Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I've been owned [Solved]

frst

  • This topic is locked This topic is locked

#1
slrlcx

slrlcx

    Member

  • Member
  • PipPip
  • 20 posts

Been working to remove this malware. It's created a storage volume and essentially taken away admin. . It deleted all restore points and functionsSomeone installed infected Corel Draw on my machine.

 

Thanking you in advance for any help or guidance. Dont have the time to reinstall my whole system.

Attached Files

  • Attached File  FRST.txt   58.07KB   35 downloads

  • 0

Advertisements


#2
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Welcome to Geeks To Go. :)

Please download Farbar Recovery Scan Tool using a clean computer, and save it to a USB flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot in the Recovery Environment
  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called FRST.txt will be saved on your USB Flash Drive
  • Exit the recovery environment by restarting your computer
  • Plug the USB flash drive into the clean computer
  • Please copy and paste the contents of FRST.txt in your next reply

  • 0

#3
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Gone through the procedure from usb device. Heres the newfile.

If it's of help, this infection occurred on 4/24/19.

Once again. thank you for your time and attention.

Attached Files

  • Attached File  FRST.txt   51.67KB   38 downloads

  • 0

#4
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Excellent, we were able to remove part of the Rootkit in the recovery mode. Run a scan with FRST in normal mode:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

  • 0

#5
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Run from the desktop.

Attached Files


  • 0

#6
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi,

Did you install these programs intentionally?
  • Baidu Search Update Firefox extension
  • Exterminate It!
-----------------------------------------------

Farbar Recovery Scan Tool - Fix
  • Press the Windows Key + R.
  • Type notepad in the Run box and click OK.
  • Copy the contents of the below code box to the new text file:
    Start
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    Task: {12304551-6028-4738-9B75-B9593811BF89} - System32\Tasks\refereesreferees => C:\Program Files (x86)\surrey\surrey.exe
    Task: {5FFA52DE-1CF5-4DF2-A6F0-7B56F0EE115D} - System32\Tasks\nizar_harbin => C:\Program Files (x86)\Solid\Mazes.exe
    Task: {7589701C-A3C6-405F-9839-B344316FA994} - System32\Tasks\nizar_harbinnizar_harbin => C:\Program Files (x86)\Solid\Mazes.exe
    Task: {7BC83271-2BF5-4C6D-92EF-1D6311F1B30E} - System32\Tasks\jotted-patna => C:\Program Files (x86)\rounders\Cahners.exe
    Task: {81555F06-4F4F-4033-88B3-B97D3875B80D} - System32\Tasks\rapp ruhl => C:\Program Files (x86)\Solid\Cahners.exe
    Task: {9E5145E0-97FF-4835-A028-DBF25FA90898} - System32\Tasks\referees => C:\Program Files (x86)\surrey\surrey.exe
    Task: {C31CD62B-D117-4E64-8D90-DC75BDC8716A} - System32\Tasks\jotted-patnajotted-patna => C:\Program Files (x86)\rounders\Cahners.exe
    Task: {D4612FF3-FED6-49D5-85BF-0ED0904F88EC} - System32\Tasks\rapp ruhlrapp ruhl => C:\Program Files (x86)\Solid\Cahners.exe
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
    S4 ipaonst; System32\drivers\scbnokpi.sys [X]
    S1 rwptx; \??\C:\Users\SLR\AppData\Local\Temp\wmkvrasd.sys [X] <==== ATTENTION
    S1 upylqahn; \??\C:\WINDOWS\system32\drivers\upylqahn.sys [X]
    S1 xpyyvxrh; \??\C:\WINDOWS\system32\drivers\xpyyvxrh.sys [X]
    2019-05-01 12:54 - 2019-05-02 19:01 - 000000000 ____D C:\Program Files\Reimage
    2019-04-24 13:57 - 2019-05-01 17:16 - 000000000 ____D C:\Users\SLR\AppData\Local\nirusow
    2019-04-24 13:55 - 2019-05-06 19:51 - 000000000 ____D C:\Users\SLR\AppData\Local\dtdwagx
    2019-04-24 13:55 - 2019-04-24 13:55 - 000000000 ____D C:\Users\SLR\AppData\Local\vdrulge
    2019-04-24 13:54 - 2019-05-06 15:39 - 002930176 _____ C:\WINDOWS\system32\simtulnsvc.exe
    2019-04-24 13:54 - 2019-04-24 13:57 - 000000000 ____D C:\WINDOWS\system32\pselvno
    2019-04-24 13:54 - 2019-04-24 13:54 - 000000000 ____D C:\WINDOWS\SysWOW64\pselvno
    2019-04-24 13:53 - 2019-04-24 13:53 - 000000000 ____D C:\Users\SLR\AppData\Roaming\et
    2019-04-24 13:52 - 2019-04-24 13:52 - 000004136 _____ C:\WINDOWS\System32\Tasks\jotted-patna
    2019-04-24 13:52 - 2019-04-24 13:52 - 000004126 _____ C:\WINDOWS\System32\Tasks\nizar_harbin
    2019-04-24 13:52 - 2019-04-24 13:52 - 000004124 _____ C:\WINDOWS\System32\Tasks\rapp ruhl
    2019-04-24 13:52 - 2019-04-24 13:52 - 000004122 _____ C:\WINDOWS\System32\Tasks\referees
    2019-04-24 13:52 - 2019-04-24 13:52 - 000004006 _____ C:\WINDOWS\System32\Tasks\jotted-patnajotted-patna
    2019-04-24 13:52 - 2019-04-24 13:52 - 000003996 _____ C:\WINDOWS\System32\Tasks\nizar_harbinnizar_harbin
    2019-04-24 13:52 - 2019-04-24 13:52 - 000003988 _____ C:\WINDOWS\System32\Tasks\rapp ruhlrapp ruhl
    2019-04-24 13:52 - 2019-04-24 13:52 - 000003984 _____ C:\WINDOWS\System32\Tasks\refereesreferees
    2019-04-24 13:52 - 2019-04-24 13:52 - 000000012 _____ C:\WINDOWS\b79640158
    2019-04-24 13:52 - 2019-04-24 13:52 - 000000000 ____D C:\Users\SLR\AppData\Roaming\AGData
    2019-04-24 13:51 - 2019-04-24 14:16 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
    2019-04-24 13:50 - 2019-04-24 13:50 - 000000000 ____D C:\Users\SLR\AppData\Local\AdvinstAnalytics
    2019-04-24 06:39 - 2019-04-24 06:39 - 000098229 _____ C:\WINDOWS\uninstaller.dat
    2019-04-29 11:33 - 2019-04-29 11:33 - 000001194 _____ () C:\Users\SLR\AppData\Roaming\SAS7_000.DAT
    
