Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019
Ran by SLR (06-05-2019 17:26:33)
Running from C:\Users\SLR\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-25 14:17:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4076564316-1935873266-44556536-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4076564316-1935873266-44556536-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4076564316-1935873266-44556536-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4076564316-1935873266-44556536-501 - Limited - Disabled)
SLR (S-1-5-21-4076564316-1935873266-44556536-1001 - Administrator - Enabled) => C:\Users\SLR
WDAGUtilityAccount (S-1-5-21-4076564316-1935873266-44556536-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
adobe (HKLM\...\{446634A4-47E3-4C2E-8361-A10DB0FFCCA3}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
AirDroid 3.6.0.0 (HKLM-x32\...\AirDroid) (Version: 3.6.0.0 - Sand Studio)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlindWrite 7 (HKLM-x32\...\{C0775A40-9CBC-430A-B055-6367E3DFEB13}_is1) (Version: 7.0.0.1 - VSO Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.13.3306 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{53CF63D2-ADC7-4D61-8076-113B313EE85A}) (Version: 3.33.1 - Kovid Goyal)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{CD4FAF77-25BC-4838-9B4B-5C59AC8662D1}) (Version: 20.0.0.633 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{CD4FAF77-25BC-4838-9B4B-5C59AC8662D1}) (Version: 20.0.633 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C0408619-0431-4B54-B63C-C3AB18B1E4B4}) (Version: 20.0.633 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{7A731C52-8DC6-47AB-B2BC-3FE70F6C6968}) (Version: 2.10.442 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2018 - Capture (x64) (HKLM\...\{57B35A9E-2E5C-4CE4-AE54-61B02500ED6C}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Common (x64) (HKLM\...\{C9E9E21E-E375-4BAF-B647-22ABA6ABBACF}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Connect (x64) (HKLM\...\{BCAF055A-51F2-4266-BC27-E67AFE02B1CE}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Custom Data (x64) (HKLM\...\{098FFEC8-98D9-4DE0-BC3F-B5A94547FF73}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Draw (x64) (HKLM\...\{121B4D48-BDC1-4037-B150-28037FA47510}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - EN (x64) (HKLM\...\{FBA611A2-4060-4FF5-8A32-3A710A347EDA}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Filters (x64) (HKLM\...\{9433E8C4-DD2E-40BE-A1AF-0832DFE89C92}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Font Manager (x64) (HKLM\...\{EFD5BDD5-CEF1-4209-ABF1-2387D0756D14}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - IPM T (x64) (HKLM\...\{A4DEA23F-2371-483E-93C1-1764CA80DDEF}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - PHOTO-PAINT (x64) (HKLM\...\{CA42C3C9-6A8C-423E-885E-064B06DAD20E}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Redist (x64) (HKLM\...\{E442BB6A-268E-4864-9780-C0A4789DA64F}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Setup Files (x64) (HKLM\...\{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - VBA (x64) (HKLM\...\{8FE99871-8AF0-449F-A1C4-F18EE971DC84}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Workspaces (x64) (HKLM\...\{94B3EE65-9BD2-4C39-9E43-E1403F6A82F4}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Writing Tools (x64) (HKLM\...\{F5CC82A3-6FF2-4D76-AC4F-3A7C63E3487C}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 (64-Bit) (HKLM\...\_{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: 20.1.0.708 - Corel Corporation)
CorelDRAW Graphics Suite 2018 (HKLM\...\{23465DF5-08D9-4150-9621-7A127B208936}) (Version: 20.1 - Corel Corporation) Hidden
Dell SupportAssist (HKLM\...\{0309AC01-330F-494C-B27D-58E297E4674F}) (Version: 3.2.1.94 - Dell Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
DYMO Label (HKLM-x32\...\{54D84731-D2F9-4E8C-B18E-E91838BE52BB}) (Version: 8.7.3.46663 - Newell Rubbermaid)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.21.0.24 - Curio Systems GmbH)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.2.1076 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 66.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.4 (x64 en-US)) (Version: 66.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 en-US)) (Version: 60.6.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayOn (HKLM-x32\...\{8253404B-8E41-4BB0-A452-B4C150019E4A}) (Version: 4.5.19 - MediaMall Technologies, Inc.) Hidden
PlayOn (HKLM-x32\...\{f37af5f1-bbec-4633-baaf-55da694f9102}) (Version: 4.5.19.24406 - MediaMall Technologies, Inc.)
