100% disk usage, Win Defender Trojan:Win32/Wacatac.DC!ml & BSOD

Hi, can one of you kind experts cast your eyes over a friends issue with his laptop. He has 100% disk usage, so the laptop is painfully unresponsive, I have tried chkdsk /f /r, which would only run the next time windows booted; I have tried sfc /scannow, which showed no errors. Windows Defender is showing the following: Trojan:Win32/Wacatac.DC!ml (severe); Program:Win32/Uwasson.A!ml(medium), both showing active even though we have tried to remove them; msconfig will not allow to go into safe mode, it shows: System configuration cannot save the original boot configuration for later restoration. Boot changes will be reverted. The request is not supported; lastly I tried to reset Windows, which also would not execute, so I am at a loss, and your help would be greatly appreciated.

FRST LOG.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2020

Ran by Willc (administrator) on DESKTOP-DNVASHI (ASUSTeK COMPUTER INC. TUF GAMING FX504GD_FX80GD) (24-07-2020 09:00:32)

Running from C:UsersWillcDownloads

Loaded Profiles: Willc

Platform: Windows 10 Home Version 1809 17763.737 (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDSA Production signing key -> Intel) C:Program Files (x86)IntelDriver and Support AssistantDSAService.exe

(IDSA Production signing key -> Intel) C:Program Files (x86)IntelDriver and Support AssistantDSATray.exe

(IDSA Production signing key -> Intel) C:Program Files (x86)IntelDriver and Support AssistantDSAUpdateService.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiastorac.inf_amd64_a9a8972288e9f3b5RstMwService.exe

(Intel® Software Development Products -> ) C:Program FilesIntelSURQUEENCREEKSurSvc.exe

(Intel® Software Development Products -> ) C:Program FilesIntelSURQUEENCREEKx64esrv.exe

(Intel® Software Development Products -> ) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystemAppsMicrosoft.Windows.SecHealthUI_cw5n1h2txyewySecHealthUI.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2006.10-0MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2006.10-0NisSrv.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe <2>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvTelemetryNvTelemetryContainer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM…Run: [Launch LCore] => C:Program FilesLogitech Gaming SoftwareLCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)

HKLM…Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

HKLM…Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [321112 2019-07-29] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM-x32…Run: [SunJavaUpdateSched] => C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)

HKLM-x32…Run: [Intel Driver & Support Assistant] => C:Program Files (x86)IntelDriver and Support AssistantDSATray.exe [236392 2020-07-09] (IDSA Production signing key -> Intel)

HKLMSOFTWAREPoliciesMicrosoftWindows Defender: Restriction <==== ATTENTION

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…Run: [OneDrive] => C:UsersWillcAppDataLocalMicrosoftOneDriveOneDrive.exe [1592440 2019-10-09] () [File not signed]

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…Run: [Discord] => C:UsersWillcAppDataLocalDiscordapp-0.0.305Discord.exe [81780056 2019-03-07] (Discord Inc. -> Discord Inc.)

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [3211040 2019-09-19] (Valve -> Valve Corporation)

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…Run: [EADM] => C:Program Files (x86)OriginOrigin.exe [3114256 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [8A69D345-D564-463c-AFF1-A69D9E530F96] -> C:Program Files (x86)GoogleChromeApplication75.0.3770.142Installerchrmstp.exe [2019-07-17] (Google LLC -> Google LLC)

FF HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: 053EB6F0-29E1-4653-9632-90A924EC0FB4 – System32TasksBlueStacksHelper => C:ProgramDataBlueStacksClientHelperBlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

Task: 07844654-72BB-4E78-9FBB-A90E3405F0C9 – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe

Task: 07962D24-8DA2-4FE0-82FA-7F2A9F99E39D – System32TasksCreateExplorerShellUnelevatedTask => C:Windowsexplorer.exe /NOUACCHECK

Task: 0945D747-C01D-4959-9492-9E3743BE484D – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0MpCmdRun.exe [512272 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: 0F963CEB-BE59-4A46-91E2-0AB2B56E4C3F – System32TasksRtHDVBg_ListenToDevice => C:Program FilesRealtekAudioHDARAVBg64.exe [1506384 2019-03-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: 26DFC5EA-FF3C-4E01-B39D-7DE7D18EC33E – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2018-11-23] (Google Inc -> Google Inc.)

Task: 2F421115-1043-4BDE-9F24-D9181B104CF3 – System32TasksNvTmRepCR1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 3FF89D57-59BE-45D0-8123-EE124876F2C8 – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0MpCmdRun.exe [512272 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: 500CED8A-4CA3-492E-B8E1-415DFD5A5D05 – System32TasksAVGOverseer => C:Program FilesCommon FilesAVGOverseeroverseer.exe

Task: 51C80D16-CEDB-4395-8425-957EE939290D – System32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 653DAB61-F38A-4589-AABE-4551B780C6D7 – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0MpCmdRun.exe [512272 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: 6B0222E4-1852-4BFD-9167-4DACDEB2E677 – System32TasksRTKCPL => C:Program FilesRealtekAudioHDARAVBg64.exe [1506384 2019-03-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

Task: 89B14BCF-4B8D-45FD-806C-B832D06707CA – System32TasksUSER_ESRV_SVC_QUEENCREEK => “C:WindowsSystem32Wscript.exe” //B //NoLogo “C:Program FilesIntelSURQUEENCREEKx64task.vbs”

Task: 8FA60A44-E1F6-4C6E-A6C6-AF8501EA981E – System32TasksNvTmRepCR3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: 9B804CE3-F4E3-4025-8C7D-7F7C91F652E8 – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe

Task: 9DAEDD7E-252C-41D9-9B6D-C23572193B08 – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [153168 2018-11-23] (Google Inc -> Google Inc.)

Task: A5808276-1DC2-43BB-8A8F-4D875E6ABF80 – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0MpCmdRun.exe [512272 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: AD31F9D4-8933-41C6-B64F-4009D6B6D26D – System32TasksUpdate Checker => C:Program Files (x86)ASUSASUS Live UpdateUpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)

Task: AE45ABCD-1523-4E54-A781-24B12651D948 – System32TasksOneDrive Standalone Update Task-S-1-5-21-2348511245-4265812317-4155633532-1001 => C:UsersWillcAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe [2696520 2019-10-09] () [File not signed]

Task: C93461FC-D9F4-40A2-9AB3-516D8D8C12A7 – System32TasksNvTmMon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: CBBAC1FA-A07E-418D-9991-611AC14799EE – System32TasksNvTmRepCR2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: D34114F7-6ADA-4CDF-9409-13820882B1C7 – System32TasksIUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:Program Files (x86)IntelIntel® Update Managerbiniumsvc.exe

Task: DA4422DA-7BBC-4423-A7C8-E7CCE29A9014 – System32TasksIntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:Program FilesIntelSURQUEENCREEKUpdaterbinIntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel® Software Development Products -> Intel Corporation)

Task: DFFDAEC2-0E80-4897-B5DD-6F09D7994C63 – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAVAST SoftwareOverseeroverseer.exe [1660520 2020-07-22] (Avast Software s.r.o. -> Avast Software)

Task: E14B698D-3300-4835-854B-A37806EB8DD4 – System32TasksHyperXRamApp => C:UsersWillcAppDataLocalPackages33C30B79.HyperXNGenuity_0a78dr3hq0pvtLocalState\HyperXMemoryPlug-in.exe [65536 2019-08-31] () [File not signed]

Task: EE70C3A6-7A40-48D7-8909-A60F2B5F2400 – System32TasksAntivirus Emergency Update => C:Program FilesAVGAntivirusAvEmUpdate.exe

