Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05.2019
Ran by SLR (09-05-2019 09:24:44)
Running from C:\Users\SLR\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-25 14:17:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4076564316-1935873266-44556536-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4076564316-1935873266-44556536-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4076564316-1935873266-44556536-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4076564316-1935873266-44556536-501 - Limited - Disabled)
SLR (S-1-5-21-4076564316-1935873266-44556536-1001 - Administrator - Enabled) => C:\Users\SLR
WDAGUtilityAccount (S-1-5-21-4076564316-1935873266-44556536-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
adobe (HKLM\...\{446634A4-47E3-4C2E-8361-A10DB0FFCCA3}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
AirDroid 3.6.0.0 (HKLM-x32\...\AirDroid) (Version: 3.6.0.0 - Sand Studio)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlindWrite 7 (HKLM-x32\...\{C0775A40-9CBC-430A-B055-6367E3DFEB13}_is1) (Version: 7.0.0.1 - VSO Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.13.3306 - BlueStack Systems, Inc.)
calibre 64bit (HKLM\...\{53CF63D2-ADC7-4D61-8076-113B313EE85A}) (Version: 3.33.1 - Kovid Goyal)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Corel Update Manager (HKLM\...\{7A731C52-8DC6-47AB-B2BC-3FE70F6C6968}) (Version: 2.10.442 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2018 - Capture (x64) (HKLM\...\{57B35A9E-2E5C-4CE4-AE54-61B02500ED6C}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Common (x64) (HKLM\...\{C9E9E21E-E375-4BAF-B647-22ABA6ABBACF}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Connect (x64) (HKLM\...\{BCAF055A-51F2-4266-BC27-E67AFE02B1CE}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Custom Data (x64) (HKLM\...\{098FFEC8-98D9-4DE0-BC3F-B5A94547FF73}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Draw (x64) (HKLM\...\{121B4D48-BDC1-4037-B150-28037FA47510}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - EN (x64) (HKLM\...\{FBA611A2-4060-4FF5-8A32-3A710A347EDA}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Filters (x64) (HKLM\...\{9433E8C4-DD2E-40BE-A1AF-0832DFE89C92}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Font Manager (x64) (HKLM\...\{EFD5BDD5-CEF1-4209-ABF1-2387D0756D14}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - IPM T (x64) (HKLM\...\{A4DEA23F-2371-483E-93C1-1764CA80DDEF}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - PHOTO-PAINT (x64) (HKLM\...\{CA42C3C9-6A8C-423E-885E-064B06DAD20E}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Redist (x64) (HKLM\...\{E442BB6A-268E-4864-9780-C0A4789DA64F}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Setup Files (x64) (HKLM\...\{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - VBA (x64) (HKLM\...\{8FE99871-8AF0-449F-A1C4-F18EE971DC84}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Workspaces (x64) (HKLM\...\{94B3EE65-9BD2-4C39-9E43-E1403F6A82F4}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 (64-Bit) (HKLM\...\_{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: - Corel Corporation)
CorelDRAW Graphics Suite 2018 (HKLM\...\{23465DF5-08D9-4150-9621-7A127B208936}) (Version: 20.0 - Corel Corporation) Hidden
Dell SupportAssist (HKLM\...\{0309AC01-330F-494C-B27D-58E297E4674F}) (Version: 3.2.1.94 - Dell Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
DYMO Label (HKLM-x32\...\{54D84731-D2F9-4E8C-B18E-E91838BE52BB}) (Version: 8.7.3.46663 - Newell Rubbermaid)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.2.1076 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 66.0.5 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.5 (x64 en-US)) (Version: 66.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 en-US)) (Version: 60.6.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayOn (HKLM-x32\...\{8253404B-8E41-4BB0-A452-B4C150019E4A}) (Version: 4.5.19 - MediaMall Technologies, Inc.) Hidden
PlayOn (HKLM-x32\...\{f37af5f1-bbec-4633-baaf-55da694f9102}) (Version: 4.5.19.24406 - MediaMall Technologies, Inc.)