PlayOn Dependencies (HKLM-x32\...\{9FCAA915-CEEF-4D9E-AAF2-6A252C888669}) (Version: 4.0.0.0 - MediaMall Technologies, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 2.02.53 (5/30/2018) - HP Printing Korea Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.00.01.24 - HP Printing Korea Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.32 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 3.31.93:14 - Samsung Electronics Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.61 - VSO Software)
VSO ConvertXtoVideo Ultimate 2 (HKLM-x32\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.88 - VSO Software)
VSO CopyTo 5 (HKLM-x32\...\{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1) (Version: 5.1.1.3 - VSO Software)
VSO Downloader 5.0.1.56 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.0.1.56 - VSO Software)
VSO DVD Converter Ultimate 4 (HKLM-x32\...\{{089D6334-329D-46DC-8DC3-6BF4C9735F0F}_is1) (Version: 4.0.0.92 - VSO Software)
VSO EVE Network Driver version 1.0.0.28 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.28 - VSO Software)
VSO Media Player 1.6.19.528 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.6.19.528 - VSO Software)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinSCP 5.15.1 (HKLM-x32\...\winscp3_is1) (Version: 5.15.1 - Martin Prikryl)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-09-08 14:38 - 2014-09-08 14:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-05-17 04:07 - 2018-05-17 04:07 - 000087552 _____ () [File not signed] C:\WINDOWS\system32\SSDEVM64.DLL
2019-05-03 11:54 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-20 13:25 - 2018-03-20 13:25 - 000099840 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2017-11-08 02:35 - 2017-11-08 02:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
2018-08-02 06:27 - 2018-08-02 06:27 - 000027136 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [155]
AlternateDataStreams: C:\Users\SLR\AppData\Local\Temp:DfOsjn53tx8EiT31wQhbDe [2114]
AlternateDataStreams: C:\Users\SLR\AppData\Local\UU1roKagF8:xLTI5MZOtLbH10eO7GOiGf0Pqm [1844]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
2017-12-20 16:49 - 2017-12-20 16:54 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414112\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414143\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4076564316-1935873266-44556536-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414159\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SLR\Downloads\Cappy from Hannah.jpg
HKU\S-1-5-21-4076564316-1935873266-44556536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414206\Control Panel\Desktop\\Wallpaper -> C:\Users\SLR\Downloads\Cappy from Hannah.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "Ointment"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\...\StartupApproved\Run: => "carb"
HKU\S-1-5-21-4076564316-1935873266-44556536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05062019172414206\...\StartupApproved\Run: => "carb"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8B655FD4-FC0B-4DFF-BD1A-5BA00FEE04C0}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2018\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{2EB07FA9-1633-47AA-84B5-7CF9DFF60990}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2018\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{043C8151-5F3B-4F88-B6FF-C1C9EE17B2EA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{69622545-0499-495A-B16C-DE524B98BD97}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{5EFDE21D-A70A-49F5-A25A-000BD18C2C40}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{8E77281B-55D0-4342-8E92-AA8770A1F8C1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{DB8A8269-3444-485F-BBB9-C352D9FE397D}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [{4F04EEF7-0239-47EC-A10D-0F5110594664}] => (Allow) LPort=51001
FirewallRules: [{8E80482E-383B-42E5-B703-7A21A6A12AD4}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{413162FD-37AF-483D-811A-7EFEDD091CF0}] => (Allow) LPort=2078
FirewallRules: [{DE3AE70C-13D4-4E53-9B00-5BD9DEAD7DBC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{7F47A822-F0A4-4BAF-B737-A86586CB2EAC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{9797FA22-02C2-4DD8-A0FC-B4C62CAC132F}] => (Allow) LPort=7935