Task: F622573B-2D47-4CAD-99C7-A387A402B85A – System32TasksIntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:Program FilesIntelSURQUEENCREEKUpdaterbinIntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel® Software Development Products -> Intel Corporation)

Task: F96A7443-8AF8-4545-9A69-0D83788E8430 – System32TasksNvTmRep_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program Files (x86)NVIDIA CorporationUpdate CoreNvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

Task: FB62BE76-0F7A-44EA-B02B-A0D0743F093C – System32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8 => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WindowsTasksCreateExplorerShellUnelevatedTask.job => C:Windowsexplorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

TcpipParameters: [DhcpNameServer] 10.128.128.128

Tcpip..Interfaces2e0ce0b8-332a-4b29-921e-efdf5f7b4356: [DhcpNameServer] 8.8.8.8

Tcpip..Interfaces6aa1d373-01f1-415e-8a17-3cf1c0a1e3a1: [DhcpNameServer] 192.168.1.254

Tcpip..Interfacesed632d76-c51c-4d64-b444-527dcc72390e: [DhcpNameServer] 10.128.128.128

Internet Explorer:

==================

HKUS-1-5-21-2348511245-4265812317-4155633532-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

BHO-x32: Java Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:Program Files (x86)Javajre1.8.0_221binssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:Program Files (x86)Javajre1.8.0_221binjp2ssv.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)

DPF: HKLM-x32 166B1BCA-3F9C-11CF-8075-444553540000 hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

Edge:

======

DownloadDir: C:UsersWillcDownloads

Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:Program FilesWindowsAppsSymantecCorporation.NortonSafeWeb_3.11.0.0_neutral__v68kp9n051hdp [not found]

FireFox:

========

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:WindowsSysWOW64AdobeDirectornp32dsw_1234204.dll [2018-06-06] (Adobe Systems, Inc.) [File not signed]

FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:Program Files (x86)Javajre1.8.0_221bindtpluginnpDeployJava1.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:Program Files (x86)Javajre1.8.0_221binplugin2npjp2.dll [2019-07-20] (Oracle America, Inc. -> Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll [2019-04-25] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll [2019-04-25] (NVIDIA Corporation -> NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.34.11npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.34.11npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:UsersWillcAppDataLocalGoogleChromeUser DataDefault [2020-07-23]

CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.reddit.com; hxxps://www.youtube.com; hxxps://www1.ecleneue.com

CHR Extension: (Slides) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2018-11-23]

CHR Extension: (YouTube) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsadnlfjpnmidfimlkaohpidplnoimahfh [2019-04-27]

CHR Extension: (Docs) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2018-11-23]

CHR Extension: (Google Drive) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2018-11-23]

CHR Extension: (YouTube) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-23]

CHR Extension: (Honey) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsbmnlcjabgnpnenekpadlanbbkooimhnj [2020-01-31]

CHR Extension: (I’m Feeling Lucky) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionscnlabakikmdekpfaflaihcepfkjopgll [2019-04-26]

CHR Extension: (Lamborghini Cherry ) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsdkkklbgbfaeockpgbkleblklmcjdbnbj [2019-01-17]

CHR Extension: (Sheets) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2018-11-23]

CHR Extension: (Google Docs Offline) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-22]

CHR Extension: (AdBlock — best ad blocker) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2020-07-22]

CHR Extension: (Chrome Web Store Payments) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2020-01-13]

CHR Extension: (Downloader for Instagram™ + Direct Message) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionsolkpikmlhoaojbbmmpejnimiglejmboe [2020-07-22]

CHR Extension: (Gmail) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]

CHR Extension: (Chrome Media Router) – C:UsersWillcAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-22]

CHR Profile: C:UsersWillcAppDataLocalGoogleChromeUser DataGuest Profile [2019-09-29]

CHR Profile: C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1 [2019-04-26]

CHR Extension: (Slides) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsaapocclcgogkmnckokdopfmhonfmgoek [2019-01-17]

CHR Extension: (Docs) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsaohghmighlieiainnegkcijnfilokake [2019-01-17]

CHR Extension: (Google Drive) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsapdfllckaahabafndbhieahigkjlhalf [2019-01-17]

CHR Extension: (YouTube) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2019-01-17]

CHR Extension: (Sheets) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsfelcaaldnbdncclmgdcncolpebgiejap [2019-01-17]

CHR Extension: (Google Docs Offline) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-21]

CHR Extension: (Chrome Web Store Payments) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionsnmmhkkegccagdldgiimedpiccmgmieda [2019-01-17]

CHR Extension: (Gmail) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionspjkljhegncpnkpknbcohdijeoejaedia [2019-01-17]

CHR Extension: (Chrome Media Router) – C:UsersWillcAppDataLocalGoogleChromeUser DataProfile 1Extensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-26]

CHR Profile: C:UsersWillcAppDataLocalGoogleChromeUser DataSystem Profile [2019-09-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AsHidService; C:WindowsSystem32DriverStoreFileRepositoryatkwmiacpiio.inf_amd64_a5cf007e1dac78efAsHidSrv64.exe [171912 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

S4 ASLDRService; C:WindowsSystem32DriverStoreFileRepositoryatkwmiacpiio.inf_amd64_a5cf007e1dac78efAsLdrSrv64.exe [202120 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

S4 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8473200 2019-03-27] (BattlEye Innovations e.K. -> )

S4 DevActSvc; C:Program Files (x86)ASUSASUS Device ActivationDevActSvc.exe [325456 2018-06-11] (ASUSTek Computer Inc. -> )

S4 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [781440 2018-12-09] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

S4 Futuremark SystemInfo Service; C:Program Files (x86)FuturemarkSystemInfoFMSISvc.exe [342456 2019-11-26] (FUTUREMARK INC -> Futuremark)

S4 ICEsoundService; C:Windowssystem32ICEsoundService64.exe [483816 2018-05-10] (ICEpower a/s -> ICEpower a/s)

S4 LogiRegistryService; C:Program FilesLogitech Gaming SoftwareDriversAPOServiceLogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)

S4 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2304304 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)

S4 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3175728 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)

S4 Rockstar Service; C:Program FilesRockstar GamesLauncherRockstarService.exe [471696 2019-09-25] (Rockstar Games, Inc. -> Rockstar Games)

S4 SetupARService; C:Program Files (x86)RealtekAudioSetupAfterRebootService.exe [10752 2018-11-23] () [File not signed]

S4 uhssvc; C:Program FilesMicrosoft Update Health Toolsuhssvc.exe [293680 2020-07-01] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0NisSrv.exe [2496144 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2006.10-0MsMpEng.exe [104192 2020-07-22] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 AvgWscReporter; “C:Program FilesAVGAntiviruswsc_proxy.exe” /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:WindowsSystem32driversAppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

S3 AppleLowerFilter; C:WindowsSystem32driversAppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)

R3 AsusPTPDrv; C:WindowsSystem32driversAsusPTPFilter.sys [108504 2019-04-24] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)

R1 ATKWMIACPIIO; C:WindowsSystem32DriverStoreFileRepositoryatkwmiacpiio.inf_amd64_a5cf007e1dac78efatkwmiacpi64.sys [30600 2018-01-07] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)

S3 BEDaisy; C:Program Files (x86)Common FilesBattlEyeBEDaisy.sys [2705776 2019-09-15] (BattlEye Innovations e.K. -> )

S3 bertreader; C:WindowsSystem32driversbertreader.sys [40320 2020-03-10] (Intel Corporation -> Intel Corporation)

S3 BlueStacksDrv; C:Program FilesBlueStacksBstkDrv.sys [313112 2019-07-06] (Bluestack Systems, Inc. -> Bluestack System Inc.)

