Open URGENT House burned. friend clean PC and installed (ram+drive) Now blue screen often on start up and can log safe mode

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

nbabe

PCHF Member
PCHF Member
Nov 5, 2020
11
0
43
Title says it all. My house burned down. lost everything. a coworker who knows computer cleaned mine up (as it wasnt starting anymore) then changed the power supply, installed a new ram bar and anotehr hard drive.( I think he took them from another old computer). I am running windows 10. I have an asus A8 amd 3.3(I think) with normally 8b ram but now I think 16.

We started the computer at his house 2=3 times and it worked.
When I got to where I stay now(obviously not my house!) I got a fatal bluescreen.... after hours of trying dont ask me how it restarted normally and accept my password (i am the sole admin in this computer)

2 days later(never dared shut the computer) im thinking windows updated during the night ...something as I got a message saying it didnt work (updaate)and had the fatal blue screeen again. Cant log into anyting as it wont accept my password anymore. Managed only to get in safe mode with networking under another NON ADMIN person. so very limited to what I can do.


Cant access command(admin)
cant restore(admin password again)
cant even reformat(no more disk and password again!



please read the follow up here

I now managed to create a new admin with no password. so i can go into safe mode. I changed this week the keyboard as someone told me the error code is related to key board...


But anything else that can solve this?
 

nbabe

PCHF Member
PCHF Member
Nov 5, 2020
11
0
43
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2020
Ran by npbab (15-11-2020 09:41:14)
Running from C:\Users\npbab\Desktop\Downloads
Windows 10 Home Version 1909 18363.1198 (X64) (2020-07-11 20:03:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1005068262-1852000357-4134907836-500 - Administrator - Disabled)
Ben (S-1-5-21-1005068262-1852000357-4134907836-1003 - Limited - Enabled) => C:\Users\Ben
DefaultAccount (S-1-5-21-1005068262-1852000357-4134907836-503 - Limited - Disabled)
Guest (S-1-5-21-1005068262-1852000357-4134907836-501 - Limited - Disabled)
LIZ (S-1-5-21-1005068262-1852000357-4134907836-1004 - Limited - Enabled) => C:\Users\LIZ
napa (S-1-5-21-1005068262-1852000357-4134907836-1038 - Administrator - Enabled) => C:\Users\napa
npbab (S-1-5-21-1005068262-1852000357-4134907836-1001 - Administrator - Enabled) => C:\Users\npbab
WDAGUtilityAccount (S-1-5-21-1005068262-1852000357-4134907836-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe CSI CS4 x64 (HKLM\...\{8DAA31EB-6830-4006-A99F-4DF8AB24714F}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (HKLM-x32\...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.1.0.0 - RedFox)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 85.0.5814.102 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
AVIcodec (remove only) (HKLM-x32\...\AVIcodec) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.4.24 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Connect (HKLM-x32\...\{B29AD377-CC12-490A-A480-1452337C618D}) (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Criminal Investigation Agents Petrodollars (HKLM-x32\...\Criminal Investigation Agents Petrodollars_is1) (Version: 1.0 - GameTop Pte. Ltd.)
CryptoSignalPro 2.0 (HKLM-x32\...\CryptoSignalPro 2.0) (Version: 2.0 - CryptoSignalPro)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell AIO Printer A920 (HKLM\...\Dell AIO Printer A920) (Version: - Dell, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Free YouTube Downloader 4.2.795 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
GES version 11.87 (HKLM-x32\...\{13E374E4-E610-4F9E-ACC4-E461DA17D869}_is1) (Version: 11.87 - Gess)
Google Chrome (HKLM-x32\...\{E5AA4F97-E635-3AD9-8C2E-F12F27647F0D}) (Version: 86.0.4240.198 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Hidden Object Crosswords 2 (HKLM-x32\...\Hidden Object Crosswords 21.1) (Version: 1.1 - Foxy Games)
IGT Slots Cleopatra II (HKLM-x32\...\IGT Slots Cleopatra II1.1) (Version: 1.1 - Foxy Games)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
K-Lite Codec Pack 12.8.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP)
kuler (HKLM-x32\...\{098727E1-775A-4450-B573-3F441F1CA243}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
MacX HD Video Converter Pro For Windows 5.9.4 (HKLM-x32\...\MacX HD Video Converter Pro For Windows_is1) (Version: - Digiarty Software, Inc.)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.69 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1003\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1004\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1005068262-1852000357-4134907836-1038\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.7.3068.929 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
Notebook Software (HKLM-x32\...\{F581DF68-CAE9-4064-A6CD-705D95D1C756}) (Version: 10.0.187.1 - SMART Technologies)
Opera Stable 46.0.2597.46 (HKLM-x32\...\Opera 46.0.2597.46) (Version: 46.0.2597.46 - Opera Software)
Opera Stable 72.0.3815.186 (HKLM-x32\...\Opera 72.0.3815.186) (Version: 72.0.3815.186 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (HKLM-x32\...\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}) (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (HKLM-x32\...\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}) (Version: 5.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
SMART Board Drivers (HKLM-x32\...\{FF7A64AB-214A-47D1-95E7-742BCBA7F6C9}) (Version: 10.0.165.1 - SMART Technologies)
Suite Shared Configuration CS4 (HKLM-x32\...\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
TunnelBear (HKLM-x32\...\{1FD610E3-CE7E-4E4B-9978-E3E569D66E19}) (Version: 3.0.34.0 - TunnelBear) Hidden
TunnelBear (HKLM-x32\...\{434c0622-6083-418a-85f1-122060c7fe55}) (Version: 3.0.34.0 - TunnelBear)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
UpdateAssistant (HKLM\...\{57D07AAD-97E2-4E16-89C4-1A3C51BC9C98}) (Version: 1.16.0.0 - Microsoft Corporation) Hidden
VIP Video Converter (HKLM-x32\...\VIP Video Converter_is1) (Version: - )
WhatsApp (HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
Composant additionnel Photos Media Engine -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
extension Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2020-11-07] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [110592 2003-02-14] (TechSmith Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IGT Slots Cleopatra II\IGT Slots Cleopatra II.lnk -> C:\Program Files (x86)\Games\IGT Slots Cleopatra II\Start_Game.bat ()
Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hidden Object Crosswords 2\Hidden Object Crosswords 2.lnk -> C:\Program Files (x86)\Games\Hidden Object Crosswords 2\Start_Game.bat ()
Shortcut: C:\Users\npbab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIcodec\Website.lnk -> hxxp://avicodec.duby.info