FirewallRules: [{23C2279C-00A3-49C1-8039-41A3860DA107}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{56FC8D76-7D20-42F6-8E3E-E50843C0E876}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{133E956A-FD0D-43F5-8E46-1C566869B613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1982FE9E-A4C8-46D7-9259-12AFAE235672}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{45271757-2057-42FA-859E-874EB71B2B4E}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{6B7F8551-1A01-4B4C-82A1-87E4D619A036}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{027F22F7-4524-45D6-B8A8-01CFDE03CE66}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [{547B56FC-419E-4260-98F2-6776A191DF62}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{64404C25-9A45-4CE0-BFBF-D7C22D1AF4E4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{B40EF26C-5B78-48CC-8081-F314E2FF01D7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{74653780-EBA3-4426-82ED-21A6051B1F97}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{47C1D9D3-444F-4B57-88DD-8925CE31282E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{92D250BB-BBFB-493A-818B-89DD843D81DB}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{F0E6F6AB-3E2A-434B-8F96-D2B722C02815}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{2518EEF7-D064-4EE1-8F10-C3187668C7DA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A399DB47-7350-4C0D-9E2E-0682EC687F99}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{6BABB55A-55F2-41BE-B001-A905F806F038}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{3969CF01-33AF-473A-BF2F-23AB62F06046}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{5F747C0A-25B0-435A-9BE8-CE27A37D24EE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{D46C0CB8-96B9-45EE-B770-EBF770A83324}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query User{E6102758-B871-41A7-8DEF-3FCE73DF171D}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [UDP Query User{F366C149-8A00-42B8-AFC9-1B1E9AC492A3}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [{F19DC4CE-AAFB-4C9F-ACB7-6BE457E86285}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21558D7B-D34C-4F89-AB8F-BAABC6572A92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{59A2122C-6D41-44F9-95C6-1726DAAC10D1}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{5358A05E-2003-47AC-BC51-0B6FFB989A88}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe (MediaMall Technologies, Inc.) [File not signed]
FirewallRules: [{0E463619-8481-4E31-A4C9-5CC9BE88558A}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{12FC90B8-7F8D-42B9-8129-F0BED77A17E7}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{B7C21B02-38B7-4228-9BF4-8B4B245FDE4E}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe (MediaMall Technologies, Inc.) [File not signed]
==================== Restore Points =========================
06-05-2019 12:07:01 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2019 03:01:11 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: System.Net.WebException127.0.0.1
Error: (05/06/2019 02:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SensorService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: ESENT.dll, version: 10.0.17134.112, time stamp: 0xbce77d42
Exception code: 0xc0000602
Fault offset: 0x0000000000252de2
Faulting process id: 0x978
Faulting application start time: 0x01d5042fe04e593b
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\ESENT.dll
Report Id: bbb044cb-926d-4f7e-9686-6e09d995f4d5
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2019 02:15:48 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2424,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: 2100(logshadow.cxx:140): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
Error: (05/06/2019 02:13:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.17134.677, time stamp: 0xb4a88dff
Faulting module name: explorer.exe, version: 10.0.17134.677, time stamp: 0xb4a88dff
Exception code: 0xc0000409
Fault offset: 0x00000000000b9eba
Faulting process id: 0x1e90
Faulting application start time: 0x01d5043660e0bbca
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\explorer.exe
Report Id: 7dfcfb2b-4ba4-4baf-a91f-4b3e428e06de
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2019 02:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.17134.677, time stamp: 0xb4a88dff
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000011940fd8
Faulting process id: 0x18c8
Faulting application start time: 0x01d50430420401f3
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: unknown
Report Id: 30f190df-6ff4-4e15-85c0-438ee9247b5e
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2019 02:06:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 0000000011940FD8
Stack:
Error: (05/06/2019 01:49:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program VMP.exe version 1.6.19.528 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1810
Start Time: 01d50433b9444b07
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\VSO\VSO Media Player\1\VMP.exe
Report Id: 70f246c8-487f-4a30-bcc4-4e052a53c08b
