Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by SGK (07-01-2020 11:42:34)
Running from C:\Users\SGK\Desktop
Windows 10 Pro Version 1903 18362.356 (X64) (2019-10-14 18:38:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2295186157-4208122820-3846616368-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2295186157-4208122820-3846616368-503 - Limited - Disabled)
Guest (S-1-5-21-2295186157-4208122820-3846616368-501 - Limited - Disabled)
SGK (S-1-5-21-2295186157-4208122820-3846616368-1001 - Administrator - Enabled) => C:\Users\SGK
WDAGUtilityAccount (S-1-5-21-2295186157-4208122820-3846616368-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adownloader version 18.1 (HKLM-x32\...\{41E8664D-2C33-4B67-9702-C0FAC4DF4763}_is1) (Version: 18.1 - Denobis)
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.130.6.1102 - BlueStack Systems, Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 79.1.2.41 - The Brave Authors)
dBpoweramp AAC Encoder (HKLM-x32\...\dBpoweramp AAC Encoder) (Version: Release 2.1 - Illustrate)
dBpoweramp DirectShow Decoder (HKLM-x32\...\dBpoweramp DirectShow Decoder) (Version: Release 3 - Illustrate)
dBpoweramp m4a FDK (AAC) Encoder (HKLM-x32\...\dBpoweramp m4a FDK (AAC) Encoder) (Version: Release 4 (FDK v0.1.4 & v0.63) - Illustrate)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)
EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version: - Seiko Epson Corporation)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{FD036A57-F81D-4865-AAF0-811558EA76AE}) (Version: 4.5.1 - Seiko Epson Corporation)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ExpressCache (HKLM\...\{F19137D8-2E93-4043-9634-4D44E7EFE889}) (Version: 1.3.118.0 - Condusiv Technologies)
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.1.35054 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.4.34279 - Hauppauge Computer Works, Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Huffyuv AVI lossless video codec (Remove Only) (HKLM\...\HUFFYUV) (Version: - )
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{1A51AA9E-D4BC-4318-9419-B55EA4C95B3C}) (Version: 17.1.1525.1443 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{50cf70be-570a-46b0-8a05-ea84ad3b4a36}) (Version: 21.20.0 - Intel Corporation)
K-Lite Codec Pack 13.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.6.5 - KLCP)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.14 - Lenovo) Hidden
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 2.0.9.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.016.00 - Lenovo)
Lenovo Settings - Power (HKLM-x32\...\{A6CFC34A-56EE-4AF5-8C49-995F59E6A160}) (Version: 8.03.14 - Lenovo Group Limited) Hidden
Lenovo Solution Center (HKLM\...\{DB529F41-7844-4FD9-B660-CE829E59A71E}) (Version: 3.1.002.00 - Lenovo)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
MKVCleaver x64 (HKLM\...\{EE4FBCD4-BAB6-405A-8AFF-5FEF41B841B4}) (Version: 7.0.2 - Ilia Bakhmoutski)
MKVToolNix 13.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 13.0.0 - Moritz Bunkus)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
RogueKiller version 14.0.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.0.2.0 - Adlice Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
ThinkPad Settings Dependency (HKLM\...\{08515684-CE49-47EF-B509-326A2E91BC5C}_is1) (Version: 3.0.0.12 - Lenovo) Hidden
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 10.1.506.2015 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 18.2.1 - UMEZAWA Takeshi)
Videoder 1.0.9 (HKLM-x32\...\808fc302-3d01-59ce-8094-e0443a55877e) (Version: 1.0.9 - GlennioTech)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Lenovo 1.67.10.15 (06/22/2015 1.67.10.15) (HKLM\...\116858BC299A848A634E4FC927990093F81F608D) (Version: 06/22/2015 1.67.10.15 - Lenovo)
Windows Driver Package - Realtek Semiconduct Corp. (RTSPER) MTD (05/29/2015 10.0.10125.21277) (HKLM\...\4E55DAEF56C7E4B0BFE2CA2C3C55718B1DB7B3B9) (Version: 05/29/2015 10.0.10125.21277 - Realtek Semiconduct Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/29/2015 6.0.1.7572) (HKLM\...\FB7FCBF0F17BC6F027BA3449CC8B02C4445C5565) (Version: 07/29/2015 6.0.1.7572 - Realtek Semiconductor Corp.)
Windows Driver Package - Synaptics (SmbDrv) System (07/24/2015 19.0.17.2) (HKLM\...\D46201570EE858381BA5A517C517317159E0F49A) (Version: 07/24/2015 19.0.17.2 - Synaptics)
Windows Driver Package - Synaptics (SynTP) Mouse (07/24/2015 19.0.17.2) (HKLM\...\BCACBD4A2C3424D2C4AB53EE766C3F38399CEB15) (Version: 07/24/2015 19.0.17.2 - Synaptics)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
YAMB (HKLM-x32\...\YAMB) (Version: - )
Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-17] (king.com)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-10-09] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.94.574.0_x64__mcm4njqhnhss8 [2019-10-09] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-04-29] (Adobe Systems Incorporated)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-14] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-11-08] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [33280 2000-08-23] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.ULRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULY4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH0] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.ULH4] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQY2] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRG] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.UQRA] => C:\WINDOWS\system32\utv_vcm.dll [130048 2017-07-16] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-12-09 12:15 - 2019-05-28 14:06 - 001021440 _____ () [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2019-11-27 20:28 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 16:34 - 2020-01-06 19:12 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Condusiv Technologies\ExpressCache\;C:\WINDOWS\System32\OpenSSH\;C:\Users\SGK\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Lenovo\Sketch.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: ExpressCache => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HcwDevCentralService => 3
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: ImControllerService => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LPlatSvc => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: uSHAREitSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Hauppauge Device Properties.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Integrated Camera_Monitor"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\StartupFolder: => "Free Sound Recorder Update.lnk"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-2295186157-4208122820-3846616368-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DC583C1B-8AB9-4A8D-8ED1-030D4112499C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A9BD72D0-9F69-4A89-A503-C0BC3898CEFE}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{A9079169-9F7B-4946-988A-7F4F2213EA65}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{279F25A3-F737-4202-87A9-9D4E84CBBC89}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{C7FB2B01-E72A-4B15-BA30-6DF6724E9D33}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{FF01A8F0-D70F-42E4-A926-1C1AC3E0CA89}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{4E1917F8-10C4-4596-AFAB-E6DD18316D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe No File
FirewallRules: [{BB2F01B0-0093-4665-9847-C7584BCFB07E}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [UDP Query User{20D6CA23-BD64-4008-930D-AB92A88DEAFB}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [TCP Query User{25E09969-BA09-4FEA-97A8-324094CC0BDB}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [TCP Query User{4E0E073A-8DD5-4985-AEBA-AE9A7D7346AF}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [UDP Query User{E0DF9177-0EA3-4A11-B0E0-C45D2A16B976}C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe] => (Allow) C:\program files (x86)\hauppauge\capture\hauppaugecapture.exe (Hauppauge Computer Works) [File not signed]
FirewallRules: [{7CF5DC7B-FEDB-4B2E-8C86-2EF05A8F9173}] => (Allow) C:\ProgramData\winnmgr\svcnetwk.exe No File
FirewallRules: [{13B22AC3-A986-43E7-8B23-2D1DAFBB11D1}] => (Allow) C:\WINDOWS\system32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C7456182-5DC2-4E37-909C-0B6319AA9691}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{26363556-AF43-4B07-81F0-78BAFBFB19B3}] => (Allow) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{5C01C797-6EE8-41D9-9A0A-84CAB97803D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{D1B1F64D-BE62-4436-A300-70E13286E9A1}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{1230E975-41EF-4470-8FDD-815276F1A899}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{454FABC5-965B-4B52-9065-9199C7D2F867}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{FA975676-ECA6-4648-8071-471EA80B8A19}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{37AE93F5-76FC-4CB3-875F-ED70C84A31A2}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{29AADF23-411D-4D29-91D0-71FEE1CF2097}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{B420CB10-CDAB-4893-ACF2-11D66AC2B9DF}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{5040B3AE-40DA-4CD7-8A03-60995B22206D}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{E38F8849-0EA6-4938-B863-2531A0A256C8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{37C3F6E2-82F4-4375-9FB3-76DAC7C57BA0}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{742E3514-4713-40A7-AA77-2306AA23600F}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{001E6EDF-8650-4554-97A5-59C02678A8D4}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{73CE9222-5561-44BC-B14E-57CE6503F1A4}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B7033EFF-9D46-4815-BD89-805DC6566629}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{1115016F-93B0-44BC-A033-0F640BCEAB82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{17B00121-2A10-4006-B34D-B2BBE6071584}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{585DC182-90E0-4E59-BD98-08C2D40843A8}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{25F955D5-DB2C-463B-B66E-A16476B5FB82}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{6F8BDB3A-7DC9-4F48-A027-0865D128F46C}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{B82850C1-9A88-415E-B647-5390C969562A}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{DDF6D14A-BA25-4C55-B4BE-C2AF1B3F6A82}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{A65AA0BC-1F5B-4AB9-9EAB-1A278C657EBE}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{0656F891-CB3F-4E50-8D3D-42A0B323B056}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{0C8EEE46-5319-4EE1-B255-8D18E6D86F4F}] => (Allow) C:\ProgramData\Google\ChromeDir\Application\chrome.exe No File
FirewallRules: [{8AD03A75-0177-416C-9C29-6A4B67454981}] => (Allow) C:\ProgramData\Google\ChromeDir2\Application\chrome.exe No File
FirewallRules: [{CA566250-4758-4604-AF66-E83FC6BF0A52}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Restore Points =========================
07-01-2020 10:55:26 Removed Google Update Helper
==================== Faulty Device Manager Devices ============
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.
Name: ThinkPad T550/W550S System Firmware 1.20
Description: ThinkPad T550/W550S System Firmware 1.20
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: Lenovo Ltd.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (01/07/2020 10:56:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary WinQuic.
System Error:
The resource loader failed to find MUI file.
.
Error: (01/06/2020 11:06:01 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/05/2020 07:24:42 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/05/2020 06:10:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: YourPhone.exe, version: 1.19092.399.0, time stamp: 0x5d97becc
Faulting module name: ntdll.dll, version: 10.0.18362.356, time stamp: 0xf24fc044
Exception code: 0xc0000374
Fault offset: 0x00000000000f9269
Faulting process id: 0x1178
Faulting application start time: 0x01d5c3c534fcf094
Faulting application path: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe\YourPhone.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c826fe41-5898-4bad-b6cf-671bd12bad50
Faulting package full name: Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (01/05/2020 11:25:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 28.12.2019.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2db0
Start Time: 01d5c38beb0a93aa
Termination Time: 4294967295
Application Path: C:\Users\SGK\Desktop\FRST64.exe
Report Id: 79efac13-0e6b-47e4-972f-e1dda0be6afc
Faulting package full name:
Faulting package-relative application ID:
Hang type: Top level window is idle
Error: (01/04/2020 08:30:31 PM) (Source: EventSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ComponentModel.Win32Exception: The system cannot find the file specified
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at winsw.Util.ProcessHelper.StartProcessAndCallbackForExit(Process processToStart, String executable, String arguments, Dictionary`2 envVars, String workingDirectory, Nullable`1 priority, ProcessCompletionCallback callback, Boolean redirectStdin, LogHandler logHandler)
at winsw.WrapperService.StartProcess(Process processToStart, String arguments, String executable, LogHandler logHandler, Boolean redirectStdin)
at winsw.WrapperService.OnStart(String[] _)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (01/04/2020 08:30:31 PM) (Source: EventSvc) (EventID: 0) (User: )
Error: (01/04/2020 01:12:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.329 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 231c
Start Time: 01d5c2d244be690f
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 201b24a3-ce83-45c5-b76d-85d36221f5fa
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-thread
System errors:
=============
Error: (01/06/2020 07:17:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:17:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (01/06/2020 07:12:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VF56AA2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2020-01-06 19:24:36.816
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Generic!rfn
ID: 2147744279
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files (x86)\Seed Trade\Seed\seed.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.307.1817.0, AS: 1.307.1817.0, NIS: 1.307.1817.0
Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7
Date: 2019-11-07 21:58:23.657
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Generic.LO!ml
ID: 2147739110
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\ProgramData\CloudPrinter\CloudPrinter.exe; file:_C:\ProgramData\Voyasollam\Voyasollam.exe; file:_C:\Users\SGK\AppData\Local\FreshSolin.exe; file:_C:\Users\SGK\AppData\Local\Iseco.exe; file:_C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:23.572
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Generic.LO!ml
ID: 2147739110
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\ProgramData\CloudPrinter\CloudPrinter.exe; file:_C:\ProgramData\Voyasollam\Voyasollam.exe; file:_C:\Users\SGK\AppData\Local\FreshSolin.exe; file:_C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Users\SGK\AppData\Local\Temp\a1i1mdiib2o\fish.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:22.042
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Execution.LU!ml
ID: 2147737010
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\Users\SGK\AppData\Local\Temp\5kxdy5yqox4\nmgewiakjaoq.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-07 21:58:20.002
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/Persistence.MI!ml
ID: 2147737727
Severity: Severe
Category: Suspicious Behaviour
Path: file:_C:\Users\SGK\AppData\Roaming\qcderzm5ywg\puco2llrgd3.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: C:\Windows\System32\svchost.exe
Security intelligence Version: AV: 1.305.1600.0, AS: 1.305.1600.0, NIS: 1.305.1600.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1
Date: 2019-11-05 19:06:39.632
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.631
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.631
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.621
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2019-11-05 19:06:39.620
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.305.1165.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2019-12-22 12:22:39.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:22:39.093
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:17:09.399
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-22 12:17:09.382
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:58:19.987
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:58:19.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Lenovo\REACHit\ReachDrive64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-12-20 12:47:28.039
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2019-12-20 12:47:26.441
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
==================== Memory info ===========================
BIOS: LENOVO N11ET34W (1.10 ) 08/20/2015
Motherboard: LENOVO 20CKCTO1WW
Processor: Intel® Core i5-5300U CPU @ 2.30GHz
Percentage of memory in use: 39%
Total physical RAM: 8071.02 MB
Available physical RAM: 4910.51 MB
Total Virtual: 9351.02 MB
Available Virtual: 6740.16 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:20.85 GB) NTFS
\\?\Volume{0ddc9a10-2292-4309-a776-910ae8c1162f}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{c954ef0e-b60d-4694-9b70-f3a3534ec80b}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8AC34E9B)
Partition: GPT.
==========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 8AC34F58)
Partition: GPT.
==================== End of Addition.txt =======================