PlayOn Dependencies (HKLM-x32\...\{9FCAA915-CEEF-4D9E-AAF2-6A252C888669}) (Version: 4.0.0.0 - MediaMall Technologies, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 2.02.53 (5/30/2018) - HP Printing Korea Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.00.01.24 - HP Printing Korea Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.32 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 3.31.93:14 - Samsung Electronics Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.61 - VSO Software)
VSO ConvertXtoVideo Ultimate 2 (HKLM-x32\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.88 - VSO Software)
VSO CopyTo 5 (HKLM-x32\...\{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1) (Version: 5.1.1.3 - VSO Software)
VSO Downloader 5.0.1.56 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.0.1.56 - VSO Software)
VSO DVD Converter Ultimate 4 (HKLM-x32\...\{{089D6334-329D-46DC-8DC3-6BF4C9735F0F}_is1) (Version: 4.0.0.92 - VSO Software)
VSO EVE Network Driver version 1.0.0.28 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.28 - VSO Software)
VSO Media Player 1.6.19.528 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.6.19.528 - VSO Software)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinSCP 5.15.1 (HKLM-x32\...\winscp3_is1) (Version: 5.15.1 - Martin Prikryl)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-05-17 04:07 - 2018-05-17 04:07 - 000087552 _____ () [File not signed] C:\WINDOWS\system32\SSDEVM64.DLL
2019-05-03 11:54 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-20 13:25 - 2018-03-20 13:25 - 000099840 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2017-11-08 02:35 - 2017-11-08 02:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
2018-08-02 06:27 - 2018-08-02 06:27 - 000027136 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [155]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-05-06 18:29 - 2019-05-06 18:29 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2017-12-20 16:49 - 2017-12-20 16:54 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SLR\Downloads\Cappy from Hannah.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "Ointment"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\...\StartupApproved\Run: => "carb"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{043C8151-5F3B-4F88-B6FF-C1C9EE17B2EA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{69622545-0499-495A-B16C-DE524B98BD97}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{5EFDE21D-A70A-49F5-A25A-000BD18C2C40}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{8E77281B-55D0-4342-8E92-AA8770A1F8C1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{DB8A8269-3444-485F-BBB9-C352D9FE397D}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [{8E80482E-383B-42E5-B703-7A21A6A12AD4}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE3AE70C-13D4-4E53-9B00-5BD9DEAD7DBC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{7F47A822-F0A4-4BAF-B737-A86586CB2EAC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [TCP Query User{6B7F8551-1A01-4B4C-82A1-87E4D619A036}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{027F22F7-4524-45D6-B8A8-01CFDE03CE66}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [{547B56FC-419E-4260-98F2-6776A191DF62}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{64404C25-9A45-4CE0-BFBF-D7C22D1AF4E4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{B40EF26C-5B78-48CC-8081-F314E2FF01D7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{74653780-EBA3-4426-82ED-21A6051B1F97}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{47C1D9D3-444F-4B57-88DD-8925CE31282E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{92D250BB-BBFB-493A-818B-89DD843D81DB}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{F0E6F6AB-3E2A-434B-8F96-D2B722C02815}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{2518EEF7-D064-4EE1-8F10-C3187668C7DA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A399DB47-7350-4C0D-9E2E-0682EC687F99}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{6BABB55A-55F2-41BE-B001-A905F806F038}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{3969CF01-33AF-473A-BF2F-23AB62F06046}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{5F747C0A-25B0-435A-9BE8-CE27A37D24EE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{D46C0CB8-96B9-45EE-B770-EBF770A83324}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query User{E6102758-B871-41A7-8DEF-3FCE73DF171D}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [UDP Query User{F366C149-8A00-42B8-AFC9-1B1E9AC492A3}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [{F19DC4CE-AAFB-4C9F-ACB7-6BE457E86285}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21558D7B-D34C-4F89-AB8F-BAABC6572A92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{59A2122C-6D41-44F9-95C6-1726DAAC10D1}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{5358A05E-2003-47AC-BC51-0B6FFB989A88}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe (MediaMall Technologies, Inc.) [File not signed]
FirewallRules: [{0E463619-8481-4E31-A4C9-5CC9BE88558A}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{12FC90B8-7F8D-42B9-8129-F0BED77A17E7}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{B7C21B02-38B7-4228-9BF4-8B4B245FDE4E}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe (MediaMall Technologies, Inc.) [File not signed]
==================== Restore Points =========================
06-05-2019 12:07:01 Scheduled Checkpoint
07-05-2019 14:16:39 Removed Bonjour
07-05-2019 15:27:42 Removed Corel Graphics - Windows Shell Extension.