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [261]
    AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [155]
    AlternateDataStreams: C:\Users\SLR\AppData\Local\Temp:DfOsjn53tx8EiT31wQhbDe [2114]
    AlternateDataStreams: C:\Users\SLR\AppData\Local\UU1roKagF8:xLTI5MZOtLbH10eO7GOiGf0Pqm [1844]
    FirewallRules: [{4F04EEF7-0239-47EC-A10D-0F5110594664}] => (Allow) LPort=51001
    FirewallRules: [{413162FD-37AF-483D-811A-7EFEDD091CF0}] => (Allow) LPort=2078
    FirewallRules: [{9797FA22-02C2-4DD8-A0FC-B4C62CAC132F}] => (Allow) LPort=7935
    FirewallRules: [{45271757-2057-42FA-859E-874EB71B2B4E}] => (Allow) LPort=51001
    
    C:\Program Files (x86)\surrey
    C:\Program Files (x86)\Solid
    C:\Program Files (x86)\rounders
    
    Hosts:
    VirusTotal: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    VirusTotal: C:\Users\SLR\AppData\Roaming\inst.exe
    VirusTotal: C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
    
    End
  • Click on File > Save. Save the file as fixlist.txt to the same location as FRST.exe/FRST64.exe.
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait.
  • Allow your computer to restart if prompted.
  • When the fix is complete, the tool will create a log in the same location it was run from. (Fixlog.txt)
  • Copy and paste the contents of fixlog.txt into your next reply.
Let me know how the computer is doing.
  • 0

#7
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

On Windows startup I'm still getting the notification that some unknown volume is being repaired and updated.

 

To answer your question from before, I did install ExterminateIt in trying to get rid of this current issue. I'm happy to uninstall it right now on your go ahead. I did not installBaidu.

Ready for the next step. Thanks.

Attached Files


  • 0

#8
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi,

Please run a scan with Malwarebytes.
  • Launch Malwarebytes Anti-Malware.
  • Click on Settings in the left pane, then select the Protection tab.
  • Make sure that Scan for Rootkits and Scan within Archives are both On.
  • Go back to the Dashboard, and click Scan Now.
  • After the scan is complete, make sure any detected threats are checked and click Quarantine Selected.
  • Once the threats have been quarantined, click View Report
  • When the report opens, click Export > Text File (*.txt)
  • Save the file to your desktop as MBAMLog.txt
  • Open the file on your desktop (MBAMLog.txt), and copy and paste its contents into your next reply.
--------------------------------

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, uncheck any items you want to keep.
  • Click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
  • Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).
--------------------------------

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.
--------------------------------

In your next reply, please include:
  • Malwarebytes log
  • AdwCleaner log
  • ESET log

  • 0

#9
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

MBAMLOG:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/7/19
Scan Time: 9:43 AM
Log File: 24583efc-70ce-11e9-8b25-68071586b068.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.10500
License: Premium

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: SWEETIE-DAHLING\SLR

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 323398
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

ADWCLEANER LOG:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build:    04-04-2019
# Database: 2019-04-29.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-07-2019
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  27335
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1869 octets] - [07/05/2019 09:53:11]
AdwCleaner[C00].txt - [1945 octets] - [07/05/2019 09:55:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

Don't have ESET log. It did clean 3 items
 


  • 0

#10
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The strange start up volume repair message is still there after the Dell splash screen.
  • 0

Advertisements


#11
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi,
  • Right-click FRST/FRST64 and select Run as Administrator.
  • Ensure Addition.txt is checked and click Scan.
  • Once the scan is complete, click OK to the "Scan Complete" message box and OK to the Addition.txt box.
  • Two reports will be open in Notepad.
  • Copy and paste their contents into your next reply.

  • 0

#12
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05.2019
Ran by SLR (administrator) on SWEETIE-DAHLING (Dell Inc. Inspiron 15-5578) (07-05-2019 13:24:27)
Running from C:\Users\SLR\Desktop
Loaded Profiles: SLR (Available Profiles: defaultuser0 & SLR)
Platform: Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Program Files\Rivet Networks\SmartByte\RNDBWM.exe
(Rivet Networks LLC -> Rivet Networks) C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\Syswow64\cm106.dll [8146944 2009-09-07] (C-Media Corporation) [File not signed]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-09] (Intel® Rapid Storage Technology -> Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {059743D8-DEA2-4BD4-B3B7-E3C52D4B5D6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {27649C89-CF5F-48DF-994B-071D6745970C} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation)
Task: {3916BD1A-8130-49EF-B4E3-CEAEC78B8861} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1480712 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3D1F9A80-1F84-4290-8628-6F5803813313} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {46E98259-5F4E-42C6-BE6E-E5F11EF3AC49} - System32\Tasks\AdobeAAMUpdater-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {78E1E5B7-344C-403E-897F-279BD8DAE614} - System32\Tasks\AdobeGCInvoker-1.0-SWEETIE-DAHLING-SLR => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {921D0334-EE50-48C7-B84D-96C6E4B441E3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-04-10] (Dell Inc. -> Dell Inc.)
Task: {A29D8E7C-F709-4680-82E3-C9BAACEA7EBE} - System32\Tasks\SmartByte Telemetry => C:\Program Files\Rivet Networks\SmartByte\SmartByteTelemetry.exe [30912 2018-03-20] (Rivet Networks LLC -> DELL)
Task: {A6C95916-A3C7-4017-A5A7-038159157E1D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_pepper.exe [1453056 2019-03-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C564F9F6-6B82-4081-AD39-FFED46B62ED7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_171_Plugin.exe [1456696 2019-04-24] (Adobe Inc. -> Adobe)
Task: {CD0D13CB-4BBD-4A8D-B132-783FA3B843DB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E820D6EA-ECBE-4C20-801B-42AC8C16E611} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFE96584-B90A-4005-9EC1-06F2C2BA25A8} - System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1662200 2019-02-27] (Corel Corporation -> Corel Corporation)
Task: {F340ECBA-14FC-4064-A477-16565FB29A8A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{be89aef4-2958-4da1-b090-dcdd4863c654}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