R3 HIDSwitch; C:WindowsSystem32driversAsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)

R2 LGCoreTemp; C:Program FilesLogitech Gaming SoftwareDriversLgCoreTemplgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)

R3 LGJoyXlCore; C:Windowssystem32driversLGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)

R1 MpKslDrv; C:ProgramDataMicrosoftWindows DefenderDefinition UpdatesB6237A43-8253-4829-B4A4-BEA2E68E4BFDMpKslDrv.sys [43232 2020-07-24] (Microsoft Windows -> Microsoft Corporation)

S3 PHYMEM; C:UsersWillcAppDataLocalPackages33C30B79.HyperXNGenuity_0a78dr3hq0pvtLocalStateotipcibus64.sys [17488 2019-08-31] (Ours Technology Inc. -> OTi)

S3 rspWhySoSlow; C:WindowsSystem32DRIVERSrspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)

R3 ScpVBus; C:WindowsSystem32driversScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)

R3 semav6msr64; C:Windowssystem32driverssemav6msr64.sys [41816 2020-06-16] (Intel Corporation -> )

R3 tap0901; C:WindowsSystem32driverstap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [45976 2020-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [408816 2020-07-22] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [64224 2020-07-22] (Microsoft Windows -> Microsoft Corporation)

S4 nvvad_WaveExtensible; SystemRootsystem32driversnvvad64v.sys [X]

S4 nvvhci; SystemRootSystem32driversnvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-24 09:01 – 2020-07-24 09:01 – 000000000 ___HD C:$WINDOWS.~BT

2020-07-24 09:00 – 2020-07-24 09:00 – 000000000 ____D C:UsersWillcDownloadsFRST-OlderVersion

2020-07-24 08:41 – 2020-07-24 08:41 – 000003834 _____ C:Windowssystem32TasksIUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473

2020-07-23 16:29 – 2020-07-24 02:18 – 000000000 ___HD C:$SysReset

2020-07-23 16:10 – 2020-07-23 16:11 – 000058897 _____ C:UsersWillcDownloadsdriverview-x64.zip

2020-07-23 14:53 – 2020-07-23 14:53 – 000002678 _____ C:Windowssystem32TasksUSER_ESRV_SVC_QUEENCREEK

2020-07-23 14:21 – 2019-04-25 09:12 – 000133432 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvStreaming.exe

2020-07-23 14:14 – 2019-04-30 20:39 – 000552352 _____ (Khronos Group) C:Windowssystem32OpenCL.dll

2020-07-23 14:14 – 2019-04-30 20:39 – 000456688 _____ (Khronos Group) C:WindowsSysWOW64OpenCL.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 010323608 _____ (NVIDIA Corporation) C:Windowssystem32nvptxJitCompiler.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 008787536 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvptxJitCompiler.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 000668640 _____ C:Windowssystem32nvofapi64.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 000631896 _____ (NVIDIA Corporation) C:Windowssystem32NvIFROpenGL.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 000534544 _____ C:WindowsSysWOW64nvofapi.dll

2020-07-23 14:14 – 2019-04-30 20:38 – 000521688 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFROpenGL.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 005276576 _____ (NVIDIA Corporation) C:Windowssystem32nvcuvid.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 002033568 _____ (NVIDIA Corporation) C:Windowssystem32NvFBC64.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001734584 _____ (NVIDIA Corporation) C:Windowssystem32nvdispco6442546.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001536416 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvFBC.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001471816 _____ (NVIDIA Corporation) C:Windowssystem32nvEncMFThevc.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001468504 _____ (NVIDIA Corporation) C:Windowssystem32nvdispgenco6442546.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001465432 _____ (NVIDIA Corporation) C:Windowssystem32NvIFR64.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001462424 _____ (NVIDIA Corporation) C:Windowssystem32nvEncMFTH264.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001169336 _____ (NVIDIA Corporation) C:Windowssystem32nvfatbinaryLoader.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001152200 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvEncMFThevc.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001145936 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvEncMFTH264.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 001130128 _____ (NVIDIA Corporation) C:WindowsSysWOW64NvIFR.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 000915304 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvfatbinaryLoader.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 000794840 _____ (NVIDIA Corporation) C:Windowssystem32nvEncodeAPI64.dll

2020-07-23 14:13 – 2019-04-30 20:38 – 000638208 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvEncodeAPI.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 040421464 _____ (NVIDIA Corporation) C:Windowssystem32nvcompiler.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 035268296 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcompiler.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 020080040 _____ (NVIDIA Corporation) C:Windowssystem32nvcuda.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 017440224 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuda.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 004626336 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvcuvid.dll

2020-07-23 14:13 – 2019-04-30 20:37 – 004304856 _____ (NVIDIA Corporation) C:WindowsSysWOW64nvapi.dll

2020-07-23 14:05 – 2020-07-23 14:05 – 000000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsIntel

2020-07-23 14:05 – 2020-07-23 14:05 – 000000000 ____D C:Program FilesCommon FilesIntel

2020-07-23 13:29 – 2020-07-23 14:19 – 000000000 ____D C:WindowsLastGood.Tmp

2020-07-23 13:28 – 2020-07-23 13:28 – 000000000 ____D C:UsersWillcDownloadsIntel Driver and Support Assistant

2020-07-23 13:27 – 2020-07-23 14:53 – 000003762 _____ C:Windowssystem32TasksIntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132

2020-07-23 13:27 – 2020-07-23 14:53 – 000003528 _____ C:Windowssystem32TasksIntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon

2020-07-23 13:27 – 2020-07-23 13:27 – 002477304 _____ (Intel) C:UsersWillcDownloadsIntel-Driver-and-Support-Assistant-Installer (2).exe

2020-07-23 13:27 – 2020-07-23 13:27 – 000001512 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsIntel Driver & Support Assistant.lnk

2020-07-23 13:27 – 2020-06-16 17:28 – 000041816 _____ C:Windowssystem32Driverssemav6msr64.sys

2020-07-23 10:57 – 2020-07-23 11:23 – 000000000 ____D C:UsersWillclaptop drivers

2020-07-23 10:49 – 2020-07-23 11:37 – 000000000 ____D C:Program FilesWhoCrashed

2020-07-23 10:49 – 2020-07-23 10:49 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWhoCrashed

2020-07-23 10:48 – 2020-07-23 10:48 – 009936128 _____ (Resplendence Software Projects Sp. ) C:UsersWillcDownloadswhocrashedSetup.exe

2020-07-23 10:05 – 2020-07-23 10:05 – 000000080 ___SH C:bootTel.dat

2020-07-22 14:19 – 2020-07-22 14:20 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsWhySoSlow

2020-07-22 14:19 – 2020-07-22 14:19 – 000000000 ____D C:Program FilesWhySoSlow

2020-07-22 14:19 – 2016-12-17 20:59 – 000028928 _____ (Resplendence Software Projects Sp.) C:Windowssystem32DriversrspWhy64.sys

2020-07-22 11:53 – 2020-07-22 11:55 – 000047693 _____ C:UsersWillcDownloadsAddition.txt

2020-07-22 11:49 – 2020-07-24 09:01 – 000023901 _____ C:UsersWillcDownloadsFRST.txt

2020-07-22 11:45 – 2020-07-24 09:00 – 002294784 _____ (Farbar) C:UsersWillcDownloadsFRST64.exe