07-05-2019 15:27:50 Removed Corel Graphics - Windows Shell Extension 32 Bit Keys.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2019 08:38:44 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: System.Net.WebException127.0.0.1
Error: (05/09/2019 08:38:38 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 45868670 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/09/2019 08:38:38 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 45868513 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [0]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/08/2019 07:54:33 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 6202 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [2]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/08/2019 07:54:33 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 6186 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [2]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/08/2019 07:36:35 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 6214 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [2]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/08/2019 07:36:35 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.3.10207.5567) TYPE: ERROR MODULE: DPTF TIME 6201 ms
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\..\Sources\Policies\PassivePolicy\PassivePolicy.cpp @ line 300
Executing Function: PassivePolicy::onDomainPerformanceControlCapabilityChanged
Message:
DPTF Build Version: 8.3.10207.5567
DPTF Build Date: Nov 2 2017 14:28:00
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 229
Executing Function: EsifServices::primitiveExecuteSetAsUInt32
Message: Error returned from ESIF services interface function call
Participant: TCPU [2]
Domain: CPU [1]
ESIF Primitive: SET_PERF_PRESENT_CAPABILITY [82]
ESIF Instance: 255
ESIF Return Code: ESIF_E_ACPI_EVAL_FAILURE [1105]
Policy: Passive Policy [1]
Error: (05/08/2019 08:44:20 AM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: System.Net.WebException127.0.0.1
System errors:
=============
Error: (05/09/2019 09:24:40 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:22:40 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:20:40 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:18:40 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:16:40 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:14:39 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:12:39 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Error: (05/09/2019 09:10:39 AM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2019-05-09 09:03:32.976
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {050D55B1-ABF2-4581-A3AD-64827CA96830}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-05-08 19:52:36.089
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {155BE0D1-8E75-4A0A-9413-7428759638B1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2019-05-07 10:46:35.157
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Redirector.GO&threatid=2147643571&enterprise=0
Name: Trojan:JS/Redirector.GO
ID: 2147643571
Severity: Severe
Category: Trojan
Path: file:_C:\Users\SLR\Downloads\a transfer\BF\view.php
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1053.0, AS: 1.293.1053.0, NIS: 1.293.1053.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-07 10:22:28.132
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win64/Detrahere&threatid=2147727738&enterprise=0
Name: VirTool:Win64/Detrahere
ID: 2147727738
Severity: Severe
Category: Tool
Path: file:_C:\FRST\Quarantine\C\Windows\System32\pselvno\simtuln.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1048.0, AS: 1.293.1048.0, NIS: 1.293.1048.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-07 10:22:28.099
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Detrahere.S&threatid=2147726076&enterprise=0
Name: Trojan:Win64/Detrahere.S
ID: 2147726076
Severity: Severe
Category: Trojan
Path: file:_C:\FRST\Quarantine\C\Windows\System32\drivers\vdsbeilo.sys.xBAD
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1048.0, AS: 1.293.1048.0, NIS: 1.293.1048.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4
Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-07 12:24:49.518
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-05-07 12:24:49.518
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2019-05-07 13:52:11.019
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:52:11.013
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:52:10.861
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:52:10.859
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:51:10.060
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:51:10.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:51:09.870
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-05-07 13:51:09.862
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0H20TW
Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 22%
Total physical RAM: 16253.9 MB
Available physical RAM: 12580.85 MB
Total Virtual: 18685.9 MB
Available Virtual: 14564.51 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:465.18 GB) (Free:350.9 GB) NTFS
\\?\Volume{feaf7fb2-dd54-4375-98aa-4e59a1284873}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{c6fd387d-e4ec-4b59-8200-f595416de6b0}\ (Image) (Fixed) (Total:10.71 GB) (Free:0.66 GB) NTFS
\\?\Volume{d73eba60-b25d-489c-b504-cc6fd5922708}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7753131A)
Partition: GPT.
==================== End of Addition.txt ============================