==================== Loaded Modules (Whitelisted) =============

2017-05-26 16:54 - 2006-10-06 06:27 - 000045056 _____ () [File not signed] C:\WINDOWS\System32\DLPRMON.DLL
2010-10-25 14:13 - 2010-10-25 14:13 - 011438691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\AcroForm.api
2010-10-25 14:13 - 2010-10-25 14:13 - 006143587 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Annots.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001433187 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\DigSig.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001751139 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\EScript.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000099427 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\IA32.api
2010-10-25 14:13 - 2010-10-25 14:13 - 002312803 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\MakeAccessible.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000430691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\PDDom.api
2010-10-25 14:13 - 2010-10-25 14:13 - 007598691 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\PPKLite.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000347747 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\reflow.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000277091 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Spelling.api
2010-10-25 14:13 - 2010-10-25 14:13 - 003879523 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\TouchUp.api
2010-10-25 14:13 - 2010-10-25 14:13 - 000169059 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\plug_ins\Updater.api
2010-10-25 14:13 - 2010-10-25 14:13 - 001396224 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\SPPlugins\ADMPlugin.apl

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.com/
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.ca/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: CIEDownload Object -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll [2008-07-31] (SMART Technologies ULC -> SMART Technologies ULC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1005068262-1852000357-4134907836-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-03-14] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\smartsource.ca -> hxxps://www.smartsource.ca

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2020-11-01 17:21 - 000013138 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 3dns-2.adobe.com #192.150.22.22
127.0.0.1 3dns-3.adobe.com #192.150.14.21
127.0.0.1 3dns-4.adobe.com #192.150.18.247
127.0.0.1 3dns-5.adobe.com #192.150.22.46
127.0.0.1 adobe-dns.adobe.com #192.150.11.30
127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
127.0.0.1 adobe.activate.com #69.175.22.26
127.0.0.1 activate.adobe.com #192.150.22.40
127.0.0.1 activate.wip3.adobe.com #192.150.22.40
127.0.0.1 activate.wip4.adobe.com #192.150.22.40
127.0.0.1 activate-sea.adobe.com #192.150.22.40
127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
127.0.0.1 ereg.adobe.com #192.150.18.103
127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
127.0.0.1 practivate.adobe.com #192.150.18.54
127.0.0.1 www.wip3.adobe.com #192.150.8.60
127.0.0.1 www.wip4.adobe.com #192.150.18.200
127.0.0.1 www.adobeereg.com #75.125.24.83
127.0.0.1 adobeereg.com #207.66.2.10
127.0.0.1 hl2rcv.adobe.com #192.150.14.174
127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
127.0.0.1 wwis-dubc1-vip33.adobe.com #192.150.8.33
127.0.0.1 wwis-dubc1-vip34.adobe.com #192.150.8.34
127.0.0.1 wwis-dubc1-vip35.adobe.com #192.150.8.35
127.0.0.1 wwis-dubc1-vip36.adobe.com #192.150.8.36
127.0.0.1 wwis-dubc1-vip37.adobe.com #192.150.8.37