2020-07-22 11:41 – 2020-07-22 11:41 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2020-07-22 11:41 – 2020-07-01 07:40 – 000438576 _____ (Microsoft Corporation) C:Windowssystem32QualityUpdateAssistant.dll

2020-07-22 11:41 – 2020-07-01 07:38 – 000915776 _____ (Microsoft Corporation) C:Windowssystem32sedplugins.dll

2020-07-22 10:57 – 2020-07-23 08:53 – 000000000 ____D C:Windowspss

2020-07-22 09:41 – 2020-07-22 09:41 – 002477304 _____ (Intel) C:UsersWillcDownloadsIntel-Driver-and-Support-Assistant-Installer (1).exe

2020-07-22 08:30 – 2020-07-22 08:30 – 002477304 _____ (Intel) C:UsersWillcDownloadsIntel-Driver-and-Support-Assistant-Installer.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-24 09:01 – 2020-01-13 10:34 – 000000000 ____D C:FRST

2020-07-24 09:01 – 2018-11-23 20:16 – 000000000 ____D C:WindowsPanther

2020-07-24 08:40 – 2018-11-23 12:39 – 000778152 _____ C:Windowssystem32PerfStringBackup.INI

2020-07-24 08:40 – 2018-09-15 08:31 – 000000000 ____D C:WindowsINF

2020-07-24 08:37 – 2018-09-15 08:33 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2020-07-24 08:36 – 2019-08-31 22:41 – 000003458 _____ C:Windowssystem32TasksHyperXRamApp

2020-07-24 08:36 – 2018-11-23 12:59 – 000000000 ____D C:ProgramDataNVIDIA

2020-07-24 08:35 – 2018-11-23 12:21 – 000000006 ____H C:WindowsTasksSA.DAT

2020-07-23 17:16 – 2018-09-15 07:09 – 000786432 _____ C:Windowssystem32configBBI

2020-07-23 17:14 – 2018-09-15 08:23 – 000000000 ____D C:WindowsCbsTemp

2020-07-23 16:42 – 2018-11-23 12:37 – 000000000 ____D C:UsersWillc

2020-07-23 16:06 – 2020-01-10 13:35 – 000007604 _____ C:UsersWillcAppDataLocalResmon.ResmonCfg

2020-07-23 15:53 – 2018-11-23 12:21 – 000000000 ____D C:Windowssystem32SleepStudy

2020-07-23 14:21 – 2020-01-17 14:30 – 000003926 _____ C:Windowssystem32TasksNvTmRepCR3_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003926 _____ C:Windowssystem32TasksNvTmRepCR2_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003926 _____ C:Windowssystem32TasksNvTmRepCR1_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003894 _____ C:Windowssystem32TasksNvProfileUpdaterDaily_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003866 _____ C:Windowssystem32TasksNvTmRep_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003858 _____ C:Windowssystem32TasksNvTmMon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2020-01-17 14:30 – 000003654 _____ C:Windowssystem32TasksNvProfileUpdaterOnLogon_B2FE1952-0186-46C3-BAEC-A80AA35AC5B8

2020-07-23 14:21 – 2018-11-23 12:57 – 000000000 ____D C:ProgramDataNVIDIA Corporation

2020-07-23 14:21 – 2018-11-23 12:57 – 000000000 ____D C:Program Files (x86)NVIDIA Corporation

2020-07-23 14:05 – 2018-11-23 12:42 – 000000000 ____D C:Program FilesIntel

2020-07-23 13:31 – 2018-11-23 12:52 – 000000000 ____D C:Program FilesNVIDIA Corporation

2020-07-23 13:27 – 2018-11-23 13:43 – 000000000 ____D C:ProgramDataPackage Cache

2020-07-23 13:27 – 2018-11-23 12:43 – 000000000 ____D C:UsersWillcAppDataLocalIntel

2020-07-23 13:27 – 2018-11-23 12:42 – 000000000 ____D C:ProgramDataIntel

2020-07-23 13:27 – 2018-11-23 12:42 – 000000000 ____D C:Program Files (x86)Intel

2020-07-23 11:54 – 2019-08-29 19:25 – 000007623 _____ C:Windowsdiagwrn.xml

2020-07-23 11:54 – 2019-08-29 19:25 – 000007623 _____ C:Windowsdiagerr.xml

2020-07-23 11:34 – 2020-01-13 10:00 – 001798438 _____ C:Windowsntbtlog.txt

2020-07-23 11:33 – 2018-11-29 15:52 – 000000214 _____ C:WindowsTasksCreateExplorerShellUnelevatedTask.job

2020-07-22 15:32 – 2018-11-23 12:22 – 000000000 ____D C:Windowssystem32Driverswd

2020-07-22 12:03 – 2019-08-29 19:33 – 000000000 ____H C:$WINRE_BACKUP_PARTITION.MARKER

2020-07-22 12:03 – 2018-09-15 07:09 – 000032768 _____ C:Windowssystem32configELAM

2020-07-22 11:53 – 2018-09-15 08:33 – 000000000 ___HD C:Program FilesWindowsApps

2020-07-22 11:53 – 2018-09-15 08:33 – 000000000 ____D C:WindowsAppReadiness

2020-07-22 11:41 – 2018-11-23 21:24 – 000000000 ____D C:Windowssystem32MRT

2020-07-22 11:38 – 2018-11-23 21:24 – 120636720 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe

2020-07-22 11:02 – 2018-09-15 07:09 – 000000000 ____D C:Windowsservicing

2020-07-22 08:41 – 2018-11-23 12:39 – 000000000 ____D C:UsersWillcAppDataLocalPackages

2020-07-22 08:36 – 2018-11-23 12:39 – 000000000 ____D C:UsersWillcAppDataLocalPublishers

2020-07-22 08:28 – 2018-11-23 20:20 – 000744808 ____N (Microsoft Corporation) C:Windowssystem32MpSigStub.exe

2020-07-21 15:59 – 2018-11-23 20:23 – 000000000 ____D C:UsersWillcAppDataLocalElevatedDiagnostics

==================== Files in the root of some directories ========

2020-01-10 13:35 – 2020-07-23 16:06 – 000007604 _____ () C:UsersWillcAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

——————————————————————————————————————————————————————————————————————————————————————————————-

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2020

Ran by Willc (24-07-2020 09:03:05)

Running from C:UsersWillcDownloads

Windows 10 Home Version 1809 17763.737 (X64) (2018-11-23 11:31:22)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2348511245-4265812317-4155633532-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-2348511245-4265812317-4155633532-503 – Limited – Disabled)

Guest (S-1-5-21-2348511245-4265812317-4155633532-501 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-2348511245-4265812317-4155633532-504 – Limited – Disabled)

Willc (S-1-5-21-2348511245-4265812317-4155633532-1001 – Administrator – Enabled) => C:UsersWillc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

AS: Windows Defender (Enabled – Up to date) D68DDC3A-831F-4fae-9E44-DA132C1ACF46

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.3 (HKLM-x32…Adobe Shockwave Player) (Version: 12.3.4.204 – Adobe Systems, Inc.)

Apex Legends (HKLM-x32…D7FBF176-382D-484E-863A-DFD1124A2A1C) (Version: 1.0.0.6 – Electronic Arts, Inc.)

ASUS Device Activation (HKLM-x32…9C4B0706-9F9A-47BF-B417-0A111FC52B04) (Version: 1.0.5.0 – ASUSTeK COMPUTER INC.)

ASUS Live Update (HKLM-x32…FA540E67-095C-4A1B-97BA-4D547DEC9AF4) (Version: 3.6.8 – ASUSTeK COMPUTER INC.)

Betternet for Windows 5.0.5 (HKLM-x32…2E77104D-96E1-4A9C-86F2-C7CF9C709999) (Version: 5.0.5 – Betternet Technologies Inc.)

BlueStacks App Player (HKLM…BlueStacks) (Version: 4.110.0.1081 – BlueStack Systems, Inc.)

Cisco EAP-FAST Module (HKLM-x32…64BF0187-F3D2-498B-99EA-163AF9AE6EC9) (Version: 2.2.14 – Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32…AF312B06-5C5C-468E-89B3-BE6DE2645722) (Version: 1.0.19 – Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32…A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F) (Version: 1.1.6 – Cisco Systems, Inc.)

Discord (HKUS-1-5-21-2348511245-4265812317-4155633532-1001…Discord) (Version: 0.0.305 – Discord Inc.)

Epic Games Launcher (HKLM-x32…E63B233-DC24-442C-BD38-0B91D90FEC5B) (Version: 1.1.167.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…66C5838F-B854-4A55-89E6-A6138747A4DF) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Futuremark SystemInfo (HKLM-x32…D22F5556-1049-4406-B8FD-AE7721679179) (Version: 5.25.802.0 – Futuremark)

Google Chrome (HKLM-x32…Google Chrome) (Version: 75.0.3770.142 – Google LLC)

Google Update Helper (HKLM-x32…60EC980A-BDA2-4CB6-A427-B07A5498B4CA) (Version: 1.3.34.11 – Google LLC) Hidden

Grand Theft Auto V (HKLM-x32…5EFC6C07-6B87-43FC-9524-F9E967241741) (Version: 1.0.1737.6 – Rockstar Games)

Intel Driver && Support Assistant (HKLM-x32…B6D9E45-696A-452C-B0FE-32A37F1792F9) (Version: 20.7.26.7 – Intel) Hidden

Intel® Chipset Device Software (HKLM-x32…55d73ea7-6354-42db-8831-02d048ae57f8) (Version: 10.1.17541.8066 – Intel® Corporation) Hidden

Intel® Computing Improvement Program (HKLM…44C40B2E-7285-4A9F-A9BC-DF433772AAEE) (Version: 2.4.05929 – Intel Corporation)

Intel® Processor Graphics (HKLM-x32…F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA) (Version: 25.20.100.6446 – Intel Corporation)

Intel® Rapid Storage Technology (HKLM…409CB30E-E457-4008-9B1A-ED1B9EA21140) (Version: 16.8.3.1003 – Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32…0001050-0200-1033-84C8-B8D95FA3C8C3) (Version: 20.50.1 – Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32…3d606425-2f7e-467e-8cc9-e0a2bb2d3067) (Version: 20.7.26.7 – Intel)

Intel® Optane™ Pinning Explorer Extensions (HKLM…4B3C56AB-963E-4F48-9747-05297683DB3B) (Version: 16.8.3.1003 – Intel Corporation)

Java 8 Update 221 (HKLM-x32…26A24AE4-039D-4CA4-87B4-2F32180221F0) (Version: 8.0.2210.11 – Oracle Corporation)

Launcher Prerequisites (x64) (HKLM-x32…c6c5a357-c7ca-4a5f-9789-3bb1af579253) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Logitech Gaming Software 9.02 (HKLM…Logitech Gaming Software) (Version: 9.02.65 – Logitech Inc.)

Microsoft OneDrive (HKUS-1-5-21-2348511245-4265812317-4155633532-1001…OneDriveSetup.exe) (Version: 19.152.0801.0009 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…127D3B81-C5CB-4340-AC96-8F7EF322C910) (Version: 2.60.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32…9A25302D-30C0-39D9-BD6F-21E6EC160475) (Version: 9.0.30729 – Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable – 10.0.40219 (HKLM…1D8E6291-B0D5-35EC-8441-6616F567A0F7) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable – 10.0.30319 (HKLM-x32…196BB40D-1578-3D01-B289-BEFC77A11A1E) (Version: 10.0.30319 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…ca67548a-5ebe-413a-b50c-4b9ceb6d66c6) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…50d4fc8-5d48-4b8f-8972-47c82c46020f) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…f65db027-aff3-4070-886a-0d87064aabb1) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.22.27821 (HKLM-x32…6361b579-2795-4886-b2a8-53d5239b6452) (Version: 14.22.27821.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.22.27821 (HKLM-x32…5bfc1380-fd35-4b85-9715-7351535d077e) (Version: 14.22.27821.0 – Microsoft Corporation)

Minecraft (HKLM-x32…2D1ED4EA-B59D-4665-ACB3-9325872A300D) (Version: 1.0.4.0 – Mojang)

NVIDIA 3D Vision Driver 425.46 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.3DVision) (Version: 425.46 – NVIDIA Corporation)

NVIDIA Graphics Driver 425.46 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.Driver) (Version: 425.46 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…B2FE1952-0186-46C3-BAEC-A80AA35AC5B8_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

OpenIV (HKUS-1-5-21-2348511245-4265812317-4155633532-1001…OpenIV) (Version: 3.1.1033 – .black/OpenIV Team)

Origin (HKLM-x32…Origin) (Version: 10.5.37.24524 – Electronic Arts, Inc.)

osu! (HKLM-x32…6d779168-eabe-4550-9d1e-b4a67e084d22) (Version: latest – ppy Pty Ltd)

PCMark 10 (HKLM…584A1ED9-15CA-4170-BF36-49D3A631A7CA) (Version: 2.1.2153.0 – UL) Hidden

PCMark 10 (HKLM-x32…70a7e3ca-1031-4398-b678-d3f0ecd4fe3d) (Version: 2.1.2153.0 – UL)

Realtek Ethernet Controller Driver (HKLM-x32…8833FFB6-5B0C-4764-81AA-06DFEED9A476) (Version: 10.23.1003.2017 – Realtek)

Realtek High Definition Audio Driver (HKLM-x32…F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC) (Version: 6.0.1.8656 – Realtek Semiconductor Corp.)

Realtek PCI-E Wireless LAN Driver (HKLM-x32…InstallShield_70714FB7-4084-4202-A599-2D5935DECB67) (Version: Drv_3.00.0027 – REALTEK Semiconductor Corp.)

Roblox Player (HKLM-x32…roblox-player) (Version: – Roblox Corporation)

Roblox Player for Willc (HKUS-1-5-21-2348511245-4265812317-4155633532-1001…roblox-player) (Version: – Roblox Corporation)

Roblox Studio for Willc (HKUS-1-5-21-2348511245-4265812317-4155633532-1001…roblox-studio) (Version: – Roblox Corporation)

Rockstar Games Launcher (HKLM-x32…Rockstar Games Launcher) (Version: 1.0.5.121 – Rockstar Games)

Rockstar Games Social Club (HKLM-x32…Rockstar Games Social Club) (Version: 2.0.2.5 – Rockstar Games)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

swMSM (HKLM-x32…612C34C7-5E90-47D8-9B5C-0F717DD82726) (Version: 12.0.0.1 – Adobe Systems, Inc) Hidden

TAP-Windows 9.21.2 (HKLM…TAP-Windows) (Version: 9.21.2 – )

Uplay (HKLM-x32…Uplay) (Version: 81.0 – Ubisoft)

WhoCrashed 6.65 (HKLM…WhoCrashed_is1) (Version: – Resplendence Software Projects Sp.)

WhySoSlow 1.51 (HKLM…WhySoSlowHome_is1) (Version: – Resplendence Software Projects Sp.)

WinFlash (HKLM-x32…8F21291E-0444-4B1D-B9F9-4370A73E346D) (Version: 3.2.9.0 – ASUSTeK COMPUTER INC.)

WinRAR 5.61 (64-bit) (HKLM…WinRAR archiver) (Version: 5.61.0 – win.rar GmbH)

Packages:

=========

Bubble Witch 3 Saga -> C:Program FilesWindowsAppsking.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-07-22] (king.com)

Candy Crush Saga -> C:Program FilesWindowsAppsking.com.CandyCrushSaga_1.1800.1.0_x86__kgqvnymyfvs32 [2020-07-22] (king.com)

Cooking Fever -> C:Program FilesWindowsAppsNordcurrent.CookingFever_8.0.0.4_x86__m9bz608c1b9ra [2020-07-22] (Nordcurrent)

Dolby Access -> C:Program FilesWindowsAppsDolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2020-01-13] (Dolby Laboratories)

Dragon Mania Legends -> C:Program FilesWindowsAppsA278AB0D.DragonManiaLegends_5.4.1.2_x86__h6adky7gbf63m [2020-07-22] (Gameloft SE)

Forza Horizon 4 -> C:Program FilesWindowsAppsMicrosoft.SunriseBaseGame_1.424.799.2_x64__8wekyb3d8bbwe [2020-07-22] (Microsoft Studios)

HyperX NGENUITY -> C:Program FilesWindowsApps33C30B79.HyperXNGenuity_5.1.41.0_x64__0a78dr3hq0pvt [2020-07-22] (HyperX Gaming) [Startup Task]

iTunes -> C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqa [2020-07-22] (Apple Inc.) [Startup Task]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:Program FilesWindowsAppsMicrosoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.7.7162.0_x64__8wekyb3d8bbwe [2020-07-22] (Microsoft Studios) [MS Ad]

Minecraft for Windows 10 -> C:Program FilesWindowsAppsMicrosoft.MinecraftUWP_1.16.1002.0_x64__8wekyb3d8bbwe [2020-07-22] (Microsoft Studios)

MSN Weather -> C:Program FilesWindowsAppsMicrosoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-07-22] (Microsoft Corporation) [MS Ad]

Netflix -> C:Program FilesWindowsApps4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-22] (Netflix, Inc.)

Norton Safe Web -> C:Program FilesWindowsAppsSymantecCorporation.NortonSafeWeb_3.11.6.0_neutral__v68kp9n051hdp [2020-07-22] (Symantec Corporation)

Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-06] (Microsoft Corporation)

Skype -> C:Program FilesWindowsAppsMicrosoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-07-22] (Skype)

Spotify Music -> C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0 [2020-07-22] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKUS-1-5-21-2348511245-4265812317-4155633532-1001_ClassesCLSID233525e0-5434-46ef-b464-fd7e45e2e145localserver32 -> C:Program Files (x86)IntelDriver and Support AssistantDSATray.exe (IDSA Production signing key -> Intel)

ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9 => C:Program FilesIntelOptaneShellExtensionsOptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]

ShellIconOverlayIdentifiers: [00asw] -> 472083B0-C522-11CF-8763-00608CC02F24 => -> No File

ShellIconOverlayIdentifiers: [00avg] -> 472083B0-C522-11CF-8763-00608CC02F24 => -> No File

ContextMenuHandlers1: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers3: [OptaneContextMenu] -> AD7EBB13-617D-3270-8FA8-46583499C4FB => C:Program FilesIntelOptaneShellExtensionsOptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]

ContextMenuHandlers4: [Offline Files] -> 474C98EE-CF3D-41f5-80E3-4AAB0AB04301 => -> No File

ContextMenuHandlers5: [igfxcui] -> 3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4 => -> No File

ContextMenuHandlers5: [igfxDTCM] -> 9B5F5829-A529-4B12-814A-E81BCB8D93FC => C:WindowsSystem32DriverStoreFileRepositoryigdlh64.inf_amd64_28d80681d3523b1cigfxDTCM.dll [2019-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> 3D1975AF-48C6-4f8e-A182-BE0E08FA86A9 => C:Windowssystem32nvshext.dll [2019-04-25] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [BriefcaseMenu] -> 85BBD920-42A0-1069-A2E4-08002B30309D => -> No File

ContextMenuHandlers6: [Offline Files] -> 474C98EE-CF3D-41f5-80E3-4AAB0AB04301 => -> No File

ContextMenuHandlers6: [WinRAR] -> B41DB860-64E4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> B41DB860-8EE4-11D2-9906-E49FADC173CA => C:Program FilesWinRARrarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:UsersWillcAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsYouTube (1).lnk -> C:Program Files (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=adnlfjpnmidfimlkaohpidplnoimahfh

ShortcutWithArgument: C:UsersWillcAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsYouTube.lnk -> C:Program Files (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=adnlfjpnmidfimlkaohpidplnoimahfh

==================== Loaded Modules (Whitelisted) =============

2019-07-15 10:20 – 2019-07-15 10:20 – 000126976 _____ (Intel Corporation) [File not signed] C:Program FilesIntelOptaneShellExtensionsiaStorAfsServiceApi.dll

2020-06-16 17:28 – 2020-06-16 17:28 – 001918464 _____ (SQLite Development Team) [File not signed] C:Program FilesIntelSURQUEENCREEKx64sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:UsersPublicShared Files:VersionCache [452]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalAppXSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBFE => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalBITS => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalcamsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalClipSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimaldps => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimallfsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMpsSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalmsiserver => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalsemgrsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalSharedAccess => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalshellhwdetection => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTokenBroker => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalTweakingRemoveSafeBoot => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalvss => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalWSService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkAppXSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkBITS => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkcamsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkClipSvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkdps => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworklfsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkmsiserver => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkSamSs => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksemgrsvc => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkshellhwdetection => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrv2 => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworksrvnet => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTokenBroker => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkTweakingRemoveSafeBoot => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkvss => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkWSService => “”=”Service”

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 – 2018-11-29 16:23 – 000000855 _____ C:Windowssystem32driversetchosts

127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironment\Path -> C:Program Files (x86)Common FilesOracleJavajavapath;C:Windowssystem32;C:Windows;C:WindowsSystem32Wbem;C:WindowsSystem32WindowsPowerShellv1.0;C:WindowsSystem32OpenSSH;C:Program Files (x86)NVIDIA CorporationPhysXCommon

HKUS-1-5-21-2348511245-4265812317-4155633532-1001Control PanelDesktop\Wallpaper -> C:UsersWillcAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackgroundimg0.jpg

DNS Servers: 10.128.128.128

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIGServices: AsHidService => 2

MSCONFIGServices: ASLDRService => 2

MSCONFIGServices: BEService => 3

MSCONFIGServices: cphs => 3

MSCONFIGServices: cplspcon => 2

MSCONFIGServices: DevActSvc => 2

MSCONFIGServices: EasyAntiCheat => 3

MSCONFIGServices: esifsvc => 2

MSCONFIGServices: Futuremark SystemInfo Service => 3

MSCONFIGServices: GoogleChromeElevationService => 3

MSCONFIGServices: gupdate => 2

MSCONFIGServices: gupdatem => 3

MSCONFIGServices: iaStorAfsService => 3

MSCONFIGServices: IAStorDataMgrSvc => 2

MSCONFIGServices: ibtsiva => 2

MSCONFIGServices: ICEsoundService => 2

MSCONFIGServices: igfxCUIService2.0.0.0 => 2

MSCONFIGServices: LogiRegistryService => 2

MSCONFIGServices: NVDisplay.ContainerLocalSystem => 2

MSCONFIGServices: NvTelemetryContainer => 2

MSCONFIGServices: Origin Client Service => 3

MSCONFIGServices: Origin Web Helper Service => 2

MSCONFIGServices: PIEServiceNew => 3

MSCONFIGServices: Rockstar Service => 3

MSCONFIGServices: RstMwService => 2

MSCONFIGServices: SetupARService => 2

MSCONFIGServices: Steam Client Service => 3

HKLM…StartupApprovedRun: => “SecurityHealth”

HKLM…StartupApprovedRun: => “Launch LCore”

HKLM…StartupApprovedRun: => “Logitech Download Assistant”

HKLM…StartupApprovedRun: => “IAStorIcon”

HKLM…StartupApprovedRun32: => “SunJavaUpdateSched”

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…StartupApprovedRun: => “Discord”

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…StartupApprovedRun: => “EADM”

HKUS-1-5-21-2348511245-4265812317-4155633532-1001…StartupApprovedRun: => “Steam”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User1922B8DA-DBAD-4B79-AE3D-6E74CF1C3B32C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Allow) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [UDP Query User139A727F-5FD5-43C7-9E2C-78C6054802B1C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Allow) C:program files (x86)epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [TCP Query User8E085909-1050-459D-A9C0-2391760D77ACC:program fileslogitech gaming softwarelcore.exe] => (Allow) C:program fileslogitech gaming softwarelcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [UDP Query UserCC1E2284-3682-47C9-BAB6-1CBA5CABE8C3C:program fileslogitech gaming softwarelcore.exe] => (Allow) C:program fileslogitech gaming softwarelcore.exe (Logitech Inc -> Logitech Inc.)

FirewallRules: [TCP Query User577322E1-516C-490C-8259-65B0545336B6C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Allow) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [UDP Query UserD62D8ADE-8D8B-42F6-961E-C6BEBF982CFAC:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe] => (Allow) C:program filesepic gamesfortnitefortnitegamebinarieswin64fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [6FC02A79-0C51-4B78-9FA7-399019CA5A0E] => (Allow) C:Program FilesAVAST SoftwareAvastAvEmUpdate.exe => No File

FirewallRules: [A18B620B-8ACF-412A-833E-1B8D2810192B] => (Allow) C:Program FilesAVAST SoftwareAvastAvEmUpdate.exe => No File

FirewallRules: [DNS Server Forward Rule – TCP – 9C1B7501-5994-40CF-91D9-23B163C69745 – 0] => (Allow) LPort=53

FirewallRules: [DNS Server Forward Rule – UDP – 9C1B7501-5994-40CF-91D9-23B163C69745 – 0] => (Allow) LPort=53

FirewallRules: [DNS Server Forward Rule – TCP – 8BA68CF4-F15A-4DE0-B51D-208B6CD9EFD8 – 0] => (Allow) LPort=53

FirewallRules: [DNS Server Forward Rule – UDP – 8BA68CF4-F15A-4DE0-B51D-208B6CD9EFD8 – 0] => (Allow) LPort=53

FirewallRules: [DNS Server Forward Rule – TCP – 70D433A8-6256-48A0-AFB9-E7DF3B1FA9C9 – 0] => (Allow) LPort=53

FirewallRules: [DNS Server Forward Rule – UDP – 70D433A8-6256-48A0-AFB9-E7DF3B1FA9C9 – 0] => (Allow) LPort=53

FirewallRules: [4E8A6C45-0164-4B18-B4A3-DD2D60001C60] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [46E61BAB-4060-44E3-873F-D17CE78A9F01] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [FE667DA8-1660-42BC-8C07-4C036B0586A3] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [BA7A0F3D-6F72-4C19-870E-F93FFB4EC38D] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe => No File

FirewallRules: [552B3673-3B86-4605-8513-4AA0DD586509] => (Allow) C:Program Files (x86)SteamsteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve -> )

FirewallRules: [11D80DE6-F0C0-44A5-9987-119B51CC1244] => (Allow) C:Program Files (x86)SteamsteamappscommonCounter-Strike Global Offensivecsgo.exe (Valve -> )

FirewallRules: [D7F12CC2-4806-4E19-8F2B-ACACD53FA001] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [D7055A92-7E62-4720-9D3F-516005BC0D81] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [7D352F70-BB1A-4D41-9E48-697F3713DE50] => (Allow) C:Program Files (x86)SteamsteamappscommonGarrysModhl2.exe () [File not signed]

FirewallRules: [2D384323-07DD-4EA9-81CB-5E19C33C3863] => (Allow) C:Program Files (x86)SteamsteamappscommonGarrysModhl2.exe () [File not signed]

FirewallRules: [TCP Query User8CB1DCA6-7A0C-4848-B54B-400EC531209AC:program files (x86)origin gamesapexr5apex.exe] => (Allow) C:program files (x86)origin gamesapexr5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)

FirewallRules: [UDP Query User2B1BD83D-544B-4B26-AB06-5ED820272042C:program files (x86)origin gamesapexr5apex.exe] => (Allow) C:program files (x86)origin gamesapexr5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)

FirewallRules: [156EDAC7-CFD0-41B4-8214-8A2AB1DE393C] => (Allow) C:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [2467B18D-A45D-4716-9852-11DF1C07A7A9] => (Allow) C:Program Files (x86)Origin GamesApexEasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

FirewallRules: [TCP Query User412E765D-1F2D-4426-8C96-311AE200A579C:program filesepic gamesunrealtournamentenginebinarieswin64ue4-win64-shipping.exe] => (Allow) C:program filesepic gamesunrealtournamentenginebinarieswin64ue4-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [UDP Query User7D4AE0DA-0360-4BD8-97A9-0F6BE0084938C:program filesepic gamesunrealtournamentenginebinarieswin64ue4-win64-shipping.exe] => (Allow) C:program filesepic gamesunrealtournamentenginebinarieswin64ue4-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.)

FirewallRules: [E89D2EAC-4BFD-456E-B5B0-D158651AFD4D] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [TCP Query UserFFEA35EA-6F0C-4327-9F56-20250474E29EC:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [UDP Query UserADA7323B-A71D-4984-8876-57E5D7AF6DD2C:program files (x86)minecraftruntimejre-x64binjavaw.exe] => (Block) C:program files (x86)minecraftruntimejre-x64binjavaw.exe

FirewallRules: [561024FB-DF62-414A-923A-5A5D86AB3FA3] => (Allow) C:Program FilesBlueStacksHD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

FirewallRules: [TCP Query User7F84CA9D-E387-4F4B-8BA9-0E85FFED6334C:program filesrockstar gamesgrand theft auto vgta5.exe] => (Block) C:program filesrockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [UDP Query UserFE9AD0A1-C589-4091-A5AC-C742136025F4C:program filesrockstar gamesgrand theft auto vgta5.exe] => (Block) C:program filesrockstar gamesgrand theft auto vgta5.exe (Rockstar Games, Inc. -> Rockstar Games)