Faulting package full name:
Faulting package-relative application ID:
Error: (05/06/2019 01:22:22 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: System.Net.WebException127.0.0.1
System errors:
=============
Error: (05/06/2019 05:25:25 PM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (05/06/2019 05:25:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (05/06/2019 05:25:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/06/2019 05:24:19 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (05/06/2019 05:23:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (05/06/2019 05:23:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/06/2019 05:23:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (05/06/2019 05:23:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Windows Defender:
===================================
Date: 2019-04-24 14:00:45.632
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Adload.DU!bit&threatid=249572&enterprise=0
Name: TrojanDownloader:Win32/Adload.DU!bit
ID: 249572
Severity: High
Category: Trojan Downloader
Path: file:_C:\Program Files (x86)\Wilbanks\neurology.exe; process:_pid:10748,ProcessStart:132006020175134406; process:_pid:10980,ProcessStart:132006020175135100
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\Wilbanks\neurology.exe
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-04-24 14:00:45.631
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Raytop.A!ARX&threatid=2147730464&enterprise=0
Name: Trojan:Win32/Raytop.A!ARX
ID: 2147730464
Severity: Severe
Category: Trojan
Path: file:_C:\Users\SLR\AppData\Local\Temp\1556128393\setup0904.exe; process:_pid:4948,ProcessStart:132006020513779528
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-04-24 14:00:45.630
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/SquareNet&threatid=2147727752&enterprise=0
Name: Trojan:Win32/SquareNet
ID: 2147727752
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\s5\u.exe; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\s5m; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\s5m
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-04-24 13:54:46.186
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Raytop.A!ARX&threatid=2147730464&enterprise=0
Name: Trojan:Win32/Raytop.A!ARX
ID: 2147730464
Severity: Severe
Category: Trojan
Path: file:_C:\Users\SLR\AppData\Local\Temp\1556128393\setup0904.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-04-24 13:54:43.032
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Raytop.A!ARX&threatid=2147730464&enterprise=0
Name: Trojan:Win32/Raytop.A!ARX
ID: 2147730464
Severity: Severe
Category: Trojan
Path: file:_C:\Users\SLR\AppData\Local\Temp\1556128393\setup0904.exe; process:_pid:10936,ProcessStart:132006019976112675
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0
Date: 2019-01-11 11:52:03.166
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-01-11 11:52:03.166
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-01-11 11:52:03.165
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-01-11 11:52:03.152
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-01-11 11:52:03.152
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.283.2544.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15500.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2019-05-06 17:26:52.758
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:26:52.756
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:26:52.653
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:26:52.650
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:25:48.197
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:25:48.196
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:25:48.134
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-06 17:25:48.132
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0H20TW
Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 20%
Total physical RAM: 16253.9 MB
Available physical RAM: 12968.4 MB
Total Virtual: 18685.9 MB
Available Virtual: 15019.74 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:465.18 GB) (Free:351.82 GB) NTFS
Drive f: (ESD-USB) (Removable) (Total:29.3 GB) (Free:25.32 GB) FAT32
\\?\Volume{feaf7fb2-dd54-4375-98aa-4e59a1284873}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{c6fd387d-e4ec-4b59-8200-f595416de6b0}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d73eba60-b25d-489c-b504-cc6fd5922708}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7753131A)
Partition: GPT.
========================================================
Disk: 1 (Protective MBR) (Size: 29.3 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================