There are 127 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\npbab\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1005068262-1852000357-4134907836-1038\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 24.200.241.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SMART Board Tools.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run: => "dlbkbmgr.exe"
HKLM\...\StartupApproved\Run: => "Restoro"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AdobeCS4ServiceManager"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "SMART Board Service"
HKLM\...\StartupApproved\Run32: => "SMART SNMP Agent"
HKLM\...\StartupApproved\Run32: => "FaxCenterServer"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "Registry Cleaner Pro"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_99B5831BA4B3CC8F28E11B9518466F0F"
HKU\S-1-5-21-1005068262-1852000357-4134907836-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
 

nbabe

PCHF Member
PCHF Member
Nov 5, 2020
11
0
43
This is the second part(it wont let me paste in 1 shot)

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F2FDEA45-B53E-4F0D-BC26-0B27AE717812}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{7F12B456-C461-4ECE-ACAD-AEA9D4092ABA}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe => No File
FirewallRules: [{A2BA4949-E523-41CF-BC22-3B880AABC142}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{64A37DFC-1DD1-4651-BAB0-CC1DEE93AC0B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E71FFA7A-A9EC-42A2-BB2B-2C41D539D8EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F1F9904-F63E-4664-96E9-870141576817}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A3189AD9-F510-4FF9-A030-C69F39BD639B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0EF615DA-F84C-44D2-A534-239C81761F44}] => (Allow) C:\Windows\SysWOW64\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [{DE60F75C-155B-4E96-9DF0-7D1659A35757}] => (Allow) C:\Windows\SysWOW64\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [TCP Query User{C68AAE35-1B57-4F99-8D99-309B8FE969BF}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{7E66099D-0CF6-44D1-A008-80C9F4DD5056}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{389B4A39-7361-4767-833A-C1517D2BC952}C:\windows\syswow64\dlbkcoms.exe] => (Allow) C:\windows\syswow64\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [UDP Query User{B83F7307-BC61-406C-B5F6-96CE7A6FC0B4}C:\windows\syswow64\dlbkcoms.exe] => (Allow) C:\windows\syswow64\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [{FC5F8C16-5FE9-48FA-ABC6-DD84DAB4A565}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [{BE7DF116-6016-4871-A471-7F3CCF9BF38D}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [TCP Query User{9BAFA7EF-7AE6-436C-9F5D-429F5EF108BC}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{7E4876E0-5BA5-4E5D-8226-B0E45B6F2E10}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{283B466E-FA4C-497D-A966-E9C41F67A528}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2CD4E1B1-4F1A-4693-8A29-0737D8B68D71}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62596534-20E5-4952-B084-742693B6BF09}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8D20A0BB-9DA2-42C3-9F08-F95B9D2B51CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1458E254-7367-42FB-914B-ABC6187A1009}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe => No File
FirewallRules: [{1386FED6-97E1-4370-A793-568AD08A6A5F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe => No File
FirewallRules: [{8220C0A2-3046-49A3-905E-4E9FD20E5B89}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [{B3B94113-0EBA-4707-A594-685D10A6A4F8}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [{E3FF9F69-4DAB-4774-AE56-5B2C613F24F3}] => (Allow) C:\Windows\System32\dlbkcoms.exe (Dell Inc. -> )
FirewallRules: [{0D0E62E4-19F7-4F1E-91D2-46DD502943EB}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.exe (Dell Inc. -> )
FirewallRules: [{F2EC980B-BE6A-489C-8C48-18D370E63865}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.exe (Dell Inc. -> )
FirewallRules: [{AE52C4E8-813B-46A7-94C7-EC74D9A81FB1}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.exe (Dell Inc. -> )
FirewallRules: [{7DB7525A-9C6B-4851-B2F3-9C00FB09072F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbkpswx.exe (Dell Inc. -> )
FirewallRules: [{94104DDB-3547-4634-9C28-5C32D14A3F38}] => (Allow) c:\program files (x86)\opera\71.0.3770.228\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{FC53EBC7-DD0F-4283-9F37-FD837CADC202}] => (Allow) c:\program files (x86)\opera\72.0.3815.186\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{115247EB-0F18-4AB9-B96C-0FEAFC134963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F31BC39E-2951-43A9-B5A2-E26F6105AF4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1E13F7C5-174D-4955-9CFE-B70D43767F42}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{42561271-8364-4700-880A-168A31B6023F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D151831D-1283-4387-862F-C40D3EC40EE0}] => (Allow) C:\Users\napa\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{3DE6C647-CEDF-4E8A-96B6-69FF9A4BB7DF}] => (Allow) C:\Users\napa\AppData\Local\Temp\download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{4E3BD606-2EA1-4245-A5D3-18D96E126227}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E0862A03-6994-49C5-AC8C-EFD1F062C106}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B10F42FD-3677-44E2-8C5C-9DEF1628B435}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CDF99818-BDEF-4D3A-AE41-22E88F620E10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDA67334-3B57-4DB5-9829-F3F87745DE16}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

13-11-2020 21:38:07 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: SMART Technologies ULC
Service: i8042prt
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/15/2020 09:35:24 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11476,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 09:43:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3688,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 09:20:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2268,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 06:04:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3900,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 05:44:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3324,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:17:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2436,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:10:26 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3588,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/14/2020 08:01:19 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Windows\System32\svchost.exe, PID: 1204, ProfSvc PID: 1068.


System errors:
=============
Error: (11/14/2020 01:15:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/14/2020 01:08:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T7VTSHL)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/14/2020 01:08:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T7VTSHL)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/14/2020 01:08:06 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} did not register with DCOM within the required timeout.

Error: (11/13/2020 06:13:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (11/13/2020 06:11:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2020-10 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4577671).

Error: (11/13/2020 06:11:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2020-10 Security Update for Adobe Flash Player for Windows 10 Version 1909 for x64-based Systems (KB4580325).

Error: (11/13/2020 06:10:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error:
The system cannot find the file specified.


Windows Defender:
===================================
Date: 2020-11-13 21:18:01.335
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {22C5D024-ECEF-471D-8576-30B0CCDF3441}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-08 08:53:36.868
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/CryptInject!ml
ID: 2147760506
Severity: Severe
Category: Trojan
Path: file:_C:\Users\napa\AppData\Local\Temp\kissq.exe; process:_pid:8676,ProcessStart:132493153567154721; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\kissq; runkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\kissq
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\napa\AppData\Local\Temp\kissq.exe
Security intelligence Version: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-08 08:52:29.628
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/CryptInject!ml
ID: 2147760506
Severity: Severe
Category: Trojan
Path: file:_C:\Users\napa\AppData\Local\Temp\kissq.exe; process:_pid:8676,ProcessStart:132493153567154721
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\napa\AppData\Local\Temp\kissq.exe
Security intelligence Version: AV: 1.327.467.0, AS: 1.327.467.0, NIS: 1.327.467.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-05 20:49:59.418
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: High
Category: Tool
Path: containerfile:_C:\Users\npbab\Desktop\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip; file:_C:\Users\npbab\Desktop\Microsoft Toolkit 2.6 Beta 2 [4realtorrentz].zip->Microsoft Toolkit.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.327.391.0, AS: 1.327.391.0, NIS: 1.327.391.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-11-05 00:02:21.544
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {15BCA87B-0833-439B-BB13-DDC036BD8B18}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-13 08:24:12.336
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.794.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-12 08:24:12.333
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.670.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-11 08:24:12.346
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.670.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-10 08:24:12.350
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.566.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

Date: 2020-11-09 08:24:12.597
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.566.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode

CodeIntegrity:
===================================

Date: 2020-11-08 17:24:21.791
Description:
Windows blocked file \Device\HarddiskVolume8\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2020-11-08 17:14:34.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Opera\72.0.3815.186\opera.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 17:14:34.424
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files (x86)\Opera\72.0.3815.186\opera.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:25.598
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming\Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:22.048
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming\Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-08 08:22:21.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming\Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-07 23:08:42.228
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming\Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

Date: 2020-11-07 23:08:39.664
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Users\napa\AppData\Roaming\Microsoft\Protect\feade8-aabee1-cc3d3540-cc8dc0-cdf0.mui that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: ASUSTeK COMPUTER INC. (Licensed from AMI) 0306 05/16/2013
Motherboard: ASUSTeK COMPUTER INC. M11BB
Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 14120.28 MB
Available physical RAM: 8300.25 MB
Total Virtual: 16424.28 MB
Available Virtual: 9943.97 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.45 GB) (Free:365.94 GB) NTFS
Drive d: () (Fixed) (Total:465.21 GB) (Free:446.2 GB) NTFS
Drive f: () (Removable) (Total:29.28 GB) (Free:29.27 GB) FAT32

\\?\Volume{c6a7ffa5-2214-4902-9908-efb5a208a609}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
\\?\Volume{920e745a-e2bb-4e9f-98fb-a1f15a4f2302}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{a9e8c7d3-79b3-4af6-b198-3bbf76264d56}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{674844d0-5ba1-4b03-a1ca-c3d368dd6b81}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{fef29a55-ffd6-4178-980e-10a085e0ed5b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 51E17442)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 710B350F)

Partition: GPT.

==========================================================
Disk: 2 (Size: 29.3 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

==================== End of Addition.txt =======================