FirewallRules: [4905D99D-584E-4A77-8217-A6C2E5BE5551] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [DF537DAA-5462-47B1-A626-B34BB8DB3FC2] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [CD6A5C66-9B11-4875-80F2-9A9E737B0B95] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [63911577-4D1F-46EE-8E65-073C14E0D3DB] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [6645F50A-0F93-4C2C-8D4E-17477D0030B3] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [480393EC-5CF3-47BD-B3E6-3098F5D8FBC9] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [FEB9F786-C1F2-48BC-9F14-CD3D6C8A9216] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [C78E2986-D18D-475D-9ED4-47DA836A72CD] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12107.3.48019.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [4C989D76-B38E-4F9F-9864-3080096E01AB] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [ECC88FFB-0746-48EB-8C87-CC78068706B6] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [2FB0126C-FA96-46CD-9EBF-3B8D066C9508] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [40DC0B05-2B91-4982-ADF7-074DB8E0CA47] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [99423BF3-3667-40C5-9288-DEE92E82F19A] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [1D77A10E-4B27-42D3-92F0-E6BFE3AADEF3] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [2C25F3A3-16AC-4663-8040-D011C8D7FE35] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [91921B54-C546-4D45-90E2-AB4A9BF89E1E] => (Allow) C:Program FilesWindowsAppsSpotifyAB.SpotifyMusic_1.137.690.0_x86__zpdnekdrzrea0Spotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [06E87D86-75B4-40F8-A1FD-38B04A75DA32] => (Block) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [60E14D6D-77BC-4773-B8E3-09BA8F70F481] => (Block) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [4AA2DF82-2F11-4BC0-B192-AA379FB63045] => (Allow) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [31F292B9-2E20-4F2F-888B-55BC4FD525A0] => (Allow) C:Program FilesIntelSURQUEENCREEKx64esrv_svc.exe (Intel® Software Development Products -> )

==================== Restore Points =========================

24-07-2020 09:01:37 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (07/24/2020 08:40:04 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/23/2020 02:54:00 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/23/2020 01:27:49 PM) (Source: PerfNet) (EventID: 2004) (User: )

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (07/23/2020 08:31:09 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for “C:WindowsWinSxSamd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.17763.1_none_aee3c2d5fbe26435Narrator.exe”.

Dependent Assembly SRH,type=”win32″,version=”1.0.0.0″ could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (07/22/2020 03:31:08 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SearchUI.exe version 10.0.17763.719 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 178c

Start Time: 01d6603405f0417b

Termination Time: 4294967295

Application Path: C:WindowsSystemAppsMicrosoft.Windows.Cortana_cw5n1h2txyewySearchUI.exe

Report Id: ec96bf0c-3925-4221-ada9-429aa49125f1

Faulting package full name: Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Quiesce

Error: (07/21/2020 09:12:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

Method: GET(0ms)

Stage: GetCACaps

The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/21/2020 06:12:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

Method: GET(0ms)

Stage: GetCACaps

The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (07/21/2020 03:12:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)

GetCACaps

Method: GET(44640ms)

Stage: GetCACaps

A connection with the server could not be established 0x80072efd (WinHttp: 12029 ERROR_WINHTTP_CANNOT_CONNECT)

System errors:

=============

Error: (07/24/2020 08:58:40 AM) (Source: ACPI) (EventID: 13) (User: )

Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (07/24/2020 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.SecurityAppBroker

and APPID

Unavailable

to the user NT AUTHORITYSYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/24/2020 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscDataProtection

and APPID

Unavailable

Error: (07/24/2020 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.SecurityAppBroker

and APPID

Unavailable

Error: (07/24/2020 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscBrokerManager

and APPID

Unavailable

Error: (07/24/2020 08:38:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID

Windows.SecurityCenter.WscBrokerManager

and APPID

Unavailable

Error: (07/24/2020 08:36:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The PHYMEM service failed to start due to the following error:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (07/24/2020 08:35:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The WMPNetworkSvc service terminated with the following error:

An attempt was made to reference a token that does not exist.

Windows Defender:

===================================

Date: 2020-07-24 09:02:45.878

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Uwasson.A!ml

ID: 251745

Severity: Medium

Category: Potentially Unwanted Software

Path: file:_C:UsersWillcDownloadsDIAMOND v19.rar

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: System

Process Name: C:UsersWillcDownloadsFRST64.exe

Signature Version: AV: 1.319.2157.0, AS: 1.319.2157.0, NIS: 1.319.2157.0

Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-24 09:02:31.619

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Wacatac.DC!ml

ID: 2147757791

Severity: Severe

Category: Trojan

Path: file:_C:UsersWillcDesktopDiamond.dll

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: User

Process Name: C:UsersWillcDownloadsFRST64.exe

Signature Version: AV: 1.319.2157.0, AS: 1.319.2157.0, NIS: 1.319.2157.0

Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-24 08:42:30.172

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Trojan:Win32/Wacatac.DC!ml

ID: 2147757791

Severity: Severe

Category: Trojan

Path: file:_C:UsersWillcDesktopDiamond.dll

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: User

Process Name: Unknown

Signature Version: AV: 1.319.2157.0, AS: 1.319.2157.0, NIS: 1.319.2157.0

Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-24 08:36:31.091

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Uwasson.A!ml

ID: 251745

Severity: Medium

Category: Potentially Unwanted Software

Path: file:_C:UsersWillcDownloadsDIAMOND v19.rar

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: System

Process Name: Unknown

Signature Version: AV: 1.319.2113.0, AS: 1.319.2113.0, NIS: 1.319.2113.0

Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-23 14:53:08.110

Description:

Windows Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Program:Win32/Uwasson.A!ml

ID: 251745

Severity: Medium

Category: Potentially Unwanted Software

Path: file:_C:UsersWillcDownloadsDIAMOND v19.rar

Detection Origin: Local machine

Detection Type: FastPath

Detection Source: System

Process Name: Unknown

Signature Version: AV: 1.319.2097.0, AS: 1.319.2097.0, NIS: 1.319.2097.0

Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-23 11:29:42.878

Description:

Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-07-22 16:16:58.282

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.319.2039.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.17200.2

Error code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Date: 2020-07-22 16:06:50.268

Description:

Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-07-22 16:01:34.537

Description:

Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-07-22 11:53:34.035

Description:

Windows Defender Antivirus has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.319.2024.0

Update Source: Microsoft Update Server

Signature Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.17200.2

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:

===================================

Date: 2020-07-24 08:36:57.880

Description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3UsersWillcAppDataLocalPackages33C30B79.HyperXNGenuity_0a78dr3hq0pvtLocalStateotipcibus64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-07-23 14:53:32.692

Description:

Date: 2020-07-23 14:05:48.130

Description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3WindowsInstallerMSI8BB3.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-07-23 12:02:54.448

Description:

Date: 2020-07-23 11:36:35.513

Description:

Date: 2020-07-23 10:05:32.057

Description:

Date: 2020-07-23 08:48:36.946

Description:

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume3WindowsSoftwareDistributionDownloadc598f05c17f6f8ae8481e549b748c1e8amd64_Microsoft-Windows-Client-Desktop-Required-Package~~amd64~~10.0.18362.1amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.18362.1_none_48fd342261d82ebaspatialaudiolicensesrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-07-23 08:48:36.943

Description:

==================== Memory info ===========================

BIOS: American Megatrends Inc. FX504GD.317 06/10/2019

Motherboard: ASUSTeK COMPUTER INC. FX504GD

Processor: Intel® Core i5-8300H CPU @ 2.30GHz

Percentage of memory in use: 45%

Total physical RAM: 8048.46 MB

Available physical RAM: 4370.96 MB

Total Virtual: 16752.46 MB

Available Virtual: 11778.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.46 GB) (Free:365.33 GB) NTFS

\?Volume09fc08f4-9196-4602-903c-b71761bdcd13 (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.36 GB) NTFS

\?Volume474b30c7-9fcd-4cd1-85b8-b2e28bd4ccfa (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 998F9D14)

Partition: GPT.

==================== End of Addition.txt =======================

Many thanks

Archives

BL

Recent Posts

100% disk usage, Win Defender Trojan:Win32/Wacatac.DC!ml & BSOD

Archives

BL

Recent Posts

Tags