:8676,ProcessStart:132493153567154721; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOW S\CURRENTVERSION\RUN\kissq; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOW S\CURRENTVERSION\RUN\kissq
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\napa\AppData\Local\Temp\kissq.exe
Security intelligence Version: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-08 08:52:29.628
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:Win32/CryptInject!ml
ID: 2147760506
Severity: Severe
Category: Trojan
Path: file:_C:\Users\napa\AppData\Local\Temp\kissq.exe; process:_pid:8676,ProcessStart:132493153567154721
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\napa\AppData\Local\Temp\kissq.exe
Security intelligence Version: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-05 20:49:59.418
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: containerfile:_C:\Users\npbab\Desktop\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip; file:_C:\Users\npbab\Desktop\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip->Microsoft Toolkit.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.327.391.0, AS: 1.327.391.0, NIS: 1.327.391.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-05 00:02:21.544
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {15BCA87B-0833-439B-BB13-DDC036BD8B18}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-13 08:24:12.336
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.794.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-12 08:24:12.333
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.670.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-11 08:24:12.346
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.670.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-10 08:24:12.350
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.566.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-09 08:24:12.597
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.566.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2020-11-08 17:24:21.791
Description:
Windows blocked file \Device\HarddiskVolume8\Windows\System32\scrobj.dl l which has been disallowed for protected processes.

Date: 2020-11-08 17:14:34.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Opera\72.0.3815.186\opera.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 17:14:34.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Opera\72.0.3815.186\opera.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:25.598
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost. exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming \Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:22.048
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost. exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming \Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:21.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost. exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming \Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-07 23:08:42.228
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost. exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming \Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-07 23:08:39.664
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost. exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming \Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: ASUSTeK COMPUTER INC. (Licensed from AMI) 0306 05/16/2013
Motherboard: ASUSTeK COMPUTER INC. M11BB
Processor: AMD A8-5500 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 14120.28 MB
Available physical RAM: 8300.25 MB
Total Virtual: 16424.28 MB
Available Virtual: 9943.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.45 GB) (Free:365.94 GB) NTFS
Drive d: () (Fixed) (Total:465.21 GB) (Free:446.2 GB) NTFS
Drive f: () (Removable) (Total:29.28 GB) (Free:29.27 GB) FAT32

\?\Volume{c6a7ffa5-2214-4902-9908-efb5a208a609}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\?\Volume{920e745a-e2bb-4e9f-98fb-a1f15a4f2302}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\?\Volume{a9e8c7d3-79b3-4af6-b198-3bbf76264d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\?\Volume{674844d0-5ba1-4b03-a1ca-c3d368dd6b81}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\?\Volume{fef29a55-ffd6-4178-980e-10a085e0ed5b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (Size: 465.8 GB) (Disk ID: 51E17442)

Partition: GPT.

================================================== ========
Disk: 1 (Size: 931.5 GB) (Disk ID: 710B350F)

Partition: GPT.

================================================== ========
Disk: 2 (Size: 29.3 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

==================== End of Addition.txt =======================

@Malnutrition