FireFox:
========
FF DefaultProfile: qdl081mj.default-1556135615430
FF ProfilePath: C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 [2019-05-07]
FF Homepage: Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430 -> luckychix.com
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\Extensions\[email protected] [2019-05-07]
FF Extension: (Baidu Search Update) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\features\{ac099942-a6a0-4f1f-bb10-39511d8afee4}\[email protected] [2019-05-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_171.dll [2019-04-24] (Adobe Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-23] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151616 2014-11-04] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [27136 2018-08-02] (Sanford, L.P.) [File not signed]
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation -> Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17464 2019-01-09] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-08] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-08] (Intel® Trust Services -> Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-22] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [7286880 2019-02-09] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 RNDBWM; C:\Program Files\Rivet Networks\SmartByte\RNDBWMService.exe [64184 2018-03-20] (Rivet Networks LLC -> CloudBees, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-11-29] (Samsung Electronics CO., LTD. -> )
R2 SmartByte Network Service x64; C:\Program Files\Rivet Networks\SmartByte\SmartByteNetworkService.exe [2011848 2018-03-20] (Rivet Networks LLC -> Rivet Networks)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-04-10] (Dell Inc. -> Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-04-10] (Bluestack Systems, Inc. -> Bluestack System Inc. )
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-21] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-21] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-04-27] (Malwarebytes Corporation -> Malwarebytes)
R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2015-01-21] (VSO-SOFTWARE -> )
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [63496 2017-01-12] (Intel® Software -> Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1017312 2019-01-09] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-19] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-02] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2015-10-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [436224 2016-12-15] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3149824 2016-11-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SmbCoSvc; C:\WINDOWS\system32\DRIVERS\SmbCo10X64.sys [119528 2018-03-20] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBMULCD; C:\WINDOWS\system32\drivers\CM10664.sys [1307648 2009-10-01] (Microsoft Windows Hardware Compatibility Publisher -> C-Media Electronics Inc)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel® Software -> Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-07 13:24 - 2019-05-07 13:25 - 000022959 _____ C:\Users\SLR\Desktop\FRST.txt
2019-05-07 13:20 - 2019-05-07 13:21 - 000000000 ____D C:\Users\SLR\Desktop\older scans
2019-05-07 12:14 - 2019-05-07 12:14 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-07 12:14 - 2019-05-07 12:14 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-07 12:14 - 2019-05-07 12:14 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-07 12:14 - 2019-05-07 12:14 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-07 10:18 - 2019-05-07 10:18 - 000000000 ____D C:\Users\SLR\AppData\Local\ESET
2019-05-07 10:16 - 2019-05-07 10:15 - 007657592 _____ (ESET spol. s r.o.) C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
2019-05-07 10:15 - 2019-05-07 10:15 - 007657592 _____ (ESET spol. s r.o.) C:\Users\SLR\Downloads\esetonlinescanner_enu.exe
2019-05-07 09:51 - 2019-05-07 09:55 - 000000000 ____D C:\AdwCleaner
2019-05-07 09:48 - 2019-05-07 09:45 - 007025360 _____ (Malwarebytes) C:\Users\SLR\Desktop\AdwCleaner.exe
2019-05-07 09:45 - 2019-05-07 09:45 - 007025360 _____ (Malwarebytes) C:\Users\SLR\Downloads\AdwCleaner.exe
2019-05-06 17:24 - 2019-05-07 11:32 - 000000000 ____D C:\Users\SLR\Desktop\FRST-OlderVersion
2019-05-06 17:24 - 2019-05-06 17:24 - 002430464 _____ (Farbar) C:\Users\SLR\Desktop\FRST64.exe
2019-05-06 15:39 - 2019-05-07 12:14 - 032768000 _____ C:\WINDOWS\system32\config\SYSTEM
2019-05-06 15:38 - 2019-05-06 15:39 - 032243712 _____ C:\WINDOWS\system32\config\HARDWARE
2019-05-06 11:08 - 2019-05-06 11:08 - 000001396 _____ C:\Users\SLR\Downloads\fixlist(1).txt
2019-05-06 11:08 - 2019-05-06 11:08 - 000000000 _____ C:\Users\SLR\Downloads\fixlist.txt
2019-05-06 10:49 - 2019-05-06 10:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-03 15:29 - 2019-05-03 15:29 - 054149296 _____ (MiniTool Software Limited ) C:\Users\SLR\Downloads\pw11-pro-demo.exe
2019-05-03 15:18 - 2019-05-07 10:52 - 000000000 ____D C:\Users\SLR\Downloads\b from Babel
2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2019-05-03 11:54 - 2019-05-03 11:54 - 000000000 ____D C:\Program Files\7-Zip
2019-05-02 19:33 - 2019-05-02 19:33 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-02 19:03 - 2019-05-02 19:03 - 000319024 _____ C:\active_protection.txt
2019-05-02 17:10 - 2019-05-07 13:24 - 000000000 ____D C:\FRST
2019-05-02 16:26 - 2019-05-03 12:38 - 000062256 ____H C:\Users\SLR\AppData\Local\IconCache.db.backup
2019-05-02 15:58 - 2019-05-02 15:58 - 000000489 _____ C:\Users\SLR\Documents\email.txt
2019-05-02 13:43 - 2019-05-02 13:43 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-05-01 17:52 - 2019-05-01 17:52 - 000001144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2019-05-01 17:51 - 2019-05-01 17:51 - 009834432 _____ (Martin Prikryl ) C:\Users\SLR\Downloads\WinSCP-5.15.1-Setup.exe
2019-05-01 17:14 - 2019-05-01 17:14 - 000000000 ____D C:\Users\Public\BlueStacks
2019-05-01 14:15 - 2019-05-01 19:22 - 000000000 ____D C:\Users\SLR\Downloads\a transfer
2019-05-01 13:12 - 2019-05-02 15:58 - 000000000 ____D C:\Users\SLR\Documents\TCB
2019-05-01 13:09 - 2019-05-02 16:46 - 000001140 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2019-05-01 12:32 - 2019-05-01 12:32 - 000001114 _____ C:\Users\SLR\Documents\hosts.txt
2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ C:\Users\SLR\AppData\Local\recently-used.xbel
2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Roaming\inkscape
2019-04-29 13:27 - 2019-04-29 13:27 - 000000000 ____D C:\Users\SLR\AppData\Local\fontconfig
2019-04-29 12:30 - 2019-04-29 13:30 - 000000000 ____D C:\Users\SLR\Downloads\inkscape
2019-04-29 12:29 - 2019-04-29 12:30 - 063666130 _____ C:\Users\SLR\Downloads\inkscape-0.92.4-x64.7z
2019-04-29 11:00 - 2019-05-06 13:26 - 001048576 _____ C:\WINDOWS\system32\secedit.sdb
2019-04-29 11:00 - 2019-05-06 13:26 - 000016384 _____ C:\WINDOWS\system32\secedit.jfm
2019-04-28 12:56 - 2019-05-02 17:52 - 005814992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-04-27 10:10 - 2019-04-29 17:57 - 000026328 _____ C:\Users\SLR\Documents\S.ReinekeCV.odt
2019-04-24 17:42 - 2019-04-27 09:43 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2019-04-24 17:41 - 2019-04-24 17:46 - 000000000 ____D C:\ProgramData\HitmanPro
2019-04-24 16:45 - 2019-04-24 17:41 - 011515648 _____ (SurfRight B.V.) C:\Users\SLR\Downloads\HitmanPro_x64.exe
2019-04-24 16:41 - 2019-04-24 16:41 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\SLR\Downloads\rkill.exe
2019-04-24 15:53 - 2019-05-06 10:57 - 000001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-04-24 14:56 - 2019-04-24 14:57 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup
2019-04-24 14:49 - 2019-05-07 09:40 - 000003332 _____ C:\WINDOWS\System32\Tasks\CorelUpdateHelperTask-1C4DFC7D611817B5DCBA6F1534EDCCAD
2019-04-24 11:38 - 2019-04-01 13:51 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-04-24 11:38 - 2019-04-01 13:51 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-04-23 14:01 - 2019-04-29 20:14 - 000000000 ____D C:\Users\SLR\Downloads\marsall project
2019-04-23 13:42 - 2019-04-29 20:02 - 000000000 ____D C:\Users\SLR\Downloads\S Portfolio
2019-04-23 13:29 - 2019-04-02 08:19 - 012730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-04-23 13:29 - 2019-04-02 08:12 - 003643904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-04-23 13:29 - 2019-04-02 05:11 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-04-23 13:29 - 2019-04-02 05:08 - 002889216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-04-23 13:29 - 2019-04-02 04:21 - 007520136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-04-23 13:29 - 2019-04-02 04:19 - 009083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-04-23 13:29 - 2019-04-02 04:01 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-04-23 13:29 - 2019-04-02 03:53 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-04-23 13:29 - 2019-04-02 03:53 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-04-23 13:29 - 2019-04-02 03:51 - 003399680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-04-23 13:29 - 2019-04-02 03:50 - 007591936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-04-23 13:29 - 2019-04-02 01:04 - 006572120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-04-23 13:29 - 2019-04-02 00:56 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-04-23 13:29 - 2019-04-02 00:50 - 019404800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-04-23 13:29 - 2019-04-02 00:43 - 005788160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-04-23 13:29 - 2019-03-14 04:37 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-04-23 13:29 - 2019-03-14 04:26 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-04-23 13:29 - 2019-03-14 04:01 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-04-23 13:29 - 2019-03-14 03:58 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-04-23 13:29 - 2019-03-14 03:58 - 002509824 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-04-23 13:29 - 2019-03-14 03:57 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-04-23 13:29 - 2019-03-14 03:56 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-04-23 13:29 - 2019-03-14 03:55 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-04-23 13:28 - 2019-04-02 08:38 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-04-23 13:28 - 2019-04-02 08:33 - 001634912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-04-23 13:28 - 2019-04-02 08:33 - 000719984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-04-23 13:28 - 2019-04-02 08:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-04-23 13:28 - 2019-04-02 08:18 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-04-23 13:28 - 2019-04-02 08:16 - 001030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-04-23 13:28 - 2019-04-02 08:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleprn.dll
2019-04-23 13:28 - 2019-04-02 08:13 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-04-23 13:28 - 2019-04-02 08:12 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-04-23 13:28 - 2019-04-02 08:11 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-04-23 13:28 - 2019-04-02 08:11 - 001857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-04-23 13:28 - 2019-04-02 08:11 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-04-23 13:28 - 2019-04-02 08:10 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2019-04-23 13:28 - 2019-04-02 08:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2019-04-23 13:28 - 2019-04-02 05:25 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-04-23 13:28 - 2019-04-02 05:25 - 000607960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-04-23 13:28 - 2019-04-02 05:11 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-04-23 13:28 - 2019-04-02 05:10 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleprn.dll
2019-04-23 13:28 - 2019-04-02 05:07 - 004054528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-04-23 13:28 - 2019-04-02 05:07 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-04-23 13:28 - 2019-04-02 05:06 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-04-23 13:28 - 2019-04-02 04:36 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-04-23 13:28 - 2019-04-02 04:24 - 000135184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-04-23 13:28 - 2019-04-02 04:23 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-04-23 13:28 - 2019-04-02 04:22 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-04-23 13:28 - 2019-04-02 04:22 - 000567592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-04-23 13:28 - 2019-04-02 04:22 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-04-23 13:28 - 2019-04-02 04:21 - 002822160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-04-23 13:28 - 2019-04-02 04:21 - 002467536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-04-23 13:28 - 2019-04-02 04:21 - 000735680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-04-23 13:28 - 2019-04-02 04:20 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-04-23 13:28 - 2019-04-02 04:20 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-04-23 13:28 - 2019-04-02 04:19 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-04-23 13:28 - 2019-04-02 04:19 - 000786080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-04-23 13:28 - 2019-04-02 04:19 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-04-23 13:28 - 2019-04-02 03:50 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-04-23 13:28 - 2019-04-02 03:49 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-04-23 13:28 - 2019-04-02 03:49 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-04-23 13:28 - 2019-04-02 03:48 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-04-23 13:28 - 2019-04-02 03:48 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2019-04-23 13:28 - 2019-04-02 03:48 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-04-23 13:28 - 2019-04-02 03:47 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-04-23 13:28 - 2019-04-02 03:47 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-04-23 13:28 - 2019-04-02 03:46 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-04-23 13:28 - 2019-04-02 03:45 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-04-23 13:28 - 2019-04-02 03:44 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-04-23 13:28 - 2019-04-02 03:44 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-04-23 13:28 - 2019-04-02 03:44 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2019-04-23 13:28 - 2019-04-02 03:43 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-04-23 13:28 - 2019-04-02 02:22 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-04-23 13:28 - 2019-04-02 01:05 - 001989544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-04-23 13:28 - 2019-04-02 01:04 - 000604008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-04-23 13:28 - 2019-04-02 01:04 - 000581832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-04-23 13:28 - 2019-04-02 01:04 - 000560600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-04-23 13:28 - 2019-04-02 00:43 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-04-23 13:28 - 2019-04-02 00:43 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-04-23 13:28 - 2019-04-02 00:42 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-04-23 13:28 - 2019-04-02 00:41 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-04-23 13:28 - 2019-04-02 00:41 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2019-04-23 13:28 - 2019-04-02 00:41 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-04-23 13:28 - 2019-04-02 00:40 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-04-23 13:28 - 2019-04-02 00:40 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-04-23 13:28 - 2019-03-16 08:54 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-04-23 13:28 - 2019-03-16 05:03 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-04-23 13:28 - 2019-03-14 10:52 - 003933296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-04-23 13:28 - 2019-03-14 10:51 - 000157192 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2019-04-23 13:28 - 2019-03-14 10:35 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfoext.dll
2019-04-23 13:28 - 2019-03-14 10:34 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-04-23 13:28 - 2019-03-14 10:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2019-04-23 13:28 - 2019-03-14 10:33 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2019-04-23 13:28 - 2019-03-14 10:33 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2019-04-23 13:28 - 2019-03-14 10:31 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2019-04-23 13:28 - 2019-03-14 10:30 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2019-04-23 13:28 - 2019-03-14 10:30 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2019-04-23 13:28 - 2019-03-14 10:29 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2019-04-23 13:28 - 2019-03-14 10:28 - 000560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsound.dll
2019-04-23 13:28 - 2019-03-14 10:08 - 003611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-04-23 13:28 - 2019-03-14 09:56 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2019-04-23 13:28 - 2019-03-14 09:55 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcPing.exe
2019-04-23 13:28 - 2019-03-14 09:53 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2019-04-23 13:28 - 2019-03-14 09:53 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2019-04-23 13:28 - 2019-03-14 09:53 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2019-04-23 13:28 - 2019-03-14 09:52 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsound.dll
2019-04-23 13:28 - 2019-03-14 04:57 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-04-23 13:28 - 2019-03-14 04:56 - 000375096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-04-23 13:28 - 2019-03-14 04:38 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-04-23 13:28 - 2019-03-14 04:38 - 000090360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpr.dll
2019-04-23 13:28 - 2019-03-14 04:37 - 002256248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-04-23 13:28 - 2019-03-14 04:37 - 001171568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-04-23 13:28 - 2019-03-14 04:28 - 000152072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2019-04-23 13:28 - 2019-03-14 04:27 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-04-23 13:28 - 2019-03-14 04:27 - 000097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpr.dll
2019-04-23 13:28 - 2019-03-14 04:26 - 002768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-04-23 13:28 - 2019-03-14 04:26 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-04-23 13:28 - 2019-03-14 04:26 - 001457576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-04-23 13:28 - 2019-03-14 04:26 - 001258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-04-23 13:28 - 2019-03-14 04:26 - 001140984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-04-23 13:28 - 2019-03-14 04:26 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-04-23 13:28 - 2019-03-14 04:26 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-04-23 13:28 - 2019-03-14 04:26 - 000481048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-04-23 13:28 - 2019-03-14 04:26 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-04-23 13:28 - 2019-03-14 04:22 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-04-23 13:28 - 2019-03-14 04:20 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-04-23 13:28 - 2019-03-14 04:19 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-04-23 13:28 - 2019-03-14 04:19 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-04-23 13:28 - 2019-03-14 04:18 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-04-23 13:28 - 2019-03-14 04:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-04-23 13:28 - 2019-03-14 04:18 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credui.dll
2019-04-23 13:28 - 2019-03-14 04:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcmapi.dll
2019-04-23 13:28 - 2019-03-14 04:17 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntlanman.dll
2019-04-23 13:28 - 2019-03-14 04:16 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-04-23 13:28 - 2019-03-14 04:16 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-04-23 13:28 - 2019-03-14 04:15 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-04-23 13:28 - 2019-03-14 04:15 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-04-23 13:28 - 2019-03-14 04:15 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShellCommonCommonProxyStub.dll
2019-04-23 13:28 - 2019-03-14 04:15 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\negoexts.dll
2019-04-23 13:28 - 2019-03-14 04:14 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-04-23 13:28 - 2019-03-14 04:14 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-04-23 13:28 - 2019-03-14 04:14 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-04-23 13:28 - 2019-03-14 04:14 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-04-23 13:28 - 2019-03-14 04:14 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-04-23 13:28 - 2019-03-14 04:14 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-04-23 13:28 - 2019-03-14 04:14 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-04-23 13:28 - 2019-03-14 04:13 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2019-04-23 13:28 - 2019-03-14 04:13 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-04-23 13:28 - 2019-03-14 04:13 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-04-23 13:28 - 2019-03-14 03:58 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-04-23 13:28 - 2019-03-14 03:57 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-04-23 13:28 - 2019-03-14 03:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2019-04-23 13:28 - 2019-03-14 03:56 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-04-23 13:28 - 2019-03-14 03:56 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-04-23 13:28 - 2019-03-14 03:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2019-04-23 13:28 - 2019-03-14 03:55 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-04-23 13:28 - 2019-03-14 03:55 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmapi.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntlanman.dll
2019-04-23 13:28 - 2019-03-14 03:55 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2019-04-23 13:28 - 2019-03-14 03:55 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\credui.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-04-23 13:28 - 2019-03-14 03:54 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\negoexts.dll
2019-04-23 13:28 - 2019-03-14 03:54 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-04-23 13:28 - 2019-03-14 03:53 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-04-23 13:28 - 2019-03-14 03:53 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-04-23 13:28 - 2019-03-14 03:53 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-04-23 13:28 - 2019-03-14 03:53 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-04-23 13:28 - 2019-03-14 03:52 - 002909696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-04-23 13:28 - 2019-03-14 03:52 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-04-23 13:28 - 2019-03-14 03:52 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCommonCommonProxyStub.dll
2019-04-23 13:28 - 2019-03-14 03:52 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-04-23 13:28 - 2019-03-14 03:51 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-04-23 13:28 - 2019-03-14 03:51 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-04-23 13:28 - 2019-03-14 03:51 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 001410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-04-23 13:28 - 2019-03-14 03:50 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-04-23 13:28 - 2019-03-14 03:50 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-04-23 13:28 - 2019-03-13 21:57 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-04-23 13:28 - 2019-03-13 21:57 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2019-04-23 13:28 - 2019-03-13 21:57 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2019-04-23 13:28 - 2019-03-13 21:57 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-04-23 13:28 - 2019-03-13 21:57 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-07 13:21 - 2018-05-16 14:37 - 000000000 ____D C:\Users\SLR\AppData\Roaming\MediaMonkey
2019-05-07 12:49 - 2018-05-25 10:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-07 12:24 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-07 12:19 - 2018-05-25 10:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-05-07 12:19 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-07 12:14 - 2018-05-25 10:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-07 12:14 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-07 12:14 - 2017-02-23 18:04 - 000000000 __SHD C:\Users\SLR\IntelGraphicsProfiles
2019-05-07 12:10 - 2019-01-11 13:26 - 000000000 ____D C:\Users\SLR\AppData\LocalLow\Mozilla
2019-05-07 10:13 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-07 09:54 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-07 09:52 - 2017-12-20 15:52 - 000000000 ____D C:\Users\SLR\AppData\Local\Packages
2019-05-07 09:38 - 2018-01-20 18:32 - 000000000 ____D C:\Users\SLR\AppData\Local\Adobe
2019-05-07 09:31 - 2017-12-26 13:58 - 000000000 ____D C:\ProgramData\TEMP
2019-05-07 09:30 - 2018-11-16 13:55 - 000000000 ____D C:\Program Files\rempl
2019-05-06 18:30 - 2017-04-05 11:02 - 000000000 ____D C:\Users\SLR\AppData\LocalLow\Temp
2019-05-06 17:19 - 2018-05-25 10:12 - 000000000 ____D C:\Users\defaultuser0
2019-05-06 17:19 - 2017-12-20 16:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-06 17:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-05-06 17:17 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration
2019-05-06 13:22 - 2018-05-25 10:12 - 000000000 ____D C:\Users\SLR
2019-05-03 12:21 - 2018-03-10 15:22 - 000000000 ____D C:\temphb
2019-05-03 12:04 - 2018-03-10 15:16 - 000000000 ____D C:\Users\SLR\Downloads\Hirens.BootCD.15.2
2019-05-02 17:46 - 2017-07-16 15:51 - 000000000 ____D C:\Users\SLR\Downloads\Graphics
2019-05-02 17:43 - 2018-05-26 14:01 - 000000600 _____ C:\Users\SLR\AppData\Roaming\winscp.rnd
2019-05-02 16:34 - 2018-01-20 18:33 - 000000000 ____D C:\ProgramData\Adobe
2019-05-02 16:33 - 2018-08-11 16:46 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2019-05-02 16:27 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-02 14:46 - 2018-05-17 09:27 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-01 17:52 - 2018-05-26 13:48 - 000000000 ____D C:\Program Files (x86)\WinSCP
2019-05-01 17:14 - 2018-07-10 15:28 - 000003942 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2019-05-01 12:13 - 2017-12-20 18:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2019-04-29 15:45 - 2017-12-20 15:52 - 000000000 ____D C:\Users\SLR\AppData\Roaming\Adobe
2019-04-29 11:17 - 2018-11-29 14:50 - 000000000 ____D C:\Users\SLR\AppData\Local\ElevatedDiagnostics
2019-04-28 12:37 - 2018-05-28 20:24 - 000000777 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt
2019-04-27 10:03 - 2019-04-01 16:11 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-04-27 09:14 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-04-24 17:51 - 2017-12-20 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-04-24 15:53 - 2019-01-11 13:29 - 000000000 ____D C:\Users\SLR\Desktop\Old Firefox Data
2019-04-24 11:45 - 2018-05-25 10:16 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-04-24 11:44 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-04-24 11:44 - 2018-02-08 15:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-04-24 11:39 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-04-23 13:31 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-04-23 13:28 - 2017-12-22 14:13 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-04-23 13:24 - 2017-12-22 14:13 - 131129288 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-04-23 13:22 - 2018-05-28 19:12 - 000000000 ____D C:\ProgramData\PCDr
2019-04-23 13:21 - 2017-02-16 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-04-23 13:20 - 2018-05-28 19:11 - 000000000 ____D C:\ProgramData\SupportAssist

==================== Files in the root of some directories =======

2018-08-17 13:34 - 2018-10-05 16:08 - 000099384 _____ () C:\Users\SLR\AppData\Roaming\inst.exe
2018-08-17 13:34 - 2018-10-05 16:08 - 000007859 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.cat
2018-08-17 13:34 - 2018-10-05 16:08 - 000001167 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.inf
2018-08-17 13:34 - 2018-10-05 16:08 - 000000055 _____ () C:\Users\SLR\AppData\Roaming\pcouffin.log
2018-08-17 13:34 - 2018-10-05 16:08 - 000082816 _____ (VSO Software) C:\Users\SLR\AppData\Roaming\pcouffin.sys
2018-05-26 14:01 - 2019-05-02 17:43 - 000000600 _____ () C:\Users\SLR\AppData\Roaming\winscp.rnd
2018-04-23 14:07 - 2018-04-23 14:07 - 000011264 _____ () C:\Users\SLR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-09-27 16:33 - 2018-09-27 16:33 - 000000000 _____ () C:\Users\SLR\AppData\Local\oobelibMkey.log
2019-04-29 18:36 - 2019-04-29 18:36 - 000000218 _____ () C:\Users\SLR\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

ADDITION.TXT:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05.2019
Ran by SLR (07-05-2019 13:25:46)
Running from C:\Users\SLR\Desktop
Windows 10 Home Version 1803 17134.706 (X64) (2018-05-25 14:17:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4076564316-1935873266-44556536-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4076564316-1935873266-44556536-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-4076564316-1935873266-44556536-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-4076564316-1935873266-44556536-501 - Limited - Disabled)
SLR (S-1-5-21-4076564316-1935873266-44556536-1001 - Administrator - Enabled) => C:\Users\SLR
WDAGUtilityAccount (S-1-5-21-4076564316-1935873266-44556536-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
adobe (HKLM\...\{446634A4-47E3-4C2E-8361-A10DB0FFCCA3}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.171 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated)
AirDroid 3.6.0.0 (HKLM-x32\...\AirDroid) (Version: 3.6.0.0 - Sand Studio)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlindWrite 7 (HKLM-x32\...\{C0775A40-9CBC-430A-B055-6367E3DFEB13}_is1) (Version: 7.0.0.1 - VSO Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.13.3306 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{53CF63D2-ADC7-4D61-8076-113B313EE85A}) (Version: 3.33.1 - Kovid Goyal)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{CD4FAF77-25BC-4838-9B4B-5C59AC8662D1}) (Version: 20.0.0.633 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{CD4FAF77-25BC-4838-9B4B-5C59AC8662D1}) (Version: 20.0.633 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C0408619-0431-4B54-B63C-C3AB18B1E4B4}) (Version: 20.0.633 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{7A731C52-8DC6-47AB-B2BC-3FE70F6C6968}) (Version: 2.10.442 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2018 - Capture (x64) (HKLM\...\{57B35A9E-2E5C-4CE4-AE54-61B02500ED6C}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Common (x64) (HKLM\...\{C9E9E21E-E375-4BAF-B647-22ABA6ABBACF}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Connect (x64) (HKLM\...\{BCAF055A-51F2-4266-BC27-E67AFE02B1CE}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Custom Data (x64) (HKLM\...\{098FFEC8-98D9-4DE0-BC3F-B5A94547FF73}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Draw (x64) (HKLM\...\{121B4D48-BDC1-4037-B150-28037FA47510}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - EN (x64) (HKLM\...\{FBA611A2-4060-4FF5-8A32-3A710A347EDA}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Filters (x64) (HKLM\...\{9433E8C4-DD2E-40BE-A1AF-0832DFE89C92}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Font Manager (x64) (HKLM\...\{EFD5BDD5-CEF1-4209-ABF1-2387D0756D14}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - IPM T (x64) (HKLM\...\{A4DEA23F-2371-483E-93C1-1764CA80DDEF}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - PHOTO-PAINT (x64) (HKLM\...\{CA42C3C9-6A8C-423E-885E-064B06DAD20E}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Redist (x64) (HKLM\...\{E442BB6A-268E-4864-9780-C0A4789DA64F}) (Version: 20.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Setup Files (x64) (HKLM\...\{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - VBA (x64) (HKLM\...\{8FE99871-8AF0-449F-A1C4-F18EE971DC84}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Workspaces (x64) (HKLM\...\{94B3EE65-9BD2-4C39-9E43-E1403F6A82F4}) (Version: 20.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 - Writing Tools (x64) (HKLM\...\{F5CC82A3-6FF2-4D76-AC4F-3A7C63E3487C}) (Version: 20.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite 2018 (64-Bit) (HKLM\...\_{CBBC5C20-F3ED-4425-9393-F77D50036592}) (Version: 20.1.0.708 - Corel Corporation)
CorelDRAW Graphics Suite 2018 (HKLM\...\{23465DF5-08D9-4150-9621-7A127B208936}) (Version: 20.1 - Corel Corporation) Hidden
Dell SupportAssist (HKLM\...\{0309AC01-330F-494C-B27D-58E297E4674F}) (Version: 3.2.1.94 - Dell Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
DYMO Label (HKLM-x32\...\{54D84731-D2F9-4E8C-B18E-E91838BE52BB}) (Version: 8.7.3.46663 - Newell Rubbermaid)
FVD Downloader Module (HKLM-x32\...\{A3F74A3C-6824-4878-AB46-21280389D09F}) (Version: 1.0.8 - Nimbus)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10207.5567 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1058 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.2.1076 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{fd62de85-bda9-4280-a95b-fa2f86e0dc58}) (Version: 1.48.139.0 - Intel Corporation) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 66.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 66.0.4 (x64 en-US)) (Version: 66.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
Mozilla Thunderbird 60.6.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.6.1 (x86 en-US)) (Version: 60.6.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.6 (HKLM-x32\...\{16E4FF6B-31E8-4037-B627-D87CF872E32B}) (Version: 4.16.9790 - Apache Software Foundation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PlayOn (HKLM-x32\...\{8253404B-8E41-4BB0-A452-B4C150019E4A}) (Version: 4.5.19 - MediaMall Technologies, Inc.) Hidden
PlayOn (HKLM-x32\...\{f37af5f1-bbec-4633-baaf-55da694f9102}) (Version: 4.5.19.24406 - MediaMall Technologies, Inc.)
PlayOn Dependencies (HKLM-x32\...\{9FCAA915-CEEF-4D9E-AAF2-6A252C888669}) (Version: 4.0.0.0 - MediaMall Technologies, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11224 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 2.02.53 (5/30/2018) - HP Printing Korea Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.00.01.24 - HP Printing Korea Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.32 - Samsung Electronics Co., Ltd.) Hidden
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 3.31.93:14 - Samsung Electronics Co., Ltd.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.61 - VSO Software)
VSO ConvertXtoVideo Ultimate 2 (HKLM-x32\...\{{3852A371-F5ED-491A-86C3-998CD0688D4A}_is1) (Version: 2.0.0.88 - VSO Software)
VSO CopyTo 5 (HKLM-x32\...\{9B05F6FC-AE16-488C-A822-F641ADC61B6A}_is1) (Version: 5.1.1.3 - VSO Software)
VSO Downloader 5.0.1.56 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.0.1.56 - VSO Software)
VSO DVD Converter Ultimate 4 (HKLM-x32\...\{{089D6334-329D-46DC-8DC3-6BF4C9735F0F}_is1) (Version: 4.0.0.92 - VSO Software)
VSO EVE Network Driver version 1.0.0.28 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.28 - VSO Software)
VSO Media Player 1.6.19.528 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.6.19.528 - VSO Software)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinSCP 5.15.1 (HKLM-x32\...\winscp3_is1) (Version: 5.15.1 - Martin Prikryl)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki125183.inf_amd64_cb49708b33bad074\igfxDTCM.dll [2017-11-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [CopyToCD] -> {39F0FA09-4451-4477-9D23-4B9ADDEEF838} => C:\Program Files (x86)\VSO\common\CTShell.dll [2014-01-21] (VSO-SOFTWARE -> VSO Software SARL)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2014-09-08 14:38 - 2014-09-08 14:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2018-05-17 04:07 - 2018-05-17 04:07 - 000087552 _____ () [File not signed] C:\WINDOWS\system32\SSDEVM64.DLL
2019-05-03 11:54 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-03-20 13:25 - 2018-03-20 13:25 - 000099840 _____ (Rivet Networks) [File not signed] C:\Program Files\Rivet Networks\SmartByte\KillerNetworkServicePS.dll
2017-11-08 02:35 - 2017-11-08 02:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
2018-08-02 06:27 - 2018-08-02 06:27 - 000027136 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [155]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-06 18:29 - 2019-05-06 18:29 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

2017-12-20 16:49 - 2017-12-20 16:54 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SLR\Downloads\Cappy from Hannah.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "Ointment"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-4076564316-1935873266-44556536-1001\...\StartupApproved\Run: => "carb"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8B655FD4-FC0B-4DFF-BD1A-5BA00FEE04C0}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2018\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{2EB07FA9-1633-47AA-84B5-7CF9DFF60990}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2018\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{043C8151-5F3B-4F88-B6FF-C1C9EE17B2EA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{69622545-0499-495A-B16C-DE524B98BD97}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{5EFDE21D-A70A-49F5-A25A-000BD18C2C40}C:\program files (x86)\airdroid\airdroid.exe] => (Block) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [UDP Query User{8E77281B-55D0-4342-8E92-AA8770A1F8C1}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [TCP Query User{DB8A8269-3444-485F-BBB9-C352D9FE397D}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO LIMITED -> Sand Studio)
FirewallRules: [{8E80482E-383B-42E5-B703-7A21A6A12AD4}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{DE3AE70C-13D4-4E53-9B00-5BD9DEAD7DBC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{7F47A822-F0A4-4BAF-B737-A86586CB2EAC}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe (Adobe Systems Incorporated -> )
FirewallRules: [{23C2279C-00A3-49C1-8039-41A3860DA107}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{56FC8D76-7D20-42F6-8E3E-E50843C0E876}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{133E956A-FD0D-43F5-8E46-1C566869B613}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1982FE9E-A4C8-46D7-9259-12AFAE235672}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{6B7F8551-1A01-4B4C-82A1-87E4D619A036}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{027F22F7-4524-45D6-B8A8-01CFDE03CE66}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [{547B56FC-419E-4260-98F2-6776A191DF62}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{64404C25-9A45-4CE0-BFBF-D7C22D1AF4E4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDCApp.exe (HP Inc. -> )
FirewallRules: [{B40EF26C-5B78-48CC-8081-F314E2FF01D7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{74653780-EBA3-4426-82ED-21A6051B1F97}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe (HP Inc. -> )
FirewallRules: [{47C1D9D3-444F-4B57-88DD-8925CE31282E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{92D250BB-BBFB-493A-818B-89DD843D81DB}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{F0E6F6AB-3E2A-434B-8F96-D2B722C02815}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{2518EEF7-D064-4EE1-8F10-C3187668C7DA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A399DB47-7350-4C0D-9E2E-0682EC687F99}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{6BABB55A-55F2-41BE-B001-A905F806F038}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{3969CF01-33AF-473A-BF2F-23AB62F06046}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{5F747C0A-25B0-435A-9BE8-CE27A37D24EE}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{D46C0CB8-96B9-45EE-B770-EBF770A83324}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query User{E6102758-B871-41A7-8DEF-3FCE73DF171D}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [UDP Query User{F366C149-8A00-42B8-AFC9-1B1E9AC492A3}C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\easyprintermanagerv2.exe (HP Inc. -> )
FirewallRules: [{F19DC4CE-AAFB-4C9F-ACB7-6BE457E86285}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21558D7B-D34C-4F89-AB8F-BAABC6572A92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{59A2122C-6D41-44F9-95C6-1726DAAC10D1}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{5358A05E-2003-47AC-BC51-0B6FFB989A88}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServerLauncher.exe (MediaMall Technologies, Inc.) [File not signed]
FirewallRules: [{0E463619-8481-4E31-A4C9-5CC9BE88558A}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{12FC90B8-7F8D-42B9-8129-F0BED77A17E7}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
FirewallRules: [{B7C21B02-38B7-4228-9BF4-8B4B245FDE4E}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe (MediaMall Technologies, Inc.) [File not signed]

==================== Restore Points =========================

06-05-2019 12:07:01 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2019 01:21:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1860859

Error: (05/07/2019 01:21:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1860859

Error: (05/07/2019 01:21:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/07/2019 01:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1844750

Error: (05/07/2019 01:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1844750

Error: (05/07/2019 01:21:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/07/2019 01:21:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1829078

Error: (05/07/2019 01:21:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1829078


System errors:
=============
Error: (05/07/2019 01:26:06 PM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (05/07/2019 01:26:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (05/07/2019 01:25:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (05/07/2019 01:24:06 PM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} did not register with DCOM within the required timeout.

Error: (05/07/2019 01:24:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (05/07/2019 01:23:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (05/07/2019 01:22:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (05/07/2019 01:21:06 PM) (Source: DCOM) (EventID: 10010) (User: SWEETIE-DAHLING)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-05-07 10:46:35.157
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...71&enterprise=0
Name: Trojan:JS/Redirector.GO
ID: 2147643571
Severity: Severe
Category: Trojan
Path: file:_C:\Users\SLR\Downloads\a transfer\BF\view.php
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1053.0, AS: 1.293.1053.0, NIS: 1.293.1053.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-07 10:22:28.132
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...38&enterprise=0
Name: VirTool:Win64/Detrahere
ID: 2147727738
Severity: Severe
Category: Tool
Path: file:_C:\FRST\Quarantine\C\Windows\System32\pselvno\simtuln.sys
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1048.0, AS: 1.293.1048.0, NIS: 1.293.1048.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-07 10:22:28.099
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...76&enterprise=0
Name: Trojan:Win64/Detrahere.S
ID: 2147726076
Severity: Severe
Category: Trojan
Path: file:_C:\FRST\Quarantine\C\Windows\System32\drivers\vdsbeilo.sys.xBAD
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1048.0, AS: 1.293.1048.0, NIS: 1.293.1048.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-05-07 10:22:07.402
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...51&enterprise=0
Name: Trojan:Win32/SquareNet.Q
ID: 2147727751
Severity: Severe
Category: Trojan
Path: file:_C:\FRST\Quarantine\C\Users\SLR\AppData\Local\dtdwagx\cwielhu.exe.xBAD
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\SLR\Desktop\esetonlinescanner_enu.exe
Signature Version: AV: 1.293.1048.0, AS: 1.293.1048.0, NIS: 1.293.1048.0
Engine Version: AM: 1.1.15900.4, NIS: 1.1.15900.4

Date: 2019-04-24 14:00:45.632
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: TrojanDownloader:Win32/Adload.DU!bit
ID: 249572
Severity: High
Category: Trojan Downloader
Path: file:_C:\Program Files (x86)\Wilbanks\neurology.exe; process:_pid:10748,ProcessStart:132006020175134406; process:_pid:10980,ProcessStart:132006020175135100
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Program Files (x86)\Wilbanks\neurology.exe
Signature Version: AV: 1.293.107.0, AS: 1.293.107.0, NIS: 0.0.0.0
Engine Version: AM: 1.1.15900.4, NIS: 0.0.0.0

Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-07 12:24:49.528
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-07 12:24:49.518
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-07 12:24:49.518
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.293.1053.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15900.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2019-05-07 13:26:06.791
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:26:06.788
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:26:06.655
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:26:06.654
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:24:01.938
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:24:01.935
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:24:01.281
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-05-07 13:24:01.276
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. 1.27.0 01/18/2019
Motherboard: Dell Inc. 0H20TW
Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 20%
Total physical RAM: 16253.9 MB
Available physical RAM: 12865.79 MB
Total Virtual: 18685.9 MB
Available Virtual: 15002.23 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465.18 GB) (Free:351.16 GB) NTFS

\\?\Volume{feaf7fb2-dd54-4375-98aa-4e59a1284873}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{c6fd387d-e4ec-4b59-8200-f595416de6b0}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{d73eba60-b25d-489c-b504-cc6fd5922708}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 7753131A)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#13
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
We'll remove the Baidu Firefox extension.

Farbar Recovery Scan Tool - Fix
  • Press the Windows Key + R.
  • Type notepad in the Run box and click OK.
  • Copy the contents of the below code box to the new text file:
    Start
    
    FF Extension: (Baidu Search Update) - C:\Users\SLR\AppData\Roaming\Mozilla\Firefox\Profiles\qdl081mj.default-1556135615430\features\{ac099942-a6a0-4f1f-bb10-39511d8afee4}\[email protected] [2019-05-07]
    C:\Users\SLR\AppData\Local\UU1roKagF8
    
    End
  • Click on File > Save. Save the file as fixlist.txt to the same location as FRST.exe/FRST64.exe.
  • NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait.
  • Allow your computer to restart if prompted.
  • When the fix is complete, the tool will create a log in the same location it was run from. (Fixlog.txt)
  • Copy and paste the contents of fixlog.txt into your next reply.
--------------------------------------------

Reenable Items with msconfig
  • Press the Windows key + R. This will open the Run box.
  • Type msconfig and click OK.
  • Check the box next to Normal startup and click OK > Restart.
--------------------------------------------

What exactly does the message about the unknown volume say?
  • 0

#14
slrlcx

slrlcx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I've attached a photo of the start up re: volume. The beginning says"scanning and repairing"...

 


  • 0

#15
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 562 posts
Hi,

I don't see the attached picture. To attach a file, click More Reply Options > Attach Files.
  • 0






Similar Topics


Also tagged with one or more of these keywords: frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP