[RESOLVED] IE keeps popping and fake folders on drive C:\
Hello masters!
I've run a free Total AV quick and full scan and resolves at least 30 threats. But open restart, there are fake folders popping on C:\ and IE keeps popping crazy. Please help to clean my laptop. Here are the logs:
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
Ran by Thomazing! (administrator) on DESKTOP-OHFLJFD (09-02-2019 00:59:59)
Running from C:\Users\Thomazing!\Downloads
Loaded Profiles: Thomazing! (Available Profiles: Thomazing!)
Platform: Windows 10 Pro 10240.16487 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\ProgramData\Logic Cramble\set.exe
(Google Inc.) C:\ProgramData\localNETService\localNETService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(J4K6ZYTM) C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
() C:\Program Files (x86)\Multitimer\Multitimer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(J4K6ZYTM) C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe
( ) C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe
() C:\Users\Thomazing!\AppData\Local\Temp\is-UBPC7.tmp\i2z4dmklduc.tmp
(TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] () <==== ATTENTION
HKLM-x32\...\Run: [DiskPower] => "C:\Program Files (x86)\DiskWMpower\DiskPower.exe"
HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-06] (Google LLC -> Google Inc.)
HKLM\...\RunOnce: [OMEWPRODUCT_7FCEM] => C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe [236032 2019-02-08] (J4K6ZYTM) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8222286] => "C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr\iastcgr31fm.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [WK27HXJEIFMX6EE] => "C:\Program Files\200OTU5ILR\200OTU5IL.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8735117] => "C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm\ncu5cze5p50.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [T9KTUNJFV82076N] => "C:\Program Files\1TH7OLWWNG\1TH7OLWWN.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CloudNet] => C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-08] (EpicNet Inc.) <==== ATTENTION
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9428290] => "C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy\ubd1dkxuekl.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [U943W0QT19CB97H] => "C:\Program Files\J7CMVSXGZX\J7CMVSXGZ.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [3525589] => "C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4\bqedsdhpytd.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [URD8WCW2ZCRHWKK] => "C:\Program Files\RQIX2K7UEC\RQIX2K7UE.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [NNHJYS7S607ZBCR] => "C:\Program Files\0JJM5TTRFB\IBKXK5Q0P.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9236653] => "C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce\zrxkioireze.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8581968] => "C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2\lihriqawtkv.exe" /VERYSILENT
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [44K3AH7DLU628F4] => "C:\Program Files\E1WSWX87LG\BIX8CZGTD.exe"
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [H82B1SB6W40C6YU] => C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe [850944 2019-02-09] (J4K6ZYTM)
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [5608956] => C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe [1277549 2019-02-09] ( )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
GroupPolicy: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{162dea71-3191-454f-8a8b-be0d312e54a5}: [DhcpNameServer] 192.168.43.1
Internet Explorer:
==================
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-bFEwE5S0xnXgWxUsARdsrsiNM_BcRR6VIUgHwYSXwHh7Ffv8ygm0uKm7dXNxCM7Ay7BGUULgFL93oS9c_xJL13HFJx
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
FireFox:
========
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-02-09] [Legacy] [not signed]
FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bazz Search
CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-08]
CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-08]
CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-08]
CHR Extension: (chrome_filter) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnkeifkeikfcimaaddacpiojbnagko [2019-02-08]
CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-08]
CHR Extension: (Flower Power) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-02-09]
CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-08]
CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-09]
CHR Extension: (Bazz Search) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2019-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-08]
CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-02-07] () [File not signed] <==== ATTENTION
R2 localNETService; C:\ProgramData\localNETService\localNETService.exe [1905784 2019-02-08] (CONVERSION MAGIC LTD -> Google Inc.)
R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4429264 2018-12-06] (Protected Antivirus Limited -> TotalAV)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder)
R2 NWQxNTAzNz; rundll32.exe C:\Windows\bxetfbicyncsflqei.bxetf IQQV [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 B62CD2D3FFB1; C:\Windows\B62CD2D3FFB1.sys [621928 2019-02-08] (韵羽健康管理咨询(上海)有限公司 -> VxDriver)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2015-06-18] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
R3 FwLnk; C:\Windows\System32\drivers\FwLnk.sys [17920 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166240 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Microsoft Windows -> Realtek )
R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2019-02-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2019-02-08] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-08] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 13:22 - 2019-02-09 00:52 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-09 13:21 - 2019-02-09 13:21 - 000002353 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-02-09 13:21 - 2019-02-09 13:21 - 000000000 ___RD C:\Users\Thomazing!\OneDrive
2019-02-09 13:20 - 2019-02-09 13:20 - 000000000 ____D C:\Windows\CSC
2019-02-09 13:19 - 2019-02-09 13:19 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_defaultuser0_HistoryPrediction.bin
2019-02-09 13:19 - 2019-02-09 13:19 - 000000020 ___SH C:\Users\Thomazing!\ntuser.ini
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Adobe
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\VirtualStore
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TileDataLayer
2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Publishers
2019-02-09 13:19 - 2019-02-08 22:22 - 000000000 ____D C:\Users\Thomazing!
2019-02-09 13:19 - 2019-02-08 21:38 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
2019-02-09 13:15 - 2019-02-09 13:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-09 13:14 - 2019-02-08 23:05 - 000000000 ____D C:\Windows\Panther
2019-02-09 00:59 - 2019-02-09 01:01 - 000020986 _____ C:\Users\Thomazing!\Downloads\FRST.txt
2019-02-09 00:59 - 2019-02-09 00:59 - 000000000 ____D C:\FRST
2019-02-09 00:58 - 2019-02-09 00:59 - 002433536 _____ (Farbar) C:\Users\Thomazing!\Downloads\FRST64.exe
2019-02-09 00:43 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files\OTIZAMD5IS
2019-02-09 00:43 - 2019-02-09 00:43 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_Thomazing!_HistoryPrediction.bin
2019-02-09 00:43 - 2019-02-09 00:43 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt
2019-02-09 00:30 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2
2019-02-08 23:57 - 2019-02-08 23:57 - 000000000 ____D C:\ProgramData\TechSmith
2019-02-08 23:56 - 2019-02-08 23:58 - 000000000 ____D C:\Users\Thomazing!\Documents\Snagit
2019-02-08 23:56 - 2019-02-08 23:56 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TechSmith
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit12
2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\Program Files (x86)\Snagit12
2019-02-08 23:11 - 2019-02-08 23:11 - 000000000 ____D C:\Users\Thomazing!\Documents\TotalAV
2019-02-08 23:10 - 2019-02-08 23:10 - 000000000 ____D C:\ProgramData\SecuritySuite
2019-02-08 23:09 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files (x86)\TotalAV
2019-02-08 23:09 - 2019-02-08 23:09 - 000001089 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
2019-02-08 23:09 - 2019-02-08 23:09 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\TotalAV
2019-02-08 23:02 - 2019-02-09 00:30 - 000000000 ____D C:\Program Files\CCleaner
2019-02-08 23:02 - 2019-02-08 23:02 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-02-08 23:02 - 2019-02-08 23:02 - 000002898 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-02-08 23:02 - 2019-02-08 23:02 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-08 23:02 - 2019-02-08 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-02-08 23:01 - 2019-02-08 23:01 - 000000000 ____D C:\Program Files\Google
2019-02-08 23:00 - 2019-02-08 23:07 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-02-08 23:00 - 2019-02-08 23:07 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-02-08 23:00 - 2019-02-08 23:01 - 000000000 ____D C:\ProgramData\Google
2019-02-08 22:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\MSBuild
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-02-08 22:55 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2019-02-08 22:55 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2019-02-08 22:55 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2019-02-08 22:46 - 2019-02-08 22:46 - 000000836 __RSH C:\ProgramData\ntuser.pol
2019-02-08 22:28 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4
2019-02-08 22:22 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 22:22 - 2019-02-08 22:22 - 000003704 _____ C:\Windows\System32\Tasks\iewiouoxxf
2019-02-08 22:22 - 2019-02-08 22:22 - 000003486 _____ C:\Windows\System32\Tasks\hjuzju
2019-02-08 22:22 - 2019-02-08 22:22 - 000000009 _____ C:\Users\Thomazing!\rstr3.ini
2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ C:\ProgramData\lock.dat
2019-02-08 22:11 - 2019-02-09 00:44 - 000000032 _____ C:\ProgramData\irw.atsd
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ C:\ProgramData\ts.dat
2019-02-08 22:09 - 2019-02-08 22:09 - 000000000 ____D C:\ProgramData\localNETService
2019-02-08 22:08 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm
2019-02-08 22:03 - 2019-02-08 22:03 - 000004138 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{166847B2-00F9-4170-B86A-AB179FF4BAF1}
2019-02-08 22:03 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Macromedia
2019-02-08 22:00 - 2019-02-08 22:00 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2019-02-08 22:00 - 2019-02-08 22:00 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2019-02-08 21:58 - 2019-02-09 00:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
2019-02-08 21:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr
2019-02-08 21:58 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\IDM
2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-02-08 21:50 - 2019-02-08 23:06 - 000000000 ____D C:\Windows\SysWOW64\SSL
2019-02-08 21:50 - 2019-02-08 23:01 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\WhiteClick
2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ C:\Windows\bxetfbicyncsflqei.bxetf
2019-02-08 21:49 - 2019-02-08 23:06 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-02-08 21:49 - 2019-02-08 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Opera Software
2019-02-08 21:49 - 2019-02-08 21:49 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc
2019-02-08 21:48 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\la5jchefohd
2019-02-08 21:48 - 2019-02-08 21:48 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\znnxx0e21dn
2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\DiskWMpower
2019-02-08 21:47 - 2019-02-08 21:47 - 000003756 _____ C:\Windows\System32\Tasks\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}
2019-02-08 21:47 - 2019-02-08 21:47 - 000003626 _____ C:\Windows\System32\Tasks\{CCA8B79B-43C5-96CB-2514-85E1469B3E7C}
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ C:\Users\Thomazing!\AppData\Local\wbem.ini
2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Mozilla
2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-02-08 21:46 - 2019-02-09 00:43 - 000003612 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2019-02-08 21:46 - 2019-02-09 00:43 - 000003290 _____ C:\Windows\System32\Tasks\csrss
2019-02-08 21:46 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\Cta
2019-02-08 21:46 - 2019-02-08 23:16 - 000000000 ____D C:\Program Files (x86)\0qfoy55me3i
2019-02-08 21:46 - 2019-02-08 21:48 - 008019296 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-02-08 21:46 - 2019-02-08 21:48 - 001123400 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ C:\Users\Thomazing!\AppData\Local\Namfresh.bin
2019-02-08 21:46 - 2019-02-08 21:46 - 000621928 _____ (VxDriver) C:\Windows\B62CD2D3FFB1.sys
2019-02-08 21:46 - 2019-02-08 21:46 - 000015602 _____ C:\Windows\SysWOW64\findit.xml
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Opera Software
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Polygens
2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Logic Cramble
2019-02-08 21:45 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ C:\Users\Thomazing!\AppData\Local\sham.db
2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ C:\Users\Thomazing!\AppData\Local\agent.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ C:\Users\Thomazing!\AppData\Local\Silsoning.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ C:\Users\Thomazing!\AppData\Local\Joybam.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ C:\Users\Thomazing!\AppData\Local\installer.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ C:\Users\Thomazing!\AppData\Local\noah.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ C:\Users\Thomazing!\AppData\Local\Config.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000053888 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\TVALZ_O.SYS
2019-02-08 21:45 - 2019-02-08 21:45 - 000045720 _____ (Toshiba Corporation) C:\Windows\system32\Drivers\Thotkey.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000044208 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000035584 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ C:\Users\Thomazing!\AppData\Local\Main.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000017920 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\FwLnk.sys
2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ C:\Users\Thomazing!\AppData\Local\md.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2019-02-08 21:45 - 2019-02-08 21:45 - 000000881 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Synaptics
2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files (x86)\foldershare
2019-02-08 21:44 - 2019-02-08 21:45 - 000000000 ____D C:\ProgramData\VMR6PC5JA6GYC9V0XH3B
2019-02-08 21:44 - 2019-02-08 21:44 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000722672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000528112 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2019-02-08 21:44 - 2019-02-08 21:44 - 000422128 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2019-02-08 21:44 - 2019-02-08 21:44 - 000169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\WinRAR
2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2019-02-08 21:41 - 2019-02-08 21:41 - 003141232 _____ (Alexander Roshal) C:\Users\Thomazing!\Downloads\winrar-x64-57b1.exe
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\WinRAR
2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\VideoLAN
2019-02-08 21:37 - 2019-02-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-02-08 21:35 - 2019-02-08 21:35 - 010627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2019-02-08 21:35 - 2019-02-08 21:35 - 006593816 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004931384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004755784 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 004370016 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 001991936 _____ C:\Windows\system32\iglhxa64.cpa
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\SysWOW64\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\system32\igkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\SysWOW64\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\SysWOW64\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
2019-02-08 21:35 - 2019-02-08 21:35 - 000060254 _____ C:\Windows\system32\iglhxg64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060226 _____ C:\Windows\system32\iglhxc64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000060015 _____ C:\Windows\system32\iglhxo64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000005424 _____ C:\Windows\system32\iglhxs64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000001090 _____ C:\Windows\system32\iglhxa64.vp
2019-02-08 21:35 - 2019-02-08 21:35 - 000000000 ____D C:\Windows\PCHEALTH
2019-02-08 21:34 - 2019-02-08 21:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2019-02-08 21:33 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 __RHD C:\MSOCache
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Microsoft Help
2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2019-02-08 21:26 - 2019-02-08 23:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
2019-02-08 21:26 - 2019-02-08 23:02 - 000000000 ____D C:\Program Files (x86)\Google
2019-02-08 21:26 - 2019-02-08 21:26 - 001136176 _____ (Google Inc.) C:\Users\Thomazing!\Downloads\ChromeSetup.exe
2019-02-08 21:24 - 2019-02-08 21:24 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\MicrosoftEdge
2019-02-07 17:10 - 2019-02-07 17:10 - 000098203 _____ C:\Windows\uninstaller.dat
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-02-09 13:19 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\rescache
2019-02-09 13:16 - 2015-07-10 17:47 - 000000000 ____D C:\Windows\system32\Sysprep
2019-02-09 13:14 - 2015-07-31 06:42 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2019-02-09 00:52 - 2015-07-31 06:40 - 000000000 ____D C:\Windows\INF
2019-02-09 00:43 - 2015-07-31 05:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-09 00:42 - 2015-07-10 17:05 - 000131072 ___SH C:\Windows\system32\config\BBI
2019-02-08 23:59 - 2015-09-10 13:44 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-02-08 22:56 - 2015-07-31 06:25 - 000000000 ____D C:\Windows\CbsTemp
2019-02-08 22:45 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-02-08 22:08 - 2015-07-31 05:49 - 000277768 _____ C:\Windows\system32\FNTCACHE.DAT
2019-02-08 21:46 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\AppReadiness
2019-02-08 21:39 - 2015-07-31 06:42 - 000000000 ___HD C:\Program Files\WindowsApps
2019-02-08 21:34 - 2015-07-31 06:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-02-08 21:33 - 2015-09-10 13:21 - 000000000 ____D C:\Windows\ShellNew
==================== Files in the root of some directories =======
2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ () C:\ProgramData\lock.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ () C:\ProgramData\ts.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Program Files (x86)\iUOI.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000180736 ____N (Microsoft Corporation) C:\Program Files (x86)\OKseaoP.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ () C:\Users\Thomazing!\AppData\Local\agent.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ () C:\Users\Thomazing!\AppData\Local\Config.xml
2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ () C:\Users\Thomazing!\AppData\Local\dump007.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ () C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ () C:\Users\Thomazing!\AppData\Local\installer.dat
1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ () C:\Users\Thomazing!\AppData\Local\Joybam.tst
2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ () C:\Users\Thomazing!\AppData\Local\Main.dat
2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ () C:\Users\Thomazing!\AppData\Local\md.xml
2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ () C:\Users\Thomazing!\AppData\Local\Namfresh.bin
2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ () C:\Users\Thomazing!\AppData\Local\noah.dat
2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ () C:\Users\Thomazing!\AppData\Local\sham.db
2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ () C:\Users\Thomazing!\AppData\Local\Silsoning.tst
2019-02-08 21:46 - 2019-02-08 21:46 - 000032038 _____ () C:\Users\Thomazing!\AppData\Local\uninstall_temp.ico
2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\wbem.ini
Files to move or delete:
====================
C:\Program Files (x86)\Multitimer\Multitimer.exe
C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Some files in TEMP:
====================
2019-02-08 21:46 - 2019-02-08 21:46 - 001527488 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\dbghelp.dll
2019-02-08 21:44 - 2019-02-08 21:47 - 025260414 _____ (TigerTrade ) C:\Users\Thomazing!\AppData\Local\Temp\ezdyyd.exe
2019-02-08 21:45 - 2019-02-08 21:46 - 000672090 _____ (FAZ ) C:\Users\Thomazing!\AppData\Local\Temp\global_installer.exe
2019-02-08 21:44 - 2019-02-08 21:55 - 002892544 _____ (BitTorrent Inc.) C:\Users\Thomazing!\AppData\Local\Temp\IDM_Serial_Number_Crack_Patch_Free_2019_Serial_Keys.exe
2019-02-08 22:22 - 2019-02-09 00:31 - 000000000 ____D () C:\Users\Thomazing!\AppData\Local\Temp\ImagingEngine.dll
2019-02-08 21:46 - 2019-02-08 21:46 - 001385984 _____ (wj32) C:\Users\Thomazing!\AppData\Local\Temp\installer_mi.exe
2019-02-08 21:46 - 2019-02-08 21:48 - 001905784 _____ (Google Inc.) C:\Users\Thomazing!\AppData\Local\Temp\mcasin.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 000375522 _____ ( ) C:\Users\Thomazing!\AppData\Local\Temp\ncyvgt4vxoc.exe
2019-02-08 21:46 - 2019-02-08 21:46 - 000167616 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\symsrv.dll
2019-02-08 21:51 - 2019-02-08 21:47 - 000099906 _____ () C:\Users\Thomazing!\AppData\Local\Temp\Uninstall.exe
2019-02-08 21:44 - 2019-02-08 21:45 - 004500992 _____ () C:\Users\Thomazing!\AppData\Local\Temp\xtex.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully
LastRegBack: 2019-02-09 13:15
==================== End of FRST.